Security flaws in GPS trackers can be abused to cut off fuel to vehicles, CISA warns

2022-07-19 23:15

A handful of vulnerabilities, some critical, in MiCODUS GPS tracker devices could allow criminals to disrupt fleet operations and spy on routes, or even remotely control or cut off fuel to vehicles, according to CISA. And there's no fixes for these security flaws.

"Successful exploitation of these vulnerabilities could allow an attacker control over any MV720 GPS tracker, granting access to location, routes, fuel cutoff commands, and the disarming of various features," the US government agency warned in an advisory posted Tuesday.

About 1.5 million consumers and organizations use the GPS trackers, the researchers said.

These would look like they are coming from the GPS owner's mobile number, and could allow a miscreant to gain control of any tracker, access and track vehicle location in real time, cut off fuel and disarm alarms or other features provided by the gadget.

"BitSight recommends that individuals and organizations currently using MiCODUS MV720 GPS tracking devices disable these devices until a fix is made available," the report concluded.

"Organizations using any MiCODUS GPS tracker, regardless of the model, should be alerted to insecurity regarding its system architecture, which may place any device at risk." .

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/19/micodus_gps_tracker_vulns/

#cisa #GPS #security #tracker