06 September 19, 08:00
(This post was last modified: 06 September 19, 08:00 by harlan4096.)
Quote:Continue Reading
Researchers warn consumers about vulnerabilities affecting nearly 30 models for sale on large online retailers
Avast researchers have discovered serious security vulnerabilities in some 600,000 child trackers for sale on Amazon.com and other large online merchants. The devices expose data sent to the cloud, including the exact real-time GPS coordinates of children.
Twenty-nine models of trackers – made by the Chinese manufacturer, Shenzhen i365 Tech and resold through various brands – showed the vulnerabilities. Avast Threat Labs first analyzed the T8 Mini child tracker and found the companion mobile app is downloaded from an unsecured website, exposing the users’ information. Further security issues involved user account information, which comes with an assigned ID number and default password of 123456. Design flaws in the trackers can also enable third-parties to “spoof” (or fake) the user’s location, or access the microphone for eavesdropping.
Martin Hron, senior researcher at Avast who led this research, advises consumers to opt for an alternative product from a more trustworthy brand that has built security into the product design. As with any off-the-shelf “smart” device, Avast recommends changing the default admin passwords to something more complex. However, in this case, even that would not stop a motivated hacker from intercepting the unencrypted traffic.
...