A number of errors were discovered by BitSight experts in the popular MV720 GPS tracker of the company MiCODUS, Hacker reports. A total of 6 vulnerabilities were counted, and the tracker itself is used in approximately 1.5 million cars in 169 countries around the world. Including – in the equipment of governments and law enforcement agencies, as well as aerospace and shipping enterprises.
According to BitSight, hacking the tracker allows hackers to track the car, disable the alarm, change the route and even immobilize the car, as well as control the data. For example, one of the vulnerabilities allows sending GPS tracker commands via SMS and running them with administrator rights. Another vulnerability is related to the weak standard password “123456”, which the system does not require to be changed during initial setup, and users leave it in 95% of cases out of 1000 devices. Moreover, errors are related both to the tracker itself and to the web server through which the data is sent.
Car prevalence map with MV720 GPS tracker from MiCODUS. Image: www.bitsight.com
BitSight has repeatedly tried to contact the manufacturer of the tracker, but the vulnerabilities have not yet been fixed. Therefore, BitSight recommends that all MiCODUS MV720 users turn off their devices before the patches are released.