GPS Trackers Security Flaws: Half Million+ Children’s Location Exposed


An estimated 600,000 GPS tracking devices for sale on Amazon and other large online merchants for $25–$50 have been found susceptible to vulnerabilities that have exposed user’s real-time locations, security researchers have claimed. Cybersecurity researchers from Avast discovered that 29 models of GPS tracker made by Chinese Technology Company Shenzhen i365 for keeping tabs on young children, elderly relatives, and pets contain a number of security vulnerabilities. Over half a million tracking devices were shipped with the same default password of “123456,” giving an opportunity for attackers to easily access tracking information. The remote attackers could track real-time coordinates of the intended person wearing the device, change the location of the device and assign an incorrect location on to it and can even access the microphone which can be used for eavesdropping. This possible access to GPS tracker information is because of the vulnerabilities in GPS tracker password which had been wrongfully set as the default password which makes possible for hackers to exploit and get access to vital information by just having an internet connection.

Image source:

The most vulnerable of the features that allow access to GPS tracking by hackers is the communication between the cloud and GPS tracker. ‘Cloud and the device’s companion mobile Apps,—all use unencrypted plain text HTTP protocol, allowing attackers to intercept exchanged data and issue unauthorized commands. Researchers found that remote attackers can obtain real-time GPS coordinates of a target device just by sending an SMS to the phone number associated with the SIM card which provides DATA+SMS capabilities to the device. As the attacker is informed about the phone number and password, the attacker uses the SMS as an attack vector. The manufacturer of the GPS tracker Shenzen i365 has apologized.

Image source:

Source: The Hacker News

Disclaimer: does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.

Tags: #deep_web_links #Tor_.onion_urls_directories #Deep_Web_Sites_Links #Dark_Web_Links_Hidden_Wiki #Dark_web_directories


Please enter your comment!
Please enter your name here