Millions at Risk Due to GPS Tracking and Locations Flaw

A report published by security researchers, Vangelis Stykas and Michael Gruhn, has revealed that there are a series of vulnerabilities found within several GPS and location tracking services. Given the name “Trackmageddon”, the vulnerabilities detailed include weak passwords and insecure APIs and could risk exposing millions.

Lamar Bailey, director of security research and development at Tripwire, who states this highlights two critical issues:

You cannot assume a company is doing a good job keeping your data safe. Many companies are very small and do not have adequate security practices, training, or staff to setup secure product and services or they are more interested in getting products to market instead of spending the time and money to make sure the products are secure.  

Think of them like a new bank that just popped up and they are giving 10 percent interest on savings accounts to gain customers but the bank branches are built like tents with no vault or security guards.  A 10-year-old with a match can make all your savings go up in flames because the bank has not done its due diligence to make sure they are secure.

Many companies still have no way for someone to report security concerns. If a company does not have a public facing way to report security issues and a process to respond to them they generally get lost. We deal with this all the time!

Sending information to their support organization generally goes to someone who does not understand it and it gets lost or takes ages to get the issue escalated to the correct person. The researcher generally gives up and publicly announces the vulnerability (0-day) when there is no fix. This is harmful to the company and customers.

There is not a good way for consumers to be sure their data will be protected or the new hot IoT device will not allow someone to hack their homes. The best thing they can do is use a search engine to search for the company name and “vulnerability” + “hack” + ‘security” to see if there are any public reports of security issues with that company and look for a page on their website that is used for reporting security issues.  

This is by no means a fail proof way to may sure you’re getting a good product or service but it is a little better than putting your savings in a cardboard box inside of a tent.

Also Read

Stay in the know with our newsletter