Security News

Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution...

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

We hear Privacy International and a few other campaign groups set up camp outside Capita's AGM in London yesterday protesting Capita's involvement as an outsourcer in a UK government GPS tracking contract. Privacy International has previously complained that the UK Home Office and the MoJ continue to "Throw money at procurement of GPS tags to monitor migrants... despite the fact only 1 percent of migrants abscond from immigration bail," citing a statistic it obtained via a Freedom of Information request [PDF].

An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720, a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical vulnerabilities are present in other Micodus tracker models.

The U.S. Cybersecurity and Infrastructure Security Agency is warning of a handful of unpatched security vulnerabilities in MiCODUS MV720 Global Positioning System trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations. CVE-2022-2107 - Use of a hard-coded master password that could enable an unauthenticated attacker to carry out adversary-in-the-middle attacks and seize control of the tracker.

Six vulnerabilities in the MiCODUS MV720 GPS tracker that's used by organizations around the world to manage and protect vehicle fleets could be exploited by attackers to remotely cut fuel to or abruptly stop vehicles. The MiCODUS MV720 is a hardwired GPS tracker through which fleet owners can track vehicles, cut off fuel to them, geofence them so they can't be driven outside specific areas, and generally have remote control over the vehicles.

A handful of vulnerabilities, some critical, in MiCODUS GPS tracker devices could allow criminals to disrupt fleet operations and spy on routes, or even remotely control or cut off fuel to vehicles, according to CISA. And there's no fixes for these security flaws. "Successful exploitation of these vulnerabilities could allow an attacker control over any MV720 GPS tracker, granting access to location, routes, fuel cutoff commands, and the disarming of various features," the US government agency warned in an advisory posted Tuesday.

Vulnerability researchers have found security issues in a GPS tracker that is advertised as being present in about 1.5 million vehicles in 169 countries. MiCODUS GPS trackers are used by the state-owned Ukrainian transportation agency, so Russian hackers could target them to determine supply routes, troop movements, or patrol routes, researchers at cybersecurity company BitSight say in a report today.

In a warning to aviation authorities and air operators on Thursday, the European Union Aviation Safety Agency warned of satellite jamming and spoofing attacks across a broad swath of Eastern Europe that could affect air navigation systems. The warning came in tandem with a separate alert from the FBI and the U.S. Cybersecurity Infrastructure and Security Agency that hackers could be targeting satellite communications networks in general.

The European Union Aviation Safety Agency, EU's air transport safety and environmental protection regulator, warned today of intermittent outages affecting Global Navigation Satellite Systems linked to the Russian invasion of Ukraine. These GNSS outages can lead to navigation and surveillance degradation due to jamming and/or possible spoofing issues that have intensified around Ukraine.