An Interest In:
Web News this Week
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
- April 19, 2024
- April 18, 2024
Some of Our Sources
- TutsPlus - Code
- Team Treehouse
- Just Creative
- Smashing Magazine
- Vandelay Design
- Web Designer Depot
- Naldz Graphics
- FanExtra - PSD
- Reencoded
- Dev To
Help Webnuz
Referal links:
January 4, 2018 12:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/4CTnNgKS1N4/2-years-later-security-holes-linger-in-gps-services-used-by-millions-of-devices
2 Years Later, Security Holes Linger In GPS Services Used By Millions of Devices
chicksdaddy quotes a report from The Security Ledger: Security researchers say that serious security vulnerabilities linger in GPS software by the China-based firm ThinkRace more than two years after the hole was discovered and reported to the firm, The Security Ledger reports. Data including a GPS enabled device's location, serial number, assigned phone number and model and type of device can be accessed by any user with access to the GPS service. In some cases, other information is available including the device's location history going back 1 week. In some cases, malicious actors could also send commands to the device via SMS including those used to activate or deactivate GEO fencing alarms features, such as those used on child-tracking devices. The vulnerabilities affect hundreds of thousands of connected devices that use the GPS services, from smart watches, to vehicle GPS trackers, fitness trackers, pet trackers and more. At issue are security holes in back-end GPS tracking services that go by names like amber360.com, kiddo-track.com, carzongps.com and tourrun.net, according to Michael Gruhn, an independent security researcher who noted the insecure behavior in a location tracker he acquired and has helped raise awareness of the widespread flaws. Working with researcher Vangelis Stykas, Gruhn discovered scores of seemingly identical GPS services, many of which have little security, allowing low-skill hackers to directly access data on GPS tracking devices. Alas, news about the security holes is not new. In fact, the security holes in ThinkRace's GPS services are identical to those discovered by New Zealand researcher Lachlan Temple in 2015 and publicly disclosed at the time. Temple's research focused on one type of device: a portable GPS tracker that plugged into a vehicle's On Board Diagnostic (or OBD) port. However, Stykas and Gruhn say that they have discovered the same holes spread across a much wider range of APIs (application program interfaces) and services linked to ThinkRace.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/4CTnNgKS1N4/2-years-later-security-holes-linger-in-gps-services-used-by-millions-of-devices
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot