Security flaws in a popular GPS module could allow hackers to track vehicles

Millions of vehicles worldwide could be vulnerable to remote tracking and sabotage due to vulnerabilities in a popular GPS module sold on Amazon and other online marketplaces. On Tuesday, cybersecurity firm BitSight found six “serious” vulnerabilities in the MV720, a hardwired GPS tracker made by Chinese electronics maker Micodus. According to BitSight, the vulnerabilities are “not difficult to exploit” and may not be isolated to one device.

Micodus did not respond to communication attempts from BitSight and the US Cybersecurity and Infrastructure Security Agency (CISA), meaning the company has made no efforts to patch the vulnerabilities and there are no known workarounds. Two of the six deficiencies are “critical” in nature. The most urgent is a hard-coded password that an attacker could use to send SMS commands to the MV720. Someone could use this ability to track a vehicle’s real-time location and remotely cut off its fuel supply.

The number of MV720 trackers in the wild is difficult to say. According to BitSight, around 1.5 million Micodeus devices are in use in 169 countries. In particular, the company noted that Ukraine had the most Micodus trackers of any European country. Evidence of use by at least five Fortune 50 companies, a US state government, and a military in South America has also been found. A BitSight spokesperson There are probably “thousands” of Micodus devices in use in the United States. CISA says affected vehicle owners should remove the tracker from their cars as soon as possible.

All products recommended by Engadget are selected by our editorial team independently from our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may receive an affiliate commission. Security flaws in a popular GPS module could allow hackers to track vehicles

Russell Falcon is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Related Articles

Back to top button