These GPS devices allow strangers to track your child’s location

GPS tracker security flaws put kids at risk

Being a kid in today’s digital world is a whole lot different than growing up in previous decades. Not only are you immersed in the culture and functions of the internet from infancy, your primary entertainment comes from computers and gadgets as well.

But tech for kids isn’t all just fun and games — they also have a lot more ways to stay safe and connected to their parents than ever before. GPS trackers, in particular, are one of the most popular ways for parents to monitor children while still giving them freedom to explore their surroundings. Whether these devices are safe enough, however, is another question entirely.

Cybersecurity researchers for one of the most popular antivirus programs on the web have discovered a shocking number of security holes in top selling GPS devices for kids, seniors and pets. If exploited, these flaws would allow hackers to know where your kids are, eavesdrop on the microphone, or even spoof their location so you can’t find them! Here’s what we know about this scary new threat, and why you might want to toss that cheap tracker you bought on Amazon.

Popular GPS trackers are unsecured, leak sensitive data that puts kids at risk

Avast, the developers behind one of the internet’s most popular antivirus software, revealed a shocking new security threat in their recent cybersecurity blog post. According to their statement, critical security vulnerabilities were found in 30 GPS trackers designed for children, seniors and even pets. These trackers all originate from the same Chinese manufacturer and factory, and are often sold under different brands as part of an industry-wide practice known as “whitelabeling.”

These GPS trackers, Avast says, broadcast requests like location data from its web app with no encryption, making it easy for hackers and cybercriminals to intercept the transmissions. Once inside, they could easily gain access to the device’s microphone for eavesdropping or know exactly where your kids are located. Scariest of all, this method of attack could make it easier for a hacker or child predator to change the location the GPS is broadcasting to somewhere else entirely. It’s enough to make your skin crawl!

To make matters worse, Avast also discovered 50 related mobile apps that share the same unencrypted platform as the trackers. All of these apps and devices all used the same stunningly-inept password of “123456.” Yes, really.

I own a GPS tracker! Is mine at risk?

The fact that this particular vulnerably GPS tracker is sold under whitelabeling makes it far more difficult to know if you have the affected product. The official model name for the tracker is the T8 Mini GPS from Shenzhen i365 Tech, but it may have been sold under entirely different brand names on platforms like Amazon and eBay.

One thing uniting these devices, however, is their cheap price. While exact prices vary, the T8 Mini GPS can be picked up from various retailers for as little as $30, and all the way up to $80 for fancier branding and packaging. In this case, you are very much getting what you pay for. The most common incarnation of the device can be seen above, though appearance and size may also differ.

In the future, it’s worth doing extensive research before purchasing any devices you plan to hand off to a child — or any other at-risk loved one. Since there are few explicit cybersecurity laws in effect, it’s up to both manufacturers and consumers to hold one another accountable for device security.

But judging by the track record of several manufacturers, the ball is squarely in our court.

Tags: cybercriminals, digital world