The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations.
βSuccessful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control of the global positioning system tracker,β CISA said. βThese vulnerabilities could impact access to a vehicle fuel supply, vehicle control, or allow locational surveillance of vehicles in which the device is installed.β
Available on sale for $20 and manufactured by the China-based MiCODUS, the companyβs tracking devices are employed by major organizations in 169 countries spanning aerospace, energy, engineering, government, manufacturing, nuclear power plant, and shipping sectors.
The top countries with the most users include Chile, Australia, Mexico, Ukraine, Russia, Morocco, Venezuela, Brazil, Poland, Italy, Indonesia, Uzbekistan, and South Africa.
The issues, which were identified during the course of a security audit by BitSight, could also be potentially abused to track individuals without their knowledge, disable vehicles, and even pose national security implications in light of the fact that militaries and law enforcement agencies use the trackers for real-time monitoring.
βA nation-state adversary could potentially exploit the trackerβs vulnerabilities to gather intelligence on military-related movements including supply routes, regular troop movements, and recurring patrols,β BitSight researchers pointed out.
The list of flaws that were disclosed to MiCODUS in September 2021 is below -
In a nutshell, the flaws could be weaponized to obtain access to location, routes, fuel cutoff commands as well as the ability to disarm various features such as alarms.
But with no workaround in sight, users of the GPS tracker in question are advised to take steps to minimize exposure or alternatively cease using the devices and disable them altogether until a fix is made available by the company.
βHaving a centralized dashboard to monitor GPS trackers with the ability to enable or disable a vehicle, monitor speed, routes and leverage other features is useful to many individuals and organizations,β the researchers said. βHowever, such functionality can introduce serious security risks.β
Found this article interesting? Follow THN on Facebook, Twitter ο and LinkedIn to read more exclusive content we post.