Pierre Barre, member of CyAN, released new security weakness in GPS trackers

Pierre Barre with Chaouki Kasmi and Eiman Al Shehhi released a new paper about the security of GPS trackers.

They found security and privacy issues inside GPS trackers:

  • protocols between the trackers and the remote management servers are in clear text
  • SMS used for configuration of the trackers are sent to a remote country
  • backdoors commands were found in trackers firmware images
  • trackers can be managed using SMS and backdoors messages can be used by attackers to re-define remote monitoring servers allowing him to silently intercept coordinates sent by a tracker
  • due to a lack of authentication of trackers, an attacker can send fake GPS coordintes to a remote server
  • the security of management websites – allowing the manage trackers – is very problematic: the websites are full of vulnerabilities and an attacker can retrieve coordinates of other users/trackers
  • an attacker can define a ‘geofence’ against a remote tracker, allowing him to get information if the tracker goes beyond this geofence and if the tracker is linked to the car engine, it is also possible to stop the car remotely
  • management infrastructures are complete backboxes located abroad without defined policies
  • finally, information about telecommunication networks (including cellid) is sent to remote country

This study highlights privacy and security issues of GPS trackers.

The paper can be found here.