BitSight, which works in the field of information security, found six vulnerabilities in the popular MV720 GPS tracker of the Chinese company MiCODUS. These trackers are usually used by businesses to monitor cars and consumers to track their cars in the event of a theft. The operation of these vulnerabilities can sometimes affect the engine and track the location of more than 1.5 million cars.
The message says that the BitSight team was able to detect problems not only in the tracker itself, but also in the web server that is used to transmit data. The MV720 trackers were vulnerable to attacks by the middle man when the intruder could retransmit and, if necessary, modify data transmitted between the two sides. The exploitation of vulnerabilities could give the intruder full control over the GPS tracker.
," says the BitSight report.
According to available data, BitSight has been trying to contact MiCODUS to report the problem as early as September 2021, but the Chinese GPS tracker manufacturer has not made contact and has not yet corrected the identified vulnerabilities, and researchers have noted that MV720 trackers ' vulnerabilities have not yet been exploited in practice.