Researchers Show Popular GPS Tracker Is Vulnerable to Hackers GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Internet & Security

Researchers Show Popular GPS Tracker Is Vulnerable to Hackers

Tip of the iceberg

By Mayank Sharma Mayank Sharma Freelance Tech News Reporter Writer, Reviewer, Reporter with decades of experience of breaking down complex tech, and getting behind the news to help readers get to grips with the latest buzzwords. lifewire's editorial guidelines Published on July 22, 2022 01:00PM EDT Fact checked by Jerri Ledford Fact checked by Jerri Ledford Western Kentucky University Gulf Coast Community College Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming Researchers have discovered critical vulnerabilities in a popular GPS tracker used in millions of vehicles.The bugs remain unpatched since the manufacturer has failed to engage with the researchers and even the Cybersecurity and Infrastructure Security Agency (CISA).This is just a physical manifestation of an issue underlying the entire smart device ecosystem, suggest security experts. Johner Images / Getty Images Security researchers have uncovered serious vulnerabilities in a popular GPS tracker that's used in over a million vehicles around the world. According to the researchers with security vendor BitSight, if exploited, the six vulnerabilities in the MiCODUS MV720 vehicle GPS tracker could enable threat actors to access and control the functions of the device, including tracking the vehicle or cutting off its fuel supply. While security experts have voiced concern about the lax security in smart, internet-enabled devices overall, the BitSight research is particularly worrisome for both our privacy and safety. “Unfortunately, these vulnerabilities are not difficult to exploit,” noted Pedro Umbelino, principal security researcher at BitSight, in a press release. “Basic flaws in this vendor's overall system architecture raise significant questions about the vulnerability of other models."

Remote Control

In the report, BitSight says it zeroed in on the MV720 since it was the company’s least expensive model that offers anti-theft, fuel cut-off, remote control, and geofencing capabilities. The cellular-enabled tracker uses a SIM card to transmit its status and location updates to supporting servers and is designed to receive commands from its legitimate owners via SMS. BitSight claims it discovered the vulnerabilities without much effort. It even developed proof of concept (PoCs) code for five of the flaws in order to demonstrate that the vulnerabilities can be exploited in the wild by bad actors. zhenghua zhuhai China / Getty Images And it’s not just individuals who could be affected. The trackers are popular with companies as well as with government, military, and law enforcement agencies. This led the researchers to share their research with the CISA after it failed to elicit a positive response from the Shenzhen, China-based manufacturer and supplier of automotive electronics and accessories. After the CISA also failed to get a response from MiCODUS, the agency took it upon itself to add the bugs to the Common Vulnerabilities and Exposures (CVE) list and assigned them a Common Vulnerability Scoring System (CVSS) score, with a couple of them earning a critical severity score of 9.8 out of 10. The exploitation of these vulnerabilities would allow for many possible attack scenarios, which could have “disastrous and even life-threatening implications,” note the researchers in the report.

Cheap Thrills

The easily exploitable GPS tracker highlights many of the risks with the current generation of Internet of Things (IoT) devices, note the researchers. Roger Grimes, data-driven defense evangelist at cybersecurity firm KnowBe4, opines that one of the big problems of any IoT device that tracks someone is privacy. "Put a web camera in your home for security purposes, and you can't be assured it won't track you during times when you thought you had privacy," Grimes told Lifewire over email. “Your cell phone can be compromised to record your conversations. Your laptop's webcam can be turned on to record you and your meetings. And your car's GPS tracking device can be used to find specific employees and disable vehicles.” The researchers note that currently, the MiCODUS MV720 GPS tracker remains vulnerable to the mentioned flaws since the vendor hasn’t made a fix available. Owing to this, BitSight recommends that anyone using this GPS tracker disable it until a fix is made available. Building on this, Grimes explains patching presents another problem, as it's particularly difficult to install software fixes on IoT devices. “If you think it's hard to patch regular software, it's ten times as hard to patch IoT devices,” said Grimes. In an ideal world, all IoT devices would have auto-patching in order to install any updates automatically. But unfortunately, Grimes points out most IoT devices require people to manually update them, jumping through all kinds of hoops such as using an inconvenient physical connection. "I'd speculate that 90% of vulnerable GPS tracking devices will remain vulnerable and exploitable if and when the vendor actually decides to fix them,” said Grimes. “IoT devices are full of vulnerabilities, and this will not change going into the future no matter how many of these stories come out.” Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire How to Find a Hidden GPS Tracker on Your Car The 9 Best Car GPS Trackers of 2022 by Lifewire What are Car GPS Trackers and How Do They Work? PrimeTracking Personal GPS Tracker Review: A Compact Solution for Keeping Tabs on Your Belongings Vyncs Link Review: Solid Tracker With Confusing Subscription Plans Bouncie Driving Connected Review: A Simple and Affordable GPS Tracker The 5 Best GPS Trackers for Hiking, Cars and More in 2022 The 7 Best Handheld GPS Trackers of 2022 Passive vs. Active GPS Antennas Why the Internet Is Vulnerable to Outages Microsoft Windows XP on New Computers Apple Releases New Security Updates for iOS and macOS Apple Watch Doesn’t Use Mail Privacy Protection You Should Update or Replace Your Wyze Security Camera Hardware With Built-In Security Could Be More Secure Than Software, Experts Say Yes, Your Honda May Be At Risk Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies