Thursday, November 20, 2014

GPS Tracker Vulnerability

During some research this week we tested several GPS trackers that offer bluetooth and we made an interesting discovery. All of the GPS trackers utilize AT&T or T-Mobile for the service side reporting of location data so they can be tracked remotely. Upon testing some of the devices with Kali Linux and a bluetooth dongle we were able to pull the GPS position off of the bluetooth side of the devices with passcode "1234" as the pairing key.

While this is not really an issue for these devices it should be noted that using the bluetooth chipset on the devices you can verify if the device is nearby and some even allowed outbound voice calls from the GPS sim card telephone number. Also when text we were able to get some of them to reply with the GPS location of the device.

Just letting you know, if you use GPS trackers make sure you disable the bluetooth if the device supports it!

No comments:

Post a Comment