Last name: Password, First name: Admin - 600k GPS trackers allow online access via `123456` password

[rcmaehl]

Source:

Avast (media source)
ZDNet (Quote Source)

 

Summary:

The default vendor password on a large variety of GPS trackers is set as 123456 and uses and sequential username system based on IMEI.
 

Media:

 

Quotes/Excerpts:

Quote

At least 600,000 GPS trackers...are using the same default password of "123456," security researchers from...Avast disclosed today. Hackers can abuse this password to hijack users' accounts,...spy on conversations,... spoof the tracker's real location, or get the tracker's attached SIM card phone number for tracking. Ossues also impacted over 30 other models of GPS trackers, all manufactured by the same vendor, and some even sold as white-label products, bearing the logos of other companies. All models shared the same backend infrastructure, ...a cloud server..., a web panel where customers logged in via their browsers..., and a similar mobile app, which also connected to the same cloud server. Avast detailed several issues in its report, the biggest was the fact that all user accounts (either from the mobile app or web panel) relied on a user ID and a password that were easy to guess. User IDs were based on the GPS tracker's IMEI...and was sequantial, while the password was the same for all devices -- 123456. During a scan of over four million user IDs, it found that more than 600,000 accounts were still using the default password. In addition, these devices come with microphones and SIM cards so children or elderly members can place SOS calls to authorities or family members. Avast says account hackers can abuse this feature to place a phone call to their own number, answer the call, and then quietly spy on the GPS tracker owner. Shenzhen i365-Tech did not respond to Avast's emails when the company tried to warn the vendor. Similar contact attempts made by ZDNet's sister site CNET didn't succeed either.

 

My Thoughts:
While this doesn't seem to affect most Americans, it does show these are widely used in Europe and Mainland China. It goes to show that a noteable people really don't ever change their default device passwords.

[The King of the Undead]

the anti security apocalypse is upon us! you can tell if you have bean effected because ads will be more enticing!

[Lurick]

2 minutes ago, will4623 said:

the anti security apocalypse is upon us! you can tell if you have bean effected because ads will be more enticing!

Congratulations! You Won!

Click below to access your Privacy Package now!

www.notascamweswear.scams

[The King of the Undead]

Just now, Lurick said:

Congratulations! You Won!

Click below to access your Privacy Package now!

www.notascamweswear.scams

not enticing!

[rcmaehl]

3 minutes ago, Lurick said:

Congratulations! You Won!

Click below to access your Privacy Package now!

www.notascamweswear.scams

Needs more <marquee><blink></blink></marquee>

[Arak Zantara]

As a veteran

As a patriot

As a Texan

As a member of EFF

As a user of Linux

As an explorer of the deep and dark uncharted regions

As a Believer

 

I applaud and support this wonderful piece of writing. 

May I frame it and hang it on my wall?

Between my Katana and my AR15

 

[mr moose]

Amazing! I have the same password on my luggage!!!

 

 

[Belgarathian]

Don't know why the NSA is complaining about not being able to access devices of terrorists. Have they even tried Admin/Admin?

[Trik'Stari]

It's becoming scary how right John McAfee was, concerning digital privacy. At least in his interview on Caravan To Midnight back in 2016.

 

Worth a watch. Yeah there's some conspiracy theory shit in there, but still worth listening to. My favorite bit is:

 

"If every one, knew every thing, about every one else, society would immediately collapse. Beginning with a string of spousal shootings". He also talks about how easy it would be to convince anyone that their spouse was having an affair, based purely on a few points of data.

[mr moose]

51 minutes ago, Trik'Stari said:

It's becoming scary how right John McAfee was, concerning digital privacy. At least in his interview on Caravan To Midnight back in 2016.

 

Worth a watch. Yeah there's some conspiracy theory shit in there, but still worth listening to. My favorite bit is:

 

"If every one, knew every thing, about every one else, society would immediately collapse. Beginning with a string of spousal shootings". He also talks about how easy it would be to convince anyone that their spouse was having an affair, based purely on a few points of data.

I haven't watched it and I am not commenting on that video specifically,  but all conspiracies need to be believed is a hint of truth that can be confirmed.  After that fear means most humans will not be able to ignore the rest.

[williamcll]

Can you be a hacker if you guessed the password correctly?

[Trik'Stari]

53 minutes ago, mr moose said:

I haven't watched it and I am not commenting on that video specifically,  but all conspiracies need to be believed is a hint of truth that can be confirmed.  After that fear means most humans will not be able to ignore the rest.

How many have come true?

 

Years ago, Alex Jones claimed a pedophile ring was running our societies.

 

We now know that to be true.

 

Years before that, Mike Judge made a joke in King of The Hill about the governments and corporations spying on everyone at all times, and we also now know that to be 100% true.

 

How much is it going to take for people to realize that our governments and popular culture have been completely subverted by complete fucking evil?

 

Yes I realize this argument is potentially a logical fallacy (I can't remember the name but basically if A is true, and B is true, then C must be true) but seriously. How far does it have to go before it is no longer a logical fallacy and just becomes truth?

[rcmaehl]

44 minutes ago, williamcll said:

Can you be a hacker if you guessed the password correctly?

Can you be a hacker if you convince/trick someone to give you a password

(answer is yes)

[mr moose]

18 minutes ago, Trik'Stari said:

How many have come true?

As a percentage, probably less than 5%.

18 minutes ago, Trik'Stari said:

Years ago, Alex Jones claimed a pedophile ring was running our societies.

Which pedophile ring is running our societies? 

