Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control
Unpatched GPS Tracker Bugs Could Let Attackers Disrupt Vehicles Remotely
Ravie Lakshmanan with The Hacker News reports:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations.
“Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control of the global positioning system tracker,” CISA said. “These vulnerabilities could impact access to a vehicle fuel supply, vehicle control, or allow locational surveillance of vehicles in which the device is installed.”
Available on sale for $20 and manufactured by the China-based MiCODUS, the company’s tracking devices are employed by major organizations in 169 countries spanning aerospace, energy, engineering, government, manufacturing, nuclear power plant, and shipping sectors.