Navigation
Search
|
Researcher Prints 'PWNED!' On Hundreds of GPS Watches' Maps Due To Unfixed API
Wednesday April 3, 2019. 03:00 PM , from Slashdot
An anonymous reader quotes a report from ZDNet: A German security researcher has printed the word 'PWNED!' on the tracking maps of hundreds of GPS watches after the watch vendor ignored vulnerability reports for more than a year, leaving thousands of GPS-tracking watches --some of which are used by children and the elderly-- open to attackers. Speaking at the Troopers 2019 security conference that was held in Heidelberg, Germany, at the end of March, security researcher Christopher Bleckmann-Dreher presented a series of vulnerabilities impacting over 20 models of GPS watches manufactured by Austrian company Vidimensio. The watch models all share a common backend API, which works as an intermediary and storage point between the GPS watches and associated mobile apps.
Back in December 2017, Dreher discovered flaws in the mechanism through which the GPS watches communicate with this backend API server. Dreher's new warning comes as the number vulnerable Vidimensio GPS watches grew ten times since December 2017, despite the warning from German authorities to destroy and stop using children smartwatches with intrusive tracking and eavesdropping capabilities. According to the researcher, the number has grown from around 700 to 7,000, of which 3,000 have been active in the past month. To raise awareness to these still-unpatched devices, Dreher told ZDNet that he has now turned to an unconventional strategy. The researcher has been using one of the security flaws he discovered to insert fake GPS coordinates in people's location history. The researcher designed these fake GPS coordinates to look like the word 'PWNED!' when displayed on the location history section map --displayed inside the mobile apps and the watches' web dashboard. Read more of this story at Slashdot.
rss.slashdot.org/~r/Slashdot/slashdot/~3/c1pkjramokg/researcher-prints-pwned-on-hundreds-of-gps-watc...
|
25 sources
Current Date
Nov, Sat 23 - 01:22 CET
|