Location tracking services vulnerabilities allow to access unauthorized GPS location data

  • 0
Location tracking services vulnerabilities

Location tracking services vulnerabilities allow to access unauthorized GPS location data

Category : Blog

Location tracking services vulnerabilities allow accessing unauthorized GPS location data. Security scholars have published a testimony on a series of errors that they termed “Trackmageddon” that distress many GPS and location tracking services. These security defects could permit cybercriminals to divulge delicate information on millions of online location tracking devices controlled by vulnerable GPS services.

Location tracking services vulnerabilities

Cybercriminals can use the Trackmageddon defects to uncover statistics such as GPS coordinates, location history, device model and type, serial number, mobile number and maybe private data —depending on the tracking service and device configuration.

They can attain entrance to information by using the default credentials (like “123456”), and uncertain uninterrupted object reference vulnerabilities, which enable an authenticated attacker to access other users’ accounts simply by modifying the value of a parameter in the URL.

The researchers tried to contact the hawkers behind the affected tracking services to informing them of the severity of these security flaws. They have published a list of services who patched or may have patched the vulnerabilities, a list of services still exposing data, and a list of vulnerable devices.

What’s more? On some online services, an unauthorized third party can also access photos and audio recordings uploaded by location tracking devices.

According to the researchers, one of the largest global vendors for GPS tracking devices, ThinkRace, may have been the original developer of the flawed location tracking online service software and seller of licenses to the software.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training


Leave a Reply

Show Buttons
Hide Buttons