Friday, March 1, 2024

Trackmageddon – Location Tracking Services (GPS) Vulnerabilities Allow to Access Unauthorized GPS Location Data

Security researchers discovered multiple vulnerabilities dubbed “Trackmageddon” which affects GPS services and online location tracking devices.

The vulnerabilities with GPS location tracking devices allow an unauthorized access to the location data that collected by all of the location tracking devices.

With the Trackmageddon vulnerability, attackers can get access to the location, model/type name, assigned phone number, and IMEI number.

Researchers said with gpsui.net and vmui.net, it requires the attacker to be logged in as a user and he sees any user data with this vulnerability and for other providers even Authentication not required.

By using the test devices they able to pull the access location history, activate/deactivate the alarm and to send commands, on some online services directory listings allow attackers to download the data.

“As long as the online service managing your device is still vulnerable changing your password will not matter and there is unfortunately not much you can currently do to protect yourself besides stopping to use the device.”

Researchers have no clues when the vulnerability to be fixed, they have released a number of still online vulnerable services, Pending fixes and fixed one’s.

Also Read:  phpMyAdmin CSRF Vulnerability Allows An Attacker to Delete Records From Database

Unfixed GPS Location Tracking Services:

  • http://www.gps958.com
  • http://m.999gps.net
  • http://www.techmadewatch.eu
  • http://www.jimigps.net
  • http://www.9559559.com
  • http://www.goicar.net
  • http://www.tuqianggps.com
  • http://vitrigps.vn
  • http://www.coogps.com
  • http://greatwill.gpspingtai.net
  • http://www.cheweibing.cn
  • http://car.iotts.net
  • http://carm.gpscar.cn
  • http://watch.anyixun.com.cn
  • http://www.007hwz.com
  • http://www.thirdfang.com
  • http://www.wnxgps.cn
  • http://binding.gpsyeah.net
  • http://chile.kunhigps.cl
  • http://portal.dhifinder.com
  • http://www.bizgps.net
  • http://www.gpsmarvel.com
  • http://www.mygps.com.my
  • http://www.mygpslogin.net
  • http://www.packet-v.com
  • http://login.gpscamp.com
  • http://www.tuqianggps.net
  • http://tuqianggps.net
  • http://www.dyegoo.net
  • http://tracker.gps688.com
  • http://www.aichache.cn
  • http://gtrack3g.com
  • http://www.ciagps.com.tw
  • http://www.fordonsparning.se
  • http://www.gm63gps.com
  • http://yati.net
  • http://www.mytracker.my
  • http://www.istartracker.com
  • http://www.twogps.com
  • http://www.gpsyue.com
  • http://www.xmsyhy.com
  • http://www.icaroo.com
  • http://mootrack.net
  • http://spaceeyegps.com
  • http://www.freebirdsgroup.com
  • http://www.gpsmitramandiri.com
  • http://www.silvertrackersgps.com
  • http://www.totalsolutionsgps.com
  • http://567gps.com
  • http://gps.tosi.vn
  • http://gps.transport-duras.com
  • http://thietbigps.net
  • http://mygps.co.id
  • http://www.gpsuser.net
  • http://www.mgoogps.com
  • http://www.gpscar.cn
  • http://www.aichache.net
  • http://www.gpsline.cn
  • http://2.tkstargps.net
  • http://ephytrack.com
  • http://www.squantogps.com
  • http://www.tkgps.cn
  • http://vip.hustech.cn
  • http://www.blowgps.com
  • http://www.zjtrack.com
  • http://fbgpstracker.com
  • http://gps.gpsyi.com
  • http://www.crestgps.com
  • http://www.spstrackers.com
  • http://en.gps18.com
  • http://en.gpsxitong.com
  • http://gps18.com
  • http://en2.gps18.com
  • http://ry.gps18.com
  • http://www.ulocate.se
  • http://classic.gpsyeah.com
  • http://www.gpsyeahsupport.top
  • http://gpsui.net
  • http://vmui.net

If your device is managed via gpsui.net or vmui.net your location history is only stored for the past 7 days. Hence, not using the device for 7 days is enough to delete your location history from the online service. Researchers added.

Researchers believe that the original developer of the location tracking was Thinkrace the seller of license, so they communicated to them and the vendor fixed the issues.

Website

Latest articles

RisePro Stealer Attacks Windows Users Steals Sensitive Data

A new wave of cyber threats has emerged as the RisePro information stealer targets...

Golden Corral restaurant chain Hacked: 180,000+ Users’ Data Stolen

The Golden Corral Corporation, a popular American restaurant chain, has suffered a significant data...

CISA Warns Of Hackers Exploiting Multiple Flaws In Ivanti VPN

Threat actors target and abuse VPN flaws because VPNs are often used to secure...

BEAST AI Jailbreak Language Models Within 1 Minute With High Accuracy

Malicious hackers sometimes jailbreak language models (LMs) to exploit bugs in the systems so...

Hackers Hijack Anycubic 3D Printers to Display Warning Messages

Anycubic 3D printer owners have been caught off guard by a series of unauthorized...

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

Stellar Cyber, the innovator of Open XDR, today announced that RSM US – the leading provider...

Biden Crack Down Sale of Americans’ Personal Data to China & Russia

To safeguard the privacy and security of American citizens, President Joe Biden has issued...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles