BOSTON ( Associated Press) — A popular GPS car tracker made in China and used by individuals, government agencies and businesses in 169 countries has serious software vulnerabilities, potentially threatening life and limb, national security and supply chains, according to the US Cyber security researchers warn.
A report by Boston-based cybersecurity firm BitSight says the flaw could allow attackers to remotely hijack vehicles equipped with such devices, where they can cut off their fuel tank supply and control while on the move. can.
The researchers recommend that users disable the MV720 tracker immediately until a fix becomes available. The report, released on Tuesday with a warning from the US Cyber Security and Infrastructure Security Agency (CISA), listed five vulnerabilities.
BitSight said it has tried unsuccessfully for months to involve the manufacturer — Shenzhen-based Microdus — in discussions about the vulnerabilities. He said that he has been trying since September last year and CISA joined at the end of April. The Associated Press called and emailed the company, but did not receive a response. The person who answered the phone number listed on your website was unable to answer in English.
In a statement, CISA says it is not aware of “any active exploitation” of the vulnerabilities.
GPS trackers are used around the world to monitor fleets of vehicles, from trucks to school buses to military vehicles, even to protect against theft. In addition to collecting data on vehicle location, they can also monitor other metrics, such as driver behavior and fuel usage. Via remote access, many are wired in ways that can turn off a vehicle’s fuel or alarm, lock or unlock its doors, and more.
Using the MV720, which Bitsight says costs less than $25 per unit, a malicious user can remotely cut off a moving vehicle’s fuel supply, capturing the vehicle’s real-time location for espionage purposes. Can learn, or intercept and manipulate space or others. For operations to sabotage the data, warned Pedro Umbellino, BitSight’s lead researcher on the project.