1. IT-Security >
  2. Cyber Security Nachrichten >
  3. 2 Years Later, Security Holes Linger In GPS Services Used By Millions of Devices


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

2 Years Later, Security Holes Linger In GPS Services Used By Millions of Devices

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: yro.slashdot.org Direktlink öffnen

chicksdaddy quotes a report from The Security Ledger: Security researchers say that serious security vulnerabilities linger in a GPS software by the China-based firm ThinkRace more than two years after the hole was discovered and reported to the firm, The Security Ledger reports. Data including a GPS enabled device's location, serial number, assigned phone number and model and type of device can be accessed by any user with access to the GPS service. In some cases, other information is available including the device's location history going back 1 week. In some cases, malicious actors could also send commands to the device via SMS including those used to activate or deactivate GEO fencing alarms features, such as those used on child-tracking devices. The vulnerabilities affect hundreds of thousands of connected devices that use the GPS services, from smart watches, to vehicle GPS trackers, fitness trackers, pet trackers and more. At issue are security holes in back-end GPS tracking services that go by names like amber360.com, kiddo-track.com, carzongps.com and tourrun.net, according to Michael Gruhn, an independent security researcher who noted the insecure behavior in a location tracker he acquired and has helped raise awareness of the widespread flaws. Working with researcher Vangelis Stykas, Gruhn discovered scores of seemingly identical GPS services, many of which have little security, allowing low-skill hackers to directly access data on GPS tracking devices. Alas, news about the security holes is not new. In fact, the security holes in ThinkRace's GPS services are identical to those discovered by New Zealand researcher Lachlan Temple in 2015 and publicly disclosed at the time. Temple's research focused on one type of device: a portable GPS tracker that plugged into a vehicle's On Board Diagnostic (or OBD) port. However, Stykas and Gruhn say that they have discovered the same holes spread across a much wider range of APIs (application program interfaces) and services linked to ThinkRace.

Read more of this story at Slashdot.

...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu 2 Years Later, Security Holes Linger In GPS Services Used By Millions of Devices






Ähnliche Beiträge

  • 1. Azure Marketplace new offers – Volume 26 vom 485.92 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. During September and October, 149 new consulting offers successfully met the onboarding criteria and went live. See details of the new offers below: Consulting Services   1-Day Big Da
  • 2. Azure Marketplace new offers – Volume 26 vom 485.92 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. During September and October, 149 new consulting offers successfully met the onboarding criteria and went live. See details of the new offers below: Consulting Services   1-Day Big Da
  • 3. 2 Years Later, Security Holes Linger In GPS Services Used By Millions of Devices vom 391.56 Punkte ic_school_black_18dp
    chicksdaddy quotes a report from The Security Ledger: Security researchers say that serious security vulnerabilities linger in a GPS software by the China-based firm ThinkRace more than two years after the hole was discovered and reported to the firm,
  • 4. Azure Marketplace new offers – Volume 28 vom 386.86 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. From November 17 to November 30, 2018, 80 new offers successfully met the onboarding criteria and went live. See details of the new offers below: Virtual machines CloudflareAz
  • 5. Azure Marketplace new offers – Volume 27 vom 252.08 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. From November 1 to November 16, 2018, 61 new offers successfully met the onboarding criteria and went live. See details of the new offers below: Virtual machines CIS Ubuntu L
  • 6. TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices vom 196.02 Punkte ic_school_black_18dp
    Original release date: April 16, 2018Systems Affected Generic Routing Encapsulation (GRE) Enabled DevicesCisco Smart Install (SMI) Enabled DevicesSimple Network Management Protocol (SNMP) Enabled Network DevicesOverview This joint Technical Alert (TA) is the result of analyt
  • 7. TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors vom 132.98 Punkte ic_school_black_18dp
    Original release date: March 15, 2018Systems Affected Domain ControllersFile ServersEmail ServersOverview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bur
  • 8. AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide vom 130.96 Punkte ic_school_black_18dp
    Original release date: October 11, 2018Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5] In it we highlight the use of five publicly a
  • 9. What’s New in Android: Q Beta 3 & More vom 128.19 Punkte ic_school_black_18dp
    Posted by Dave Burke, VP, Engineering Today Android is celebrating two amazing milestones. It’s Android’s version 10! And today, Android is running on more than 2.5B active Android devices. With Android Q, we’ve focused on three themes: innovation, security and privacy, and digital wellbeing. We want to hel
  • 10. What’s New in Android: Q Beta 3 & More vom 128.19 Punkte ic_school_black_18dp
    Posted by Dave Burke, VP, Engineering Today Android is celebrating two amazing milestones. It’s Android’s version 10! And today, Android is running on more than 2.5B active Android devices. With Android Q, we’ve focused on three themes: innovation, security and privacy, and digital wellbeing. We want to hel
  • 11. USN-3415-1: tcpdump vulnerabilities vom 110.51 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3415-1 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed
  • 12. USN-3415-2: tcpdump vulnerabilities vom 110.51 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3415-2 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in tcpdump Software description tcpdump