Avast, a computer security company, has published a report on a vulnerability affecting about 600,000 popular GPS trackers. Experts say that blacklisted devices are especially dangerous for children whose parents often purchase beacons to track the location of their children.
According to the Avast report, the problem affected about 30 models of the Chinese manufacturer Shenzhen i365 Tech. One of the company's best sellers is the T8 Mini GPS gadget, which is offered as a means to monitor the location of children, the elderly and animals.
As it turned out, all requests and location data are transmitted by the trackers in unencrypted form - in case of signal interception, the hacker will receive a combination of longitude and latitude in the form of plain text. And the official i365 Tech website is encrypted with legacy HTTP instead of up-to-date and more secure HTTPS.
The biggest potential threat to the carriers of these gadgets was the possibility of wiretapping using the microphone built into the tracker. You can also remotely send SMS and thereby reveal the victim’s phone number, reconfigure the tracker so that it uses an alternative hacker server, or even remotely change the firmware of the device.
Avast representatives recommended parents to abandon the use of compromised devices - their operation may endanger the safety of children.