The navigation applications, iTrack and Protrack GPS tracking system usually come with the default password ‘123456‘ which most users don’t bother to change, and coupled with some inbuilt functions, allowing hackers to remotely kill automobile engines with just a flick of a button.

While the proof-of-concept exploit released by a group known as L&M involve only the weak default passwords and the inbuilt function integrated by the developers.

The group got access to the username, phone number, e-mail and other personal information, which as confirmed by the manufacturer of the hardware, the automobile engines can be switched off remotely using the GPS.

According to L&M, they created an opportunity window waiting to be exploited, and tested both of the navigation apps using the default password ‘123456’ to see if there's any security changes made in the hardware. And there was no forewarning to inform the user that the password is weak and can easily be exploited in the iTrack app, but the ProTrack App was immediately able to inform user that the password is weak and therefore, the security was at risk.

The hacking group were able to replicate this exploit in several countries like South Africa, India, and Philippines, among others. Though the car GPS hack has actually been possible since 2015 with the instances of digital hacking of cars first reported, but the trend is expected to rise in 2019.

Albeit, the ProTrack and iTrack hardware makers, iTryBand Technology and SEEWORLD respectively, which are both based in China, are believed to have bundled the possibility of turning off car’s engine as an inbuilt function in the hardware themselves.

How iTrack and Protrack navigation apps can be exploited to kill the automobile engine



The navigation applications, iTrack and Protrack GPS tracking system usually come with the default password ‘123456‘ which most users don’t bother to change, and coupled with some inbuilt functions, allowing hackers to remotely kill automobile engines with just a flick of a button.

While the proof-of-concept exploit released by a group known as L&M involve only the weak default passwords and the inbuilt function integrated by the developers.

The group got access to the username, phone number, e-mail and other personal information, which as confirmed by the manufacturer of the hardware, the automobile engines can be switched off remotely using the GPS.

According to L&M, they created an opportunity window waiting to be exploited, and tested both of the navigation apps using the default password ‘123456’ to see if there's any security changes made in the hardware. And there was no forewarning to inform the user that the password is weak and can easily be exploited in the iTrack app, but the ProTrack App was immediately able to inform user that the password is weak and therefore, the security was at risk.

The hacking group were able to replicate this exploit in several countries like South Africa, India, and Philippines, among others. Though the car GPS hack has actually been possible since 2015 with the instances of digital hacking of cars first reported, but the trend is expected to rise in 2019.

Albeit, the ProTrack and iTrack hardware makers, iTryBand Technology and SEEWORLD respectively, which are both based in China, are believed to have bundled the possibility of turning off car’s engine as an inbuilt function in the hardware themselves.

No comments