It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Security researchers have unearthed multiple vulnerabilities in hundreds of GPS services that could enable attackers to expose a whole host of sensitive data on millions of online location tracking devices managed by vulnerable GPS services. The series of vulnerabilities discovered by two security researchers, Vangelis Stykas and Michael Gruhn, who dubbed the bugs as 'Trackmageddon' in a report, detailing the key security issues they have encountered in many GPS tracking services.
Trackmageddon affects several GPS services that harvest geolocation data of users from a range of smart GPS-enabled devices, including children trackers, car trackers, pet trackers among others, in an effort to enable their owners to keep track of where they are.
By exploiting these flaws, an unauthorized third party or hacker can get access to personally identifiable information collected by all location tracking devices, including GPS coordinates, phone numbers, device model and type information, IMEI numbers, and custom assigned names.
What's more? On some online services, an unauthorized third party can also access photos and audio recordings uploaded by location tracking devices. The duo said they have been trying to reach out to potentially affected vendors behind the affected tracking services for warning them of the severity of these vulnerabilities. According to the researchers, one of the largest global vendors for GPS tracking devices, ThinkRace, may have been the original developer of the flawed location tracking online service software and seller of licenses to the software.
Why do you disclose this before all online services are fixed? We used to have a long disclosure rationale here, but because the situation has changed dramatically after we made the decision to disclose and we continuously evaluate the situation resulting in first cutting our initial communicated deadline shorter (due to lack of vendor response from still affected vendors) then in the end extending the deadline (due to sudden vendor responsiveness), in the end our disclosure rationale was read able anymore.
In the end, it boils down to this: We tried to give the vendors enough time to fix (also respond for that matter) while we weighted this against the current immediate risk of the users. We understand that only a vendor fix can remove user’s location history (and any other stored user data for that matter) from the still affected services but we (and I personally because my data is also on one of those sites) judge the risk of these vulnerabilities being exploited against live location tracking devices much higher than the risk of historic data being exposed.
originally posted by: dragonridr
a reply to: Azureblue
Just keep your location turned to off until you actually need to use gps services.
originally posted by: Raxoxane
a reply to: Azureblue
Yep.I never assume privacy or security re anything like cells and pc's and laptops etc.I live my life,let them listen if they so wish.I'm certainly not wasting a minute of my life worrying about it.
These apps, some of which are targeted at children, use software from a startup called Alphonso, which quietly collects data about people’s TV viewing habits and sells it on to advertisers.
Around 1,000 games and social apps reportedly use the software, with more than 250 of them available to download from Google Play and a smaller number also available from Apple’s App Store.