Outdated GPS flaws could allow hackers to disrupt vehicles from afar

July 27, 2022
Outdated GPS Flaws Vulnerability Hackers Service Disruption Vehicles

CISA published a new advisory regarding the outdated security flaws in MiCODUS MV720 Global Positioning System (GPS) trackers included in more than one and a half million vehicles. This bug could potentially result in a remote disruption of vehicle operation that could result in accidents.

According to the researchers, successfully abusing these critical vulnerabilities could enable a threat actor to access and take over the global positioning systems included in the trackers.

These exploits could also affect a vehicle through fuel supply and control. However, the most threatening impact of this abuse is that it can enable locational surveillance in the vehicles in which a compromised device exists.

 

The flawed GPS is surprisingly cheap than other brands.

 

Manufacturers sell this GPS tracking device for a low price of $20. The manufacturer is in China, where the company’s tracking devices are used by numerous significant entities in nearly 200 countries.

Most of the entities that employed this tracking device belonged to the essential firms such as the energy sector, aerospace, engineering department, manufacturing, power plant, government, and shipping sectors.

The primary countries with the highest users are Australia, Mexico, Russia, Ukraine, Venezuela, Brazil, Uzbekistan, South Africa, Italy, Indonesia, Chile, and Poland.

Based on reports, the cybersecurity issue was spotted by researchers after a security team executed a security overhaul. The tracker issue could also be very problematic to many individuals since an attacker can track certain people without their consent.

Furthermore, the flaw can evolve into a national security implication since armies, military vehicles, and law enforcement agencies utilise the trackers for on-the-go monitoring. There is a high chance that the flaw could be weaponised to acquire access to location, fuel cutoff commands, routes, GPS, and the capability to deactivate various functions, especially alarms.

As of now, there is zero proof of malicious exploitation from known hackers. However, experts still warn GPS tracker users to minimise the utilisation of such features or look for alternative models.

The only way for this tracker to still be viable is if its users patch the flaw while there are no malicious entities that abuse them.

About the author

Leave a Reply