Hacker broke out Android application for GPS-monitoring and took control over several thousands of cars

Journalists from Vice Motherboard told that hacker, known as L&엠, reported them about a crash of nearly 30 000 accounts in two Android-applications for GPS-monitoring: iTrack (7000 accounts) and ProTrack (20 000 accounts).

에이s a result, hacker got not only access to information about cars’ location, but also opportunity to control their functions. 예를 들면, he could turn off engines in some cars remotely, in case if car was moving less than 20 km/h.

Applications with GPS tracking devices are widely spread in many countries. 예를 들면, 엘&M compromised accounts in South America, Morocco, India and Philippines.

At L&M disposal were names and models of GPS-devices, their unique IDs (IMEIs, to be precise), full names, 전화 번호, email – and mailing-addresses. 하나, hacker confessed that full information was available not about all users.

Hacked cars in Morocco
A screenshot of the hacked account of a user
Journalists from Vice Motherboard checked L&M words, as connected with representatives of some of crushed accounts, the latter confirmed presented by hacker information.

«My target was the company, not the customers. Customers are at risk because of the company. They need to make money, and don’t want to secure their customers», — L&M told Motherboard in an online chat.

Hacker also noted that with the access he got, he could create major problems on roads worldwide. The fact is that L&M could not only trace users but also remotely drive some of their cars. He says there were several thousands of such cars.

iTryBrand Technology developed ProTrack application while for the creation of iTrack is responsible other Chinese firm, SEEWORLD. Both companies also sale hardware solutions and have cloud platforms through which their products can directly manage both users and retailers. 엘&M argues that hacked accounts of such retailers.

엘&M says that he has already connected with ProTrack representatives and asked for the revenue for information about the vulnerability. He demonstrated journalists screenshots of messaging where develops try to reduce the price and ask questions:

“If we pay you, you will give us the tool and will not hack our account again? How can we make sure about this? Sorry for too many questions, this is the first time we meet this disaster.”

Finally L&M concludes that says he got what he wanted:

“They warned after my attack [sic], and that was a success for me. To force them take care about security,” L&M said. “They know now that their customers at risk, So they focused on how to secure their service, a little bit.”

출처: https://motherboard.vice.com

트로이 킬러 소개

메모리 스틱에 트로이 킬러 휴대용 운반. 당신은 당신이 어디를 가든 당신의 PC가 어떤 사이버 위협에 저항 도울 수 있는지 확인하십시오.

또한 확인

Heroku가 클라우드 플랫폼에 MageCart

연구진은 여러 MageCart 웹 스키머에 Heroku가 클라우드 플랫폼 발견

Malwarebytes 연구원은 Heroku가 클라우드 플랫폼에서 여러 MageCart 웹 스키머를 찾는 것에 대해보고 …

안드로이드 스파이웨어 CallerSpy

안드로이드 채팅 응용 프로그램으로 CallerSpy 스파이웨어 마스크

트렌드 마이크로의 전문가들은 악성 코드 CallerSpy 발견, 안드로이드 채팅 응용 프로그램으로하는 마스크와, …

회신을 남겨주