hhhh
Newsletter
Magazine Store
Home

>>

Technology

>>

Cyber security

>>

Trackmageddon Affecting Hundre...

CYBER SECURITY

Trackmageddon Affecting Hundreds of GPS Location Tracking Services

Trackmageddon Affecting Hundreds of GPS Location Tracking Services
The Silicon Review
05 January, 2018

Recently, two information security researchers, Vangelis Stykas and Michael Gruhn have discovered series of faults with numerous vulnerable GPS services using open APIs and trivial passwords. The series of vulnerabilities on the GPS services have compromised numerous GPS and location tracking services. Named as "Trackmageddon" by the security researchers, the vulnerability has enabled attackers across the world to expose a huge bundle of sensitive data on millions of online location tracking devices managed by vulnerable GPS services.

All these vulnerable GPS tracking services are basic databases that collect geolocation data from users’ GPS devices and these data are collected on a per-device basis.

According to Vangelis and Michael, a hacker could get hold of all the collection of flaws they discovered to collect geolocation data from the users of those vulnerable GPS services. The flaws in the devices range from easily guessable default passwords to exposed folders, and from unsecured API endpoints to insecure direct object reference (IDOR) flaws.

“A hacker can use the Trackmageddon vulnerabilities to extract data such as GPS coordinates, phone numbers, device data and possibly personal data —depending on the tracking service and device configuration,” said Vangelis and Michael.

What’s more to it? 

By exploiting these flaws, an unauthorized third party or hacker can also access photos and audio recordings uploaded by location tracking devices.

The duo said they are trying to contact all the potentially affected vendors behind Trackmageddon for warning them of the severity of the vulnerabilities. Also, the two researchers believe that one of the biggest global vendors of GPS devices, ThinkRace, might be the original creator of the flawed location tracking service software.

“We understand that only a vendor can fix and remove user’s location history from the pwned services but we judge the risk of these vulnerabilities being exploited against live location tracking devices much higher than the risk of historical data being exposed.”

MOST VIEWED ARTICLES

How To Start A College Essay About Yourself

Pitch Perfect: The Best Soccer Fields and Facilities in the MLS

How Webflow Development Can Revolutionize Your Marketing Strategy

Embracing Digital Transformation in Manufacturing and Inventory Management

EdTech Startups: Transforming Learning with Innovative Solutions

RECOMMENDED NEWS

AI titan Nvidia Chinese auto giants

AI titan Nvidia ramped up the collaboration w..
Interos One-Size-Fits-All Resilience Watchtower™

Interos ended One-Size-Fits-All supply chain ..
Aerospacelab Xona Space’s first navigation satellite

Aerospacelab was appointed to build Xona Spac..
DNX Ventures new Japan funds

DNX Ventures announced final close of new Jap..
Cohort announced for ScreenCraft Works cross-border mentoring programme

Cohort announced for ScreenCraft Works cross-..
U.S. Travel Executive Board Governance Committee

U.S. Travel announced new appointees to Execu..
Axis Bank US Dollar Fixed Deposits

Axis Bank launched digital US Dollar Fixed De..
Dolce&Gabbana first real estate project

Dolce&Gabbana unveiled details of its fir..
GeeTest

TOP NEWS

ASG expanded by opening a London office

Alternus Clean Energy and Acadia Energy partnered to develop 200 MW Microgrid Projects

US Science Agency debuted startup matchmaking program in Taiwan

Dallas’ Welker Properties launched Prophet Homes, aims to raise $100M with new fund

Joint EU-US-Armenia high level meeting happened in support of Armenia's resilience

YOU MAY ALSO LIKE

PUMA Studio announced opening in LA to create products and campaigns

Efficiency Redefined: Driving the Ford Lease Advantage

TotalEnergies expanded its Natural Gas production in Texas

Altice’s Patrick Drahi acquired Sotheby’s Auction House for $3.7 Billion

Mastercard and SAP Concur partnered to revolutionise expense management
GeeTest Protects Your Business From Hacking
ready to Protects Your website, mobile app, and api from bot threats
NOMINATE YOUR COMPANY NOW AND GET 10% OFF