A hacker named L & M has managed to take control of more than 7000 iTrack accounts and 20 000 ProTrack accounts, GPS applications dedicated to company cars, report our colleagues of Motherboard. Unsurprisingly, he was able to access users' data, including their phone number, their postal code, their name and surname ... Worse, he was also able to access the geolocation of each vehicle.
GPS: a pirate takes control of thousands of cars and asks for a reward!
Under certain conditions, the pirate was also able to remotely cut the cars engine. For that, he had to wait until the car did not exceed 19km / h. To infiltrate the aforementioned applications, L & M has simply tried thousands of combination passwords to get it right. Many users made the task very easy for the hacker: they had in fact kept their default password, 123456.
"I can easily create a huge traffic problem around the world," says L & M at Motherboard. "I totally control hundreds of thousands of vehicles and, with one touch, I can stop the engines of these cars," says the pirate.
Rest assured, this is fortunately not in his intentions. "My target is the firm, not the customers. Customers are in danger because of the company. They have to make money and do not want to secure their products, "says L & M. The hacker wanted to highlight the gaping security flaws of iTrack and ProTrack. The man obviously asked for a sum of money as a reward. Apparently, only ProTrack would have acceded to his request.