Unpatched flaws in common GPS gadgets could allow for attackers to disrupt and keep track of cars, security researchers have warned. Security company BitSight explained six ‘severe’ vulnerabilities in the MiCODUS MV720 GPS tracker, a well-known device intended for automobile fleet administration and theft defense.
The BitSight study came together with a warning from the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), which has assigned CVE references for 5 of the identified vulnerabilities: CVE-2022-2107, CVE-2022-2141, CVE-2022-2199, CVE-2022-34150 and CVE-2022-33944.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The MV720 is a hardwired GPS tracker, enabling for exterior, actual physical management of the system, the scientists stated, introducing that the exploitation of the vulnerabilities could have “disastrous and even lifetime-threatening implications.”
BitSight claimed it has produced repeated makes an attempt to call MiCODUS about the vulnerabilities and finally shared its study with CISA. CISA’s endeavours to have interaction with the seller have also been unsuccessful.
Amid the threats posed by the unpatched equipment, BitSight described how an attacker could exploit some of the vulnerabilities to minimize gas to a fleet of business or unexpected emergency motor vehicles.
In a different case in point, scientists described how an adversary could leverage GPS facts to watch and abruptly quit cars on harmful highways. “There are lots of probable scenarios which could outcome in loss of life, assets destruction, privacy intrusions and threaten countrywide security,” BitSight scientists mentioned.
According to MiCODUS, 1.5 million of its GPS tracking equipment are in use currently. BitSight found MiCODUS devices made use of in 169 countries by organizations which includes government organizations, navy and law enforcement, as very well as firms in industries these kinds of as aerospace, vitality, engineering, production and transport.
Corporations and men and women using MV720 products in their autos are at risk, BitSight stated. “Given the effects and severity of the vulnerabilities discovered, it is really proposed that users immediately halt using or disable any MiCODUS MV720 GPS trackers till a correct is produced obtainable.”
There is almost nothing “novel or unique” about the vulnerabilities, claimed Kev Breen, director of cyber menace investigate at Immersive Labs. “Unfortunately, we see the exact same sorts of vulnerabilities on other internet of issues and operational technology gadgets – tricky-coded credentials, cross-web-site scripting vulnerabilities and authentication bypass flaws are all prevalent.”
Although the scientists advocate disabling the device until finally a deal with is accessible, it “will get a prolonged time to be created, if at any time,” claimed Steve Gyurindak, chief technical officer, network and operational technology at Armis. “Onboard motor vehicle procedure isolation – aka network segmentation – of critical systems with correct security controls would assist reduce a catastrophic impression.”
Infosecurity Journal has approached MiCODUS for a remark on the vulnerabilities learned by BitSight.
Some parts of this write-up are sourced from:
www.infosecurity-journal.com