BitSight’s cybersecurity experts discovered serious flaws in a GPS tracker that is used in 1.5 million vehicles across 169 countries.
Six vulnerabilities were found in the MiCODUS MV720 device. These trackers can be found in vehicles owned by many Fortune 50 companies, as well as governments across Europe and the US.
An attacker can track and manage the data of the MiCODUS MV720. He will also be able to immobilize the vehicle.
One vulnerability allows you to send commands via SMS to a GPS tracker and run them with administrator rights.
BitSight claims that the vulnerabilities were not fixed despite numerous attempts to reach the Chinese manufacturer MiCODUSMV720. BitSight shared its findings with US Department of Homeland Security, asking them to contact the manufacturer. However, no fix has been released.