Bitsight security researchers have discovered six dangerous vulnerabilities in the MiCODUS MV720 GPS tracker. According to them, the tracker is mainly used in cars worldwide. The manufacturer should not react to the gaps. The US government is now warning against the use of the tracker.
According to a report, the tracker is to be used in vehicles belonging to governments, military institutions and law enforcement agencies, among other things. There it serves primarily as an anti-theft device. According to the researchers, you can also use it to stop cars or even cut off the fuel supply. This could lead to life-threatening situations on a busy motorway, for example. The tracking of vehicles is also conceivable. Attackers could hook into connections as a man-in-the-middle.
In a warning, the Cybersecurity & Infrastructure Security Agency (CISA) classifies the risk as “critical” a. Remote attackers could gain access based on, for example, hard-coded access data. For example, they should be able to send commands packaged in SMS messages directly to the GPS tracker.
The security researchers state that they first contacted the manufacturer in September 2021. Since then, contact has been said to be very difficult. In October, the manufacturer reportedly said it was working on the problem. However, no security patches have been released to date.
Stop using trackers
The researchers assume that other trackers from the manufacturer will be affected by gaps. MiCODUS states that their trackers are used in 1.5 million devices by 420,000 customers. Among them are also customers from Germany. The report does not indicate who is specifically affected.
For security reasons, users should deactivate the tracker until security updates are released. The researchers do not explain exactly how this works.
To home page