Putting together this report reminded me of an episode of the Sopranos where Tony removes the navigation system in his SUV because he doesn’t want the cops to be able to track him. While some think he’s being paranoid, others compliment the boss for his prowess.
Well, it looks like the Bada Bing owner knew what he was talking about. Motherboard recently reported on a hacker referred to as L&M who contacted them about being able to shut off the engines of vehicles around the world with one mouse click by accessing their GPS tracking system accounts.
According to the report, he was not only able to see where all these vehicles were located, but he could access personal contact information and even remotely turn off the engines of these vehicle when they were traveling less than 12 mph. The hacker identified the vulnerability of about 27,000 iTrack and ProTrack accounts that he was able to access by reverse engineering their Android apps. A key flaw stemmed from all customers being given a default password of 123456 when they sign up.
The software is typically used by commercial vehicle fleets to track the locations of drivers.
Motherboard was able to confirm the data breach, and a hardware provider verified that remote shut-off capabilities are part of the GPS’s features.
Although the hacker had this ability, he told Motherboard that he never attempted to stop any vehicles. He said his focus was on exposing the security flaw, not harming innocent customers. However, he did admit to being able to “make a big traffic problem all over the world,” due to his access to, and control of, thousands of vehicles. ProTrack has reportedly reached out to customers, asking them to change their password.
L&M told Motherboard that he contacted the companies asking for a reward. He declined to share specifics, but seemed pleased with the outcome.