Hackers Could Abruptly Stop Cars on Highways Due to Security Bugs in Popular GPS Tracker

A bunch of vulnerabilities discovered by security researchers in the software used by a popular GPS tracker could let hackers not only access the location of a vehicle in real-time but also stop it abruptly on the highway.
MiCODUS MV720 GPS tracker 7 photos
Photo: MiCODUS
MiCODUS GPS trackerMiCODUS GPS trackerMiCODUS GPS trackerMiCODUS GPS trackerMiCODUS GPS trackerMiCODUS GPS tracker
This is the warning released this week by security vendor BitSight after finding a total of six vulnerabilities in the MiCODUS MV720 GSP tracking device.

Manufactured by MiCODUS, this GPS tracker’s software has a total of six flaws, with the most severe making it possible for malicious actors to obtain the master password, connect to the web server, and then control the GPS device remotely.

BitSight warns that once an attacker breaks into the GPS tracker, they could get access to location information in real-time, browse the routes the vehicle has been using, and even leverage the GPS data to eventually “abruptly stop vehicles on dangerous roads.”

Furthermore, the attackers could remotely disable vehicles and then demand ransoms to unlock them, the researchers warn.

The security vendor has worked together with U.S. cybersecurity agency CISA on further research that analyzes all six vulnerabilities, with the latter also issuing a warning to warn that attackers could end up being able to “disarm various [vehicle] features.

More concerning is that parent company MiCODUS has failed to release security patches to address the vulnerabilities, even after being informed by researchers about the major implications of the bugs.

BitSight estimates that over 1.5 million MiCODUS GPS trackers are currently being used by more than 420,000 customers in the United States alone.

Without security patches, CISA recommends customers to make sure the devices aren’t accessible from the Internet, isolate them from business networks, and rely on VPNs as much as possible when remote access is required.

MiCODUS is yet to release a public advisory on the found vulnerabilities at the time of writing.
If you liked the article, please follow us:  Google News icon Google News Youtube Instagram X (Twitter)
About the author: Bogdan Popa
Bogdan Popa profile photo

Bogdan keeps an eye on how technology is taking over the car world. His long-term goals are buying an 18-wheeler because he needs more space for his kid’s toys, and convincing Google and Apple that Android Auto and CarPlay deserve at least as much attention as their phones.
Full profile


Would you like AUTOEVOLUTION to send you notifications?

You will only receive our top stories