Parents who rely on GPS trackers for keeping their children safe might need to reevaluate their decision. We say this because new research carried out by Avast – the Czech security firm – has unveiled some severe security concerns with a plethora of these devices that have been designed to track children.
Avast said in a blog post that researchers were able to ascertain that about 600,000 child GPS trackers that are being sold on Amazon and other online retailers are exposing the data that is being sent to the cloud. What does that mean? It means that the precise real-time GPS coordinate of children might end up in the wrong hands.
As per Avast, 29 models that are being sold by Shenzhen i365 – a Chinese manufacturer – and resold under different brand names have the mentioned vulnerabilities. Avast Threat Lab was able to find that the companion mobile app can be downloaded from a website that is not secure. This poses a risk of exposing the information of users. The user accounts have the default password, 123456, thus making it quite easy for hackers to hack the accounts. The devices are designed so that third parties can not only fake the location of the user but also gain access to the microphone.
Martin Hron is the senior researcher at Avast who was leading this research, and said, ‘We have done our due diligence in disclosing these vulnerabilities to the manufacturer, but since we have not heard back after the standard window of time, we are now issuing this Public Service Announcement to consumers and strongly advise you to discontinue use of these devices.’ Hron said that the customers should only purchase a GPS tracking device from the brand that they trust has taken out the time to focus on security in the product design. As per Avast, the manufacturer has been informed about the flaws since June 24.
He further advises that customers should change the password to something more challenging than 123456 as soon as they purchase such a smart device. However, it won’t help the users prevent the hacker from gaining access to the unencrypted traffic that is making its way to the server. Next time you are out buying a GPS tracker for your children, make sure that you are buying the one that focuses on security.
