Location tracking services vulnerabilities allow accessing unauthorized GPS location data. Security scholars have published a testimony on a series of errors that they termed “Trackmageddon” that distress many GPS and location tracking services. These security defects could permit cybercriminals to divulge delicate information on millions of online location tracking devices controlled by vulnerable GPS services.
Cybercriminals can use the Trackmageddon defects to uncover statistics such as GPS coordinates, location history, device model and type, serial number, mobile number and maybe private data —depending on the tracking service and device configuration.
They can attain entrance to information by using the default credentials (like “123456”), and uncertain uninterrupted object reference vulnerabilities, which enable an authenticated attacker to access other users’ accounts simply by modifying the value of a parameter in the URL.
The researchers tried to contact the hawkers behind the affected tracking services to informing them of the severity of these security flaws. They have published a list of services who patched or may have patched the vulnerabilities, a list of services still exposing data, and a list of vulnerable devices.
What’s more? On some online services, an unauthorized third party can also access photos and audio recordings uploaded by location tracking devices.
According to the researchers, one of the largest global vendors for GPS tracking devices, ThinkRace, may have been the original developer of the flawed location tracking online service software and seller of licenses to the software.
Most Popular Training Courses at Indian Cyber Security Solutions
Summer Training for CSE, IT, BCA & MCA Students
Network Penetration Tester Training
Diploma in Web Application Security
Certified Web Application Penetration Tester