Monday, February 10, 2025
HomeCVE/vulnerabilityTrackmageddon - Location Tracking Services (GPS) Vulnerabilities Allow to Access Unauthorized GPS...

Trackmageddon – Location Tracking Services (GPS) Vulnerabilities Allow to Access Unauthorized GPS Location Data

Published on

SIEM as a Service

Follow Us on Google News

Security researchers discovered multiple vulnerabilities dubbed “Trackmageddon” which affects GPS services and online location tracking devices.

The vulnerabilities with GPS location tracking devices allow an unauthorized access to the location data that collected by all of the location tracking devices.

With the Trackmageddon vulnerability, attackers can get access to the location, model/type name, assigned phone number, and IMEI number.

Researchers said with gpsui.net and vmui.net, it requires the attacker to be logged in as a user and he sees any user data with this vulnerability and for other providers even Authentication not required.

By using the test devices they able to pull the access location history, activate/deactivate the alarm and to send commands, on some online services directory listings allow attackers to download the data.

“As long as the online service managing your device is still vulnerable changing your password will not matter and there is unfortunately not much you can currently do to protect yourself besides stopping to use the device.”

Researchers have no clues when the vulnerability to be fixed, they have released a number of still online vulnerable services, Pending fixes and fixed one’s.

Also Read:  phpMyAdmin CSRF Vulnerability Allows An Attacker to Delete Records From Database

Unfixed GPS Location Tracking Services:

  • http://www.gps958.com
  • http://m.999gps.net
  • http://www.techmadewatch.eu
  • http://www.jimigps.net
  • http://www.9559559.com
  • http://www.goicar.net
  • http://www.tuqianggps.com
  • http://vitrigps.vn
  • http://www.coogps.com
  • http://greatwill.gpspingtai.net
  • http://www.cheweibing.cn
  • http://car.iotts.net
  • http://carm.gpscar.cn
  • http://watch.anyixun.com.cn
  • http://www.007hwz.com
  • http://www.thirdfang.com
  • http://www.wnxgps.cn
  • http://binding.gpsyeah.net
  • http://chile.kunhigps.cl
  • http://portal.dhifinder.com
  • http://www.bizgps.net
  • http://www.gpsmarvel.com
  • http://www.mygps.com.my
  • http://www.mygpslogin.net
  • http://www.packet-v.com
  • http://login.gpscamp.com
  • http://www.tuqianggps.net
  • http://tuqianggps.net
  • http://www.dyegoo.net
  • http://tracker.gps688.com
  • http://www.aichache.cn
  • http://gtrack3g.com
  • http://www.ciagps.com.tw
  • http://www.fordonsparning.se
  • http://www.gm63gps.com
  • http://yati.net
  • http://www.mytracker.my
  • http://www.istartracker.com
  • http://www.twogps.com
  • http://www.gpsyue.com
  • http://www.xmsyhy.com
  • http://www.icaroo.com
  • http://mootrack.net
  • http://spaceeyegps.com
  • http://www.freebirdsgroup.com
  • http://www.gpsmitramandiri.com
  • http://www.silvertrackersgps.com
  • http://www.totalsolutionsgps.com
  • http://567gps.com
  • http://gps.tosi.vn
  • http://gps.transport-duras.com
  • http://thietbigps.net
  • http://mygps.co.id
  • http://www.gpsuser.net
  • http://www.mgoogps.com
  • http://www.gpscar.cn
  • http://www.aichache.net
  • http://www.gpsline.cn
  • http://2.tkstargps.net
  • http://ephytrack.com
  • http://www.squantogps.com
  • http://www.tkgps.cn
  • http://vip.hustech.cn
  • http://www.blowgps.com
  • http://www.zjtrack.com
  • http://fbgpstracker.com
  • http://gps.gpsyi.com
  • http://www.crestgps.com
  • http://www.spstrackers.com
  • http://en.gps18.com
  • http://en.gpsxitong.com
  • http://gps18.com
  • http://en2.gps18.com
  • http://ry.gps18.com
  • http://www.ulocate.se
  • http://classic.gpsyeah.com
  • http://www.gpsyeahsupport.top
  • http://gpsui.net
  • http://vmui.net

If your device is managed via gpsui.net or vmui.net your location history is only stored for the past 7 days. Hence, not using the device for 7 days is enough to delete your location history from the online service. Researchers added.

Researchers believe that the original developer of the location tracking was Thinkrace the seller of license, so they communicated to them and the vendor fixed the issues.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

Ransomware Payments Plunge 35% as More Victims Refuse to Pay

In a significant shift within the ransomware landscape, global ransom payments plummeted by 35%...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Marvel Game Vulnerability Exposes PCs & PS5s to Remote Takeover Attacks

A severe security vulnerability has been uncovered in the popular video game Marvel Rivals, raising...

Critical Zimbra Flaws Allow Attackers to Gain Unauthorized Access to Sensitive Data

Serious vulnerabilities in Zimbra Collaboration Suite (ZCS), a popular enterprise email and collaboration platform,...

Hackers Exploit AnyDesk Vulnerability to Gain Admin Access – PoC Released

A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious...