Skip to Content
GPS security flaws
© Monthira Yodtiwong |
Security & privacy

Use this inexpensive GPS tracker? It has a dangerous security bug

Delivery vehicles, long-distance trucks or transporters of valuable cargo often have a global positioning system installed. This lets the vehicle or cargo owner keep track of its movements. Tap or click here for how to find hidden trackers on your car.

It’s vastly different from GPS navigation, and it’s an affordable way to know if there are problems on the route or for better time management. But these GPS trackers often come with built-in security features. For example, if a control room operator notices unusual driving behavior, the engine can be shut down remotely.

But if cybercriminals manage to breach security, they too can take control of the vehicle. That’s happening to an inexpensive GPS tracker due to recently discovered flaws.

Here’s the backstory

As with any gadget, you must continually update them to the latest software version. That’s so you can have the most up-to-date security patches. But when a manufacturer neglects to release security updates, it could lead to severe problems.

That scenario is playing out across the U.S. as millions of GPS trackers from Chinese company MiCODUS leave you vulnerable. Cybersecurity firm BitSight found six critical flaws in the MV720 model from MiCODUS.

The company claims more than 1.5 million MV720 trackers in 169 countries are in use. Various industries use these trackers, including fleet vehicles, law enforcement agencies, militaries and national governments.

According to BitSight, the six vulnerabilities let “hackers track individuals without their knowledge, remotely disable fleets of corporate supply and emergency vehicles, abruptly stop civilian vehicles on dangerous highways.”

The GPS tracker sells for about $20. Two of the critical flaws relate to remote access to the vehicle. The vulnerabilities allow hackers to send text commands to the GPS tracker without a password. 

What you can do about it

BitSight and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s repeated attempts to share the findings with MiCODUS “were disregarded.”

Given the nature of the flaws and the reluctance of MiCODUS to correct them, the best thing to do is to stop using the trackers or disable them. There is no telling if or when a patch will come out. 

However, you might find it challenging to disable or remove the tracker. These units usually require installation by a professional, so it’s best if you take your vehicle to a dealer for an inspection.

Keep reading

This app helps you get where you’re going without tracking you using GPS

Put your phone away – The best standalone GPS trackers for your car

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days