Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
A weak password opened access to confidential data.
The hacker broke into the company's internal tool Trackimo and gained access to the user's movement history. Trackimo sells GPS trackers that are used to track family members, pets, cars, and valuable property.
Hacker "maia arson crimew" said that he managed to get into the internal support system of Trackimo after he found an email with the password to the diagnostic tool Trackimo Troubleshooter. Using the tool, the hacker was able to track not only his own device, but also the devices of other users. According to maia, the system was vulnerable because of a simple password that was easy to guess.
The Trackimo Troubleshooter tool allows you to display recent device locations in an interface similar to Google Maps. The data is based on GSM, WiFi, and GPS signals received from the device. The toolbar also shows information about the device owner, including their email address, name, and phone number. Diagnostic data is also provided, such as the number of unintentional reboots of the device and cases when the battery is low.
Trackimo Troubleshooter interface that displays information about the tracker
In its hacking report, maia detailed how it gained access to Trackimo's systems. The hacker bought a Trackimo device for $10, paid for a subscription, and began studying the company's web interface. In the process, encrypted usernames and passwords embedded in the Trackimo mobile app were discovered.
GPS Tracker: A magnet for attaching to vehicles, crates, etc., a clip for attaching to your belt or clothing, a silicone case to protect against drops and splashes, and just a cord.
While analyzing Trackimo support emails, maia found another password that allowed you to log in to Trackimo Troubleshooter. The tool opened access to almost all data of any device, just by its ID.
Trackimo said that the hacker no longer has access to their systems, passwords have been changed, and the Trackimo Troubleshooter tool has been disabled. However, maia claims that with the help of the tool, he was able to get data on several devices, in addition to the one he bought. These devices may have been linked to police investigations that used Trackimo devices or data. However, Trackimo claims that the hacker did not gain access to the data of other devices.
Maia stressed that it informed Trackimo about all the identified vulnerabilities, and the company fixed the problems.
Source
The hacker broke into the company's internal tool Trackimo and gained access to the user's movement history. Trackimo sells GPS trackers that are used to track family members, pets, cars, and valuable property.
Hacker "maia arson crimew" said that he managed to get into the internal support system of Trackimo after he found an email with the password to the diagnostic tool Trackimo Troubleshooter. Using the tool, the hacker was able to track not only his own device, but also the devices of other users. According to maia, the system was vulnerable because of a simple password that was easy to guess.
The Trackimo Troubleshooter tool allows you to display recent device locations in an interface similar to Google Maps. The data is based on GSM, WiFi, and GPS signals received from the device. The toolbar also shows information about the device owner, including their email address, name, and phone number. Diagnostic data is also provided, such as the number of unintentional reboots of the device and cases when the battery is low.
Trackimo Troubleshooter interface that displays information about the tracker
In its hacking report, maia detailed how it gained access to Trackimo's systems. The hacker bought a Trackimo device for $10, paid for a subscription, and began studying the company's web interface. In the process, encrypted usernames and passwords embedded in the Trackimo mobile app were discovered.
GPS Tracker: A magnet for attaching to vehicles, crates, etc., a clip for attaching to your belt or clothing, a silicone case to protect against drops and splashes, and just a cord.
While analyzing Trackimo support emails, maia found another password that allowed you to log in to Trackimo Troubleshooter. The tool opened access to almost all data of any device, just by its ID.
Trackimo said that the hacker no longer has access to their systems, passwords have been changed, and the Trackimo Troubleshooter tool has been disabled. However, maia claims that with the help of the tool, he was able to get data on several devices, in addition to the one he bought. These devices may have been linked to police investigations that used Trackimo devices or data. However, Trackimo claims that the hacker did not gain access to the data of other devices.
Maia stressed that it informed Trackimo about all the identified vulnerabilities, and the company fixed the problems.
Source
