A well-known GPS tracker has security vulnerabilities that are so dire, researchers suggest that there should be a recall on all of these devices. The Chinese made GPS can’t connect to the internet, but they can be controlled by SMS as they operate with a SIM card to connect to the cell network.
Researchers from Fidus Information Security explained that by sending an SMS containing specific keywords, anybody can gain access to the real-time location. Other commands would allow you to shut down the signal to the device, or even listen to the built-in microphone without being detected. Other details such as the level of the battery and IMEI number could also be retrieved.
Andrew Mabbitt of Fidus, says that although our technology is helping us to become more connected, things won’t end well considering that we’re neglecting many of these types of security aspects. The GPS is used for tracking automobiles, older convalescents, and it can also serve as a panic alarm, but seeing as literally anyone can manipulate it for their own purposes, it may be more of a liability than anything else. It’s possible to protect the tracker with a PIN, but this isn’t enabled as a default setting. Additionally, the PIN isn’t even necessary to reset the device, which leaves it exposed to more commands.
Thousands of these trackers are active all over the world and all an attacker needs is the phone number of the device. Unfortunately the issue can’t be fixed unless all of the devices are recalled. Mabbitt says, “All they needed to do was print a unique code on each pendant and require that to be used to change configurations. The location and call functions could be locked down to calls and texts only from those numbers previously programmed in as emergency contacts.”