Avast discovers widespread security flaws in GPS child trackers
It has come to our attention that researchers are warning consumers about vulnerabilities affecting nearly 30 models for sale on large online retailers. Avast researchers have discovered serious security vulnerabilities in some 600,000 child trackers for sale on Amazon.com and other large online merchants. The devices result in exposing data sent to the cloud, including the exact real-time GPS coordinates of children. This alone you can imagine is a massive security issue.
GPS trackers are designed to bring you a greater piece of mind by helping you to locate your kids, pets or even your car. They can be extremely useful for the elderly or disabled to provide them with a simple SOS if anything goes wrong. However if there is security issues found in these trackers then they could cause nightmares instead of a piece of mind.
Twenty-nine models of trackers made by the Chinese manufacturer, Shezhen i365 Tech and resold through various brands showed the vulnerabilities. Avast Threat Labs first analyzed the T8 Mini child trackers and found the companion mobile app is downloaded from a unsure website, exposing the users' information. Upon further investigation more security issues were presented such as user account information, which comes with an assigned ID number and default passsword of 123456. Design flaws in the trackers can also enable third-parties to fake the user's location, or access the microphone for eavesdropping.
A senior researcher at Avast Martin Hron advises consumers to opt for an alternative product from a more trustworthy brand that has built security into the product design. Avast recommends changing the default admin password to something more complex. However, in this case even that would not stop a motivated hacker from intercepting the unencrypted traffic.
"We have done our due diligence in disclosing these vulnerabilities to the manufacturer, but since we have not heard back after the standard window of time, we are now issuing this Public Service Announcement to consumers and strongly advise you to discontinue use of these devices,” Hron said.
For a deep-dive analysis of the security flaws found in the T8 Mini GPS tracker, please visit the Avast Decoded threat intelligence blog.