‘Life Threatening:’ You Need to Stop Using This Car GPS Right Now

Unpatched safety flaws in a GPS monitoring system produced in China may have dire, “life threatening” implications, based on the researchers who found them. In quick: hackers may observe your automobile in real-time and even disable it whereas it’s nonetheless shifting, the analysis suggests.

The MiCODUS MV720 GPS monitoring gadget, manufactured by the Shenzhen-based agency of the identical identify, has a complete of six software program vulnerabilities that might trigger large bother for a driver if exploited. Probably the worst vulnerability of the bunch (tracked as CVE-2022-2107) is a hardcoded password that’s utilized by all MiCODUS GPS trackers. Cybercriminals who handle to get ahold of this password can log into the corporate’s net server remotely and ship instructions to the GPS gadget through SMS. Through this methodology, researchers declare a hacker may commandeer the gadget, entry “location information, routes, geofences, track locations in real-time,” disarm automobile alarms, and even minimize off the circulate of fuel to the automobile’s engine whereas it’s nonetheless shifting.

The analysis was published by cybersecurity agency BitSight in coordination with the U.S. cybersecurity company CISA, which revealed its personal advisory on the merchandise.

“As of July 18th, 2022, MiCODUS has not provided updates or patches to mitigate these vulnerabilities,” CISA’s announcement concerning the vulnerability reads. “CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities,” it continues, earlier than offering a list of recommendations.

Unfortunately, MiCODUS hasn’t offered any software program patches but. And it’s not completely clear in the event that they’re going to. We reached out to the corporate with a number of requests for remark and can replace this story in the event that they reply.

Though you may simply purchase these gadgets for about $20 from main on-line retailers like Amazon, Ebay, and Alibaba, it’s not completely clear how broadly used they’re within the U.S. BitSight writes that MiCODUS has an “install base of 1.5 million devices across 420,000 customers,” and exhibits that, relating to North America, the monitoring gadgets are most generally utilized in Mexico, Costa Rica, and El Salvador.

“The exploitation of these vulnerabilities could have disastrous and even life-threatening implications,” BitSight researchers write. Indeed, they make the chances sound fairly rattling dangerous:

“…an attacker could exploit some of the vulnerabilities to cut fuel to an entire fleet of commercial or emergency vehicles. Or, the attacker could leverage GPS information to monitor and abruptly stop vehicles on dangerous highways. Attackers could choose to surreptitiously track individuals or demand ransom payments to return disabled vehicles to working condition. There are many possible scenarios which could result in loss of life, property damage, privacy intrusions, and threaten national security.”

Yeah, none of that sounds notably good, so I’m positive you’d like to know easy methods to repair these flaws—ought to they have an effect on you.