Monday, June 24, 2024

Trackmageddon – Location Tracking Services (GPS) Vulnerabilities Allow to Access Unauthorized GPS Location Data

Security researchers discovered multiple vulnerabilities dubbed “Trackmageddon” which affects GPS services and online location tracking devices.

The vulnerabilities with GPS location tracking devices allow an unauthorized access to the location data that collected by all of the location tracking devices.

With the Trackmageddon vulnerability, attackers can get access to the location, model/type name, assigned phone number, and IMEI number.

Researchers said with gpsui.net and vmui.net, it requires the attacker to be logged in as a user and he sees any user data with this vulnerability and for other providers even Authentication not required.

By using the test devices they able to pull the access location history, activate/deactivate the alarm and to send commands, on some online services directory listings allow attackers to download the data.

“As long as the online service managing your device is still vulnerable changing your password will not matter and there is unfortunately not much you can currently do to protect yourself besides stopping to use the device.”

Researchers have no clues when the vulnerability to be fixed, they have released a number of still online vulnerable services, Pending fixes and fixed one’s.

Also Read:  phpMyAdmin CSRF Vulnerability Allows An Attacker to Delete Records From Database

Unfixed GPS Location Tracking Services:

  • http://www.gps958.com
  • http://m.999gps.net
  • http://www.techmadewatch.eu
  • http://www.jimigps.net
  • http://www.9559559.com
  • http://www.goicar.net
  • http://www.tuqianggps.com
  • http://vitrigps.vn
  • http://www.coogps.com
  • http://greatwill.gpspingtai.net
  • http://www.cheweibing.cn
  • http://car.iotts.net
  • http://carm.gpscar.cn
  • http://watch.anyixun.com.cn
  • http://www.007hwz.com
  • http://www.thirdfang.com
  • http://www.wnxgps.cn
  • http://binding.gpsyeah.net
  • http://chile.kunhigps.cl
  • http://portal.dhifinder.com
  • http://www.bizgps.net
  • http://www.gpsmarvel.com
  • http://www.mygps.com.my
  • http://www.mygpslogin.net
  • http://www.packet-v.com
  • http://login.gpscamp.com
  • http://www.tuqianggps.net
  • http://tuqianggps.net
  • http://www.dyegoo.net
  • http://tracker.gps688.com
  • http://www.aichache.cn
  • http://gtrack3g.com
  • http://www.ciagps.com.tw
  • http://www.fordonsparning.se
  • http://www.gm63gps.com
  • http://yati.net
  • http://www.mytracker.my
  • http://www.istartracker.com
  • http://www.twogps.com
  • http://www.gpsyue.com
  • http://www.xmsyhy.com
  • http://www.icaroo.com
  • http://mootrack.net
  • http://spaceeyegps.com
  • http://www.freebirdsgroup.com
  • http://www.gpsmitramandiri.com
  • http://www.silvertrackersgps.com
  • http://www.totalsolutionsgps.com
  • http://567gps.com
  • http://gps.tosi.vn
  • http://gps.transport-duras.com
  • http://thietbigps.net
  • http://mygps.co.id
  • http://www.gpsuser.net
  • http://www.mgoogps.com
  • http://www.gpscar.cn
  • http://www.aichache.net
  • http://www.gpsline.cn
  • http://2.tkstargps.net
  • http://ephytrack.com
  • http://www.squantogps.com
  • http://www.tkgps.cn
  • http://vip.hustech.cn
  • http://www.blowgps.com
  • http://www.zjtrack.com
  • http://fbgpstracker.com
  • http://gps.gpsyi.com
  • http://www.crestgps.com
  • http://www.spstrackers.com
  • http://en.gps18.com
  • http://en.gpsxitong.com
  • http://gps18.com
  • http://en2.gps18.com
  • http://ry.gps18.com
  • http://www.ulocate.se
  • http://classic.gpsyeah.com
  • http://www.gpsyeahsupport.top
  • http://gpsui.net
  • http://vmui.net

If your device is managed via gpsui.net or vmui.net your location history is only stored for the past 7 days. Hence, not using the device for 7 days is enough to delete your location history from the online service. Researchers added.

Researchers believe that the original developer of the location tracking was Thinkrace the seller of license, so they communicated to them and the vendor fixed the issues.

Website

Latest articles

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB...

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve,...

Microsoft Power BI Vulnerability Let Attackers Access Organizations Sensitive Data

A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying...

Consulting Companies to Pay $11 Million Failing Cybersecurity Requirements

Two consulting companies, Guidehouse Inc. and Nan McKay and Associates, have agreed to pay...

New RAT Malware SneakyChef & SugarGhost Attack Windows Systems

Talos Intelligence has uncovered a sophisticated cyber campaign attributed to the threat actor SneakyChef....

Chinese Winnti Group Intensifies Financially Motivated Attacks

Hackers are increasingly executing financially motivated attacks and all due to the lucrative potential...

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from Promokit.eu for...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles