logo
 
  1. IT-Security >
  2. Cyber Security Nachrichten >
  3. 2 Years Later, Security Holes Linger In GPS Services Used By Millions of Devices


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

➤ 2 Years Later, Security Holes Linger In GPS Services Used By Millions of Devices

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: yro.slashdot.org Direktlink öffnen Nachrichten Bewertung

chicksdaddy quotes a report from The Security Ledger: Security researchers say that serious security vulnerabilities linger in a GPS software by the China-based firm ThinkRace more than two years after the hole was discovered and reported to the firm, The Security Ledger reports. Data including a GPS enabled device's location, serial number, assigned phone number and model and type of device can be accessed by any user with access to the GPS service. In some cases, other information is available including the device's location history going back 1 week. In some cases, malicious actors could also send commands to the device via SMS including those used to activate or deactivate GEO fencing alarms features, such as those used on child-tracking devices. The vulnerabilities affect hundreds of thousands of connected devices that use the GPS services, from smart watches, to vehicle GPS trackers, fitness trackers, pet trackers and more. At issue are security holes in back-end GPS tracking services that go by names like amber360.com, kiddo-track.com, carzongps.com and tourrun.net, according to Michael Gruhn, an independent security researcher who noted the insecure behavior in a location tracker he acquired and has helped raise awareness of the widespread flaws. Working with researcher Vangelis Stykas, Gruhn discovered scores of seemingly identical GPS services, many of which have little security, allowing low-skill hackers to directly access data on GPS tracking devices. Alas, news about the security holes is not new. In fact, the security holes in ThinkRace's GPS services are identical to those discovered by New Zealand researcher Lachlan Temple in 2015 and publicly disclosed at the time. Temple's research focused on one type of device: a portable GPS tracker that plugged into a vehicle's On Board Diagnostic (or OBD) port. However, Stykas and Gruhn say that they have discovered the same holes spread across a much wider range of APIs (application program interfaces) and services linked to ThinkRace.

Read more of this story at Slashdot.

...

➥ Externe Webseite mit kompletten Inhalt öffnen

Kommentiere zu 2 Years Later, Security Holes Linger In GPS Services Used By Millions of Devices






➤ Ähnliche Beiträge

  • 1.

    Azure Marketplace new offers – Volume 26

    vom 451.71 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. During September and October, 149 new consulting offers successfully met the onboarding criteria and went live. See details of the new offers below: Consulting Services   1-Day Big D
  • 2.

    Azure Marketplace new offers – Volume 26

    vom 451.71 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. During September and October, 149 new consulting offers successfully met the onboarding criteria and went live. See details of the new offers below: Consulting Services   1-Day Big D
  • 3.

    2 Years Later, Security Holes Linger In GPS Services Used By Millions of Devices

    vom 397.2 Punkte ic_school_black_18dp
    chicksdaddy quotes a report from The Security Ledger: Security researchers say that serious security vulnerabilities linger in a GPS software by the China-based firm ThinkRace more than two years after the hole was discovered and reported to the firm,
  • 4.

    Azure Marketplace new offers – Volume 28

    vom 359.89 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. From November 17 to November 30, 2018, 80 new offers successfully met the onboarding criteria and went live. See details of the new offers below: Virtual machines CloudflareA
  • 5.

    Sparrow-Wifi - Next-Gen GUI-based WiFi And Bluetooth Analyzer For Linux

    vom 342.26 Punkte ic_school_black_18dp
    Sparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on linux. In i
  • 6.

    Azure Marketplace new offers – Volume 27

    vom 235.09 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. From November 1 to November 16, 2018, 61 new offers successfully met the onboarding criteria and went live. See details of the new offers below: Virtual machines CIS Ubuntu
  • 7.

    TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

    vom 187.62 Punkte ic_school_black_18dp
    Original release date: April 16, 2018Systems Affected Generic Routing Encapsulation (GRE) Enabled DevicesCisco Smart Install (SMI) Enabled DevicesSimple Network Management Protocol (SNMP) Enabled Network DevicesOverview This joint Technical Alert (TA) is the result of analy
  • 8.

    600,000 GPS Trackers Exposing Users Real Time Location

    vom 126.35 Punkte ic_school_black_18dp
    Security Flaw found in 600,000 GPS Trackers Exposing Users Data and Real Time Location. The GPS trackers have same default password of 123456. Mostly... The post 600,000 GPS Trackers Exposing Users Real Time Location appeared first on HackersOnlineClub.
  • 9.

    What’s New in Android: Q Beta 3 & More

    vom 124.23 Punkte ic_school_black_18dp
    Posted by Dave Burke, VP, Engineering Today Android is celebrating two amazing milestones. It’s Android’s version 10! And today, Android is running on more than 2.5B active Android devices. With Android Q, we’ve focused on three themes: innovation, security and privacy, and digital wellbeing. We want to he
  • 10.

    TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

    vom 122.75 Punkte ic_school_black_18dp
    Original release date: March 15, 2018Systems Affected Domain ControllersFile ServersEmail ServersOverview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bu
  • 11.

    AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide

    vom 121.16 Punkte ic_school_black_18dp
    Original release date: October 11, 2018Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5] In it we highlight the use of five publicly
  • 12.

    MOTOsafety Tracking Device

    vom 114.62 Punkte ic_school_black_18dp
    MOTOsafety Vehicle GPS Tracking Device 4/5 - Geofencing - Custom alerts - Regular driving reports MOTOsafety Pros and Cons MOTOsafety is geared towards teens and their parents, but it’s a helpful device for tracking any driver or vehicle. Delivery dr