Interconnectivity and the Internet of Things hold the promise of a simpler, higher quality life. At least that’s the narrative that’s spun about smart appliances, medical devices and of course smart cars.
While there is undoubtedly some truth to the virtues of this interconnectedness there are also going to be pitfalls, mainly an increase in the number of vulnerabilities.
In a story on motherboard.vice.com a hacker who goes by the name L&M shared his story of how he was able to hack into thousands of GPS tracker accounts on not one, but two different platforms. It turns out it wasn’t all that difficult thanks to some lazy coding that gave every new user account the same breathtakingly obvious default password 123456!
Armed with this knowledge L&M was able to scrape a “treasure trove” of customer data:
According to a sample of user data L&M shared with Motherboard, the hacker has scraped a treasure trove of information from ProTrack and iTrack customers, including: name and model of the GPS tracking devices they use, the devices’ unique ID numbers (technically known as an IMEI number); usernames, real names, phone numbers, email addresses, and physical addresses. (According to L&M, he was not able to get all of this information for all users; for some users he was only able to get some of the above information.)
Cracking GPS apps and stealing thousands of customer’s information, geez, no big deal when one compares it to some of the shockingly large hospital and healthcare provider breaches of late, right? But here is where it gets far more interesting. These apps have features that allow the customers to remotely turn off their engines if the car is traveling at less than 12mph. Guess what? L&M claims that while he never did it, he certainly could if he wanted to. Traffic jams and gridlock on demand anyone?!
Securing Your network and the IoT
At Konsultek we build better security solutions from the ground up using the most advanced technologies available.
How secure is your network?
If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.
The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.