[ad_1]
Avast estimates 600,000 IoT products are currently vulnerable
Portable devices designed to monitor children and the elderly are fraught with security breaches, according to the Avast cybersecurity company.
In a report released today, the security software provider details the critical vulnerabilities discovered in nearly 30 popular GPS tracker models manufactured by the Chinese firm Shenzhen i365 Tech.
The supplier manufactures fashionable GPS devices, marketed as a way to keep track of children, the elderly and pets.
The products come with the T8 Mini GPS Tracking System, a component that allows unauthorized third parties to listen to communications, among other things, warns Avast.
Avast discovered that these devices left the data exposed, including GPS coordinates in real time, via the tracker's web application (non-HTTPS link).
The application's website serves content via the HTTP protocol, which means that the user's account information is transmitted over the Internet without encryption.
Users taking advantage of T8 Mini GPS tracking and its associated application would therefore expose their phone IDs and passwords.
An individual's devices could easily be identified with this information through the use of the International Mobile Equipment Identity (IMEI) ID for the connection.
Malicious actors could then compromise the device, according to Avast.
The cybersecurity firm also found that the product design flaws provided the devices with functionality beyond GPS tracking, including the ability to call a phone number to access the microphone.
An attacker would also have the option to send an SMS to serve a malicious URL as part of a remote hacking attempt.
Avast said The daily swig On June 24, she informed Shenzhen i365 Tech of these vulnerabilities. Repeated attempts to contact the manufacturer of the T8 Mini GPS to discuss these various (yet unresolved) issues have been unsuccessful, Avast said.
"We have done due diligence in communicating these vulnerabilities to the manufacturer, but since we have not heard from them after the usual amount of time, we are releasing this public service announcement for the benefit of consumers. we strongly advise you to stop using these devices, "Martin Hron, lead researcher at Avast said in a statement.
Researchers estimate that there are approximately 600,000 T8 Mini GPS products in circulation and currently vulnerable, with 500,000 downloads of the corresponding applications.
Avast has identified 29 other GPS tracking products containing the same vulnerabilities, many of which are manufactured by the same company.
Consumers are reminded to shop safely and always change the product's default administrator passwords to make them more complex.
"As parents, we are inclined to adopt technology that will ensure the safety of our children, but we need to be aware of the products we buy," said Leena Elias, product delivery manager at Avast.
"Beware of manufacturers who do not meet minimum safety standards or who lack third-party certifications or endorsements. Buy only brands that you trust to ensure the security of your data – the extra cost is worth the peace of mind. "
The daily swig contacted Shezhen i365 for comment. T8 Mini GPS Tracking appears to no longer be available on the company's website.
RELATED A multitude of vulnerabilities discovered in MiSafes child monitoring devices
[ad_2]
Source link