Some of Our Sources
- Simplebits
- TutsPlus - Code
- The Logo Smith
- Creative Curio
- FanExtra - PSD
- Fudge Graphics
- Web Design Ledger
- CSS Globe
- Codrops
- Daily Now
Help Webnuz
Referal links:
September 5, 2019 10:03 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/aOsBd12RazY/600000-gps-trackers-left-exposed-online-with-a-default-password-of-123456
600,000 GPS Trackers Left Exposed Online With a Default Password of '123456'
According to Avast security researchers, over 600,000 GPS trackers manufactured by a Chinese company are using the same default password of "123456. "They say that hackers can abuse this password to hijack users' accounts, from where they can spy on conversations near the GPS tracker, spoof the tracker's real location, or get the tracker's attached SIM card phone number for tracking via GSM channels," reports BleepingComputer. From the report: Avast researchers said they found these issues in T8 Mini, a GPS tracker manufactured by Shenzhen i365-Tech, a Chinese IoT device maker. However, as their research advanced, Avast said the issues also impacted over 30 other models of GPS trackers, all manufactured by the same vendor, and some even sold as white-label products, bearing the logos of other companies. All models shared the same backend infrastructure, which consisted of a cloud server to which GPS trackers reported, a web panel where customers logged in via their browsers to check the tracker's location, and a similar mobile app, which also connected to the same cloud server. But all this infrastructure was full of holes. While Avast detailed several issues in its report, the biggest was the fact that all user accounts (either from the mobile app or web panel) relied on a user ID and a password that were easy to guess. The user IDs were based on the GPS tracker's IMEI (International Mobile Equipment Identity) code and was sequential, while the password was the same for all devices -- 123456. This means that a hacker can launch automated attacks against Shenzhen i365-Tech's cloud server by going through all user ID's one by one, and using the same 123456 password, and take over users' accounts. While users can change the default after they log into their account for the first time, Avast said that during a scan of over four million user IDs, it found that more than 600,000 accounts were still using the default password.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/aOsBd12RazY/600000-gps-trackers-left-exposed-online-with-a-default-password-of-123456
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot