it’s a clone of another, pricier product), but I looked up all the information I could get my hands on and made the purchase more or less informed. I’ve purchased a low-cost GPS tracker clone as well (i.e. I agree that for most users this will be the case. and the owner/user of the tracker doesn’t change the IP+port combination used by the tracker to report to.the attacker is the first to register the account of the tracker.Through the account, an attacker can make the tracker send an SMS to a phone number of a phone in his possession which allows him to tie the ID of a tracker with its phone number. However, if the user doesn’t put the number of the SIM card of their tracker into the account, an attacker (seeing only the account) won’t know it. Why go to the trouble of keeping track of the registered units and only allow in through the web interface the ones belonging to their own products? It’s more work/cost, than just letting any registration in. Chinese companies are all about cost-efficiency. I guess you can register a device with non-existing IMEI (or with an IMEI from a different manufacturer) too. The tracker service merely accepts all sorts of deviceID’s during the registration/signup phase. There’s no need for the manufacturer to pre-register or activate an account for every device. I think they are wrong or maybe just the phrasing of the sentence was not quite right. It seems that every device’s account is active from the time the device is manufactured, so an attacker can lock-out the user out of the account even before he buys his tracker just based on the IMEI number because you can change the password of an account which belongs to a device that has not been used yet. I’m guessing that after or during their investigation into this unit they might have found Traccar and their followup article will involve a more thorough estimation of the affected device count, including devices with all sorts of protocols from the Traccar project. The referenced Avast post included one of the major protocol families from this set. The project includes support for 195 different protocols (or at least protocol variants) based on it’s master branch at this moment, and 1048 device models as documented on it’s website (or at least the table on the Devices page has these many rows). It’s development started several years ago, the GitHub repo’s first release (which was already v2.0) dates back to 2013. This is an oss GPS tracker backend (with a web UI in the second repo link). □Īvast should have done a bit of “googling” before they started to reverse engineer a randomly selected device from China. The text/title of the link was “Yahoo Customer Service” and not “Yahoo Costumer Service”. Message by John Corner does not redirect to Yahoo Costumer Service…
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |