Hacker Finds He Can Remotely Kill Car Engines After Breaking Into GPS Tracking Apps

[InfoSec News <alerts () infosecnews org>]

https://motherboard.vice.com/en_us/article/zmpx4x/hacker-monitor-cars-kill-engine-gps-tracking-apps

By Lorenzo Franceschi-Bicchierai
Motherboard.vice.com
April 24, 2019

A hacker broke into thousands of accounts belonging to users of two GPS tracker
apps, giving him the ability to monitor the locations of tens of thousands of
vehicles and even turn off the engines for some of them while they were in
motion, Motherboard has learned.

The hacker, who goes by the name L&M, told Motherboard he hacked into more than
7,000 iTrack accounts and more than 20,000 ProTrack accounts, two apps that
companies use to monitor and manage fleets of vehicles through GPS tracking
devices. The hacker was able to track vehicles in a handful of countries around
the world, including South Africa, Morocco, India, and the Philippines. On some
cars, the software has the capability of remotely turning off the engines of
vehicles that are stopped or are traveling 12 miles per hour or slower,
according to the manufacturer of certain GPS tracking devices.

By reverse engineering ProTrack and iTrack’s Android apps, L&M said he realized
that all customers are given a default password of 123456 when they sign up.

At that point, the hacker said he brute-forced “millions of usernames” via the
apps’ API. Then, he said he wrote a script to attempt to login using those
usernames and the default password.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_