55 matches found
CVE-2016-6540
The CVE-2016-6540 issue concerns TrackR Bravo’s cloud service where an unauthenticated attacker can query or send GPS data for any TrackR device by using a tracker ID. The tracker ID can be discovered via CVE-2016-6539, which describes the device ID construction and proximity-based exposure of th...
CVE-2016-6540 TrackR Bravo is missing authentication for the cloud service and allows querying or sending of GPS data from unauthenticated users
Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been...
Simple Security Flaws Could Steer Ships Off Course
A proof-of-concept attack could cause ships to dangerously veer off course, and it all stems from simple security issues, including the failure to change default passwords or segment networks. Researcher Ken Munro, with Pen Test Partners, on Monday showed how the attack could work and how it’s...
Hacking Serial Networks on Ships
Three different ways to intercept and modify serial data on ship networks. The serial data that controls steering, engine control and so much more on board ship… How-to Vessels typically have two distinct networks on board; one IP/ethernet network for business systems, crew mail & web browsing an...
Milwaukee ONE-KEY Android mobile application trust management vulnerability
Milwaukee ONE-KEY Android mobile application is an automation tool control program based on the Android platform from Milwaukee Tool. A security vulnerability exists in the Milwaukee ONE-KEY Android mobile application, which originates from the program storing the master token in plaintext in the...
CVE-2017-5239
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle MitM listener...
iTrack Easy Device Tracking Vulnerability
The iTrack Easy is a versatile Bluetooth device. The iTrack EasyMAC/device ID can be registered for use by multiple users, allowing a remote attacker to exploit the vulnerability by submitting a special request to access getgps GPS data to track the device...
Connected Cars' Cybersecurity Falls Short
As automakers rush to market connected cars to feed drivers hungry for collision avoidance systems and self-parking features, security experts are urging the industry to pump its brakes and prioritize the their cars’ cyber defenses. In a report released Tuesday by IDC and the security firm...
Nissan Car Hack Allowed Remote Access To Car
Automaker Nissan deactivated a remote access feature that let owners of its Leaf electric car remotely adjust climate controls and check battery status via a smartphone app. The move comes after a security researcher posted his finding regarding a simple hack that allowed anyone with the right Le...
[SECURITY] Fedora 19 Update: gypsy-0.9-1.fc19
Gypsy is a GPS multiplexing daemon which allows multiple clients to access GPS data from multiple GPS sources concurrently...
Ubuntu 12.04 LTS : gpsd vulnerability (USN-1820-1)
It was discovered that gpsd incorrectly handled certain malformed GPS data. An attacker could use this issue to cause gpsd to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from...
USN-1820-1: gpsd vulnerability
It was discovered that gpsd incorrectly handled certain malformed GPS data. An attacker could use this issue to cause gpsd to crash, resulting in a denial of service, or possibly execute arbitrary code...
Google+ Knows Where You Live!
Much like geolocation services Foursquare, Gowalla and Facebook, Google+ is counting on your desire to share what you’re doing wherever you are. Accordingly, Google+ allows you to geotag content, such as photos, that you upload. This is a great feature. But, as Threatpost has reported, geolocatio...
[SECURITY] Fedora 14 Update: gipfel-0.3.2-7.fc14
gipfel is a tool to find the names of mountains or points of interest on a picture. It uses a database containing names and GPS data. With the given viewpoint the point from which the picture was taken and two known mountains on the picture, it can compute all parameters needed to compute the...
[Full-Disclosure] DMA[2005-0125a] - 'berlios gpsd format string vulnerability'
DMA2005-0125a - 'berlios gpsd remake of pygps format string vulnerability' Author: Kevin Finisterre Vendor: http://gpsd.berlios.de, http://www.pygps.org Product: 'gpsd' References: http://www.digitalmunition.com/DMA2005-0125a.txt Description: gpsd is a service daemon that monitors a GPS attached ...