BOSTON – Severe software vulnerabilities detected in a popular Chinese-made GPS tracker are capable of wreaking havoc on vehicle drivers, strained supply chains and even national security, according to new research.
According to research at Boston-based BitSight Technologies, an estimated 1.5 million Micodus MV720 trackers are currently in use across more than 160 countries, Bloomberg reported.
The six weaknesses detected by BitSight could allow hackers to disrupt vehicle operation, cut off fuel supplies and “surveil drivers’ movements,” while also creating a “high risk” of personal injury, vehicle disablement and supply-chain disruption, the news outlet reported.
According to TechCrunch, Shenzhen-based Micodus estimates 420,000 global customers for the MV720 trackers, including companies with vehicle fleets, law enforcement agencies, militaries and national governments.
BitSight said in its report that it also found the GPS trackers were used by Fortune 50 companies and a nuclear power plant operator, the technology-centric news outlet reported.
Pedro Umbelino, principal security researcher at BitSight who authored the report seen by TechCrunch before its publication, said the vulnerabilities are “not difficult to exploit,” and that the nature of the flaws leaves “significant questions about the vulnerability of other models,” suggesting that the Micodus MV720 trackers may not be the only ones compromised.
According to Bloomberg, the U.S. Department of Homeland Security issued several warnings Tuesday about the flaws.
Eric Goldstein, executive assistant director for the Cybersecurity Infrastructure Security Agency, a division of DHS, said in a prepared statement that the agency is not aware of any active exploitation of the vulnerabilities BitSight identified.
Goldstein also stated that the agency encouraged specialists such as product integrators to “implement mitigation measures,” Bloomberg reported.