Chinese-made GPS tracker that have no internet connectivity but use a SIM card to connect to a cell network are bought in bulk, rebranded, and resold by a number of companies worldwide.
UK cyber-security experts are calling for an immediate recall of a GPS tracker used as a panic alarm for elderly patients, monitoring children, or tracking vehicles. Cybersecurity firms says the tracker can be hacked and tricked into disclosing its real-time location by anyone sending it a text message with a keyword.
With another command, snoops would have no trouble calling the device and listening remotely to its in-built microphone. To top it off, there is also a command which can kill the cell signal completely from afar.
Cybersecurity experts are claiming that despite the option of protecting the device with a PIN, it’s not enabled by default. To their dismay, they found that the device can be reset remotely without any PIN at all.
While the device itself doesn’t have internet connectivity, it does use a SIM card to connect to a cell network for location tracking. Almost anyone can give the device commands if they know the phone number and send it a text.
This device is marketed as keeping the most vulnerable safe, and yet anybody can locate and listen into thousands of people’s lives without their knowledge,” warns cyber security experts in the UK.
The further explained, in one of their investigations, that while the team have informed manufacturers of the major security flaws, the only way to fix the issue is to recall tens of thousands of units already in use around the world.
There are at least 10,000 in use in the UK alone, according to the security experts. The U.K. just last week announced a proposed new cybersecurity law that would require connected devices to be sold with a unique password, and not a default.