Hacker brød ud Android ansøgning om GPS-overvågning og tog kontrol over flere tusinde biler

Journalister fra Vice Bundkort vide, at hacker, kendt som L&M, rapporteret dem om et nedbrud på næsten 30 000 konti i to Android-applikationer til GPS-overvågning: iTrack (7000 konti) og ProTrack (20 000 konti).

ENs a result, hacker fik ikke kun adgang til oplysninger om biler placering, men også mulighed for at styre deres funktioner. For eksempel, han kunne slukke motorerne in some cars remotely, in case if car was moving less than 20 km/h.

Applications with GPS tracking devices are widely spread in many countries. For eksempel, L&M compromised accounts in South America, Morocco, India and Philippines.

At L&M disposal were names and models of GPS-devices, their unique IDs (IMEIs, to be precise), full names, phone numbers, email – and mailing-addresses. imidlertid, hacker confessed that full information was available not about all users.

Hacked cars in Morocco
A screenshot of the hacked account of a user
Journalists from Vice Motherboard checked L&M words, as connected with representatives of some of crushed accounts, the latter confirmed presented by hacker information.

«My target was the company, not the customers. Customers are at risk because of the company. They need to make money, and don’t want to secure their customers», — L&M told Motherboard in an online chat.

Hacker also noted that with the access he got, he could create major problems on roads worldwide. The fact is that L&M could not only trace users but also remotely drive some of their cars. He says there were several thousands of such cars.

iTryBrand Technology developed ProTrack application while for the creation of iTrack is responsible other Chinese firm, SEEWORLD. Both companies also sale hardware solutions and have cloud platforms through which their products can directly manage both users and retailers. L&M argues that hacked accounts of such retailers.

L&M says that he has already connected with ProTrack representatives and asked for the revenue for information about the vulnerability. He demonstrated journalists screenshots of messaging where develops try to reduce the price and ask questions:

“If we pay you, you will give us the tool and will not hack our account again? How can we make sure about this? Sorry for too many questions, this is the first time we meet this disaster.”

Finally L&M concludes that says he got what he wanted:

“They warned after my attack [sic], and that was a success for me. To force them take care about security,” L&M said. “They know now that their customers at risk, So they focused on how to secure their service, a little bit.”

Kilde: https://motherboard.vice.com

Om Trojan Killer

Carry Trojan Killer Portable på din memory stick. Vær sikker på, at du er i stand til at hjælpe din pc modstå eventuelle cyber trusler, hvor du går.

Tjek også

MageCart på Heroku Cloud Platform

Forskere har fundet flere MageCart Web Forplove On Heroku Cloud Platform

Forskere ved Malwarebytes rapporteret om at finde flere MageCart web skummere på Heroku cloud-platform …

Android Spyware CallerSpy

CallerSpy spyware masker som en Android chat applikation

Trend Micro eksperter opdagede malware CallerSpy, hvilke masker som en Android chat program og, …

Skriv et svar