18 minutes ago, Trik'Stari said:

We now know that to be true.

 

Years before that, Mike Judge made a joke in King of The Hill about the governments and corporations spying on everyone at all times, and we also now know that to be 100% true.

That's hardly a conspiracy,  claiming that to be a conspiracy would be like trying to claim you are clairvoyant because you predicted building a damn would flood upstream.  I.E governments have always been spying, the advent of the internet was just another measure they would take to do it.

 

18 minutes ago, Trik'Stari said:

How much is it going to take for people to realize that our governments and popular culture have been completely subverted by complete fucking evil?

They always were, nothing has changed except the technology used.   This is something the older generations are aware of because they have been around long enough to see it over a few epochs first hand.

18 minutes ago, Trik'Stari said:

Yes I realize this argument is potentially a logical fallacy (I can't remember the name but basically if A is true, and B is true, then C must be true) but seriously. How far does it have to go before it is no longer a logical fallacy and just becomes truth?

It will go as far as people want it to.  For me and all my peers we have gone from predicting 1984 to accepting that the world is not actually changing like we thought it was,  sure bad things happen and crooked governments come and go, but on the whole the world is either getting a little better or it isn't getting worse. 

 

I remember in the 70's and 80's people talking about fuel companies buying and shelving patents and people disappearing when they make new discoveries.  all because we were supposed to run out of oil in 1992.  Whilst I am sure there are a few patents that the fuel companies have tried shelve, there is little evidence it is wide stream and electric cars are still at the bleeding edge of battery tech.  Patents are public access which means if a patent exists for a world changing tech we'd all know about it.

 

 

I guess all I am saying is yes, some conspiracies turn out to be true, but Judge every thing on it's own merits with the information you have at hand, if we have to make assumptions or create new conspiracies to explain the flaws in the last conspiracy then it's just guessing and any resemblance to reality is little more than coincidence because I don't believe in clairvoyance.

 

 

[williamcll]

1 hour ago, rcmaehl said:

Can you be a hacker if you convince/trick someone to give you a password

(answer is yes)

But in this scenario the offender doesn't even need to ask for the password.

[RejZoR]

9 hours ago, will4623 said:

the anti security apocalypse is upon us! you can tell if you have bean effected because ads will be more enticing!

Oh hi there fellow user, your GPS data shows you've been running a lot lately. May we present you this fine selection of Nike running shoes? Click now and learn more!

[TechyBen]

9 hours ago, williamcll said:

Can you be a hacker if you guessed the password correctly?

If I leave the door open, did you break and enter?

[AlTech]

53 minutes ago, TechyBen said:

If I leave the door open, did you break and enter?

Technically no. The most that would be is trespassing. I am not a lawyer. This is not legal advice.  Also this is super off topic.

[TechyBen]

2 minutes ago, AluminiumTech said:

Technically no. The most that would be is trespassing. I am not a lawyer. Also this is super off topic.

Not really OT. Hacking is less and less about hacking. It's all about social manipulation or plain old errors. There still is hacking. But some of the biggest "leaks" have been people using a cloud server and not putting any password access restrictions on it... 2 months later, 2 terabytes of data downloaded.

[Trik'Stari]

9 hours ago, mr moose said:

As a percentage, probably less than 5%.

Which pedophile ring is running our societies? 

That's hardly a conspiracy,  claiming that to be a conspiracy would be like trying to claim you are clairvoyant because you predicted building a damn would flood upstream.  I.E governments have always been spying, the advent of the internet was just another measure they would take to do it.

 

They always were, nothing has changed except the technology used.   This is something the older generations are aware of because they have been around long enough to see it over a few epochs first hand.

It will go as far as people want it to.  For me and all my peers we have gone from predicting 1984 to accepting that the world is not actually changing like we thought it was,  sure bad things happen and crooked governments come and go, but on the whole the world is either getting a little better or it isn't getting worse. 

 

I remember in the 70's and 80's people talking about fuel companies buying and shelving patents and people disappearing when they make new discoveries.  all because we were supposed to run out of oil in 1992.  Whilst I am sure there are a few patents that the fuel companies have tried shelve, there is little evidence it is wide stream and electric cars are still at the bleeding edge of battery tech.  Patents are public access which means if a patent exists for a world changing tech we'd all know about it.

 

 

I guess all I am saying is yes, some conspiracies turn out to be true, but Judge every thing on it's own merits with the information you have at hand, if we have to make assumptions or create new conspiracies to explain the flaws in the last conspiracy then it's just guessing and any resemblance to reality is little more than coincidence because I don't believe in clairvoyance.

 

 

Quick response because I have to go to work: I was not suggesting clairvoyance, I don't believe in that.

 

I was suggesting that people dismiss things as "conspiracy theories" and two big ones have turned out to be true.

 

As for the Pedophile thing, I was referring to the Epstein case.

[The King of the Undead]

4 hours ago, RejZoR said:

Oh hi there fellow user, your GPS data shows you've been running a lot lately. May we present you this fine selection of Nike running shoes? Click now and learn more!

I fooled you! I attached the GPS to a cat! they run all the time!

[RejZoR]

1 hour ago, will4623 said:

I fooled you! I attached the GPS to a cat! they run all the time!

Oh hi there fellow user, your GPS data shows your cat has been running a lot lately. May we present you this fine selection of Nike running shoes for cats? Click now and learn more!

 

You can't fool bi ass corporations. They'll sell you everything :P

[rcmaehl]

Just now, RejZoR said:

You can't fool bi ass corporations.

Did you just assume their sexuality? ^/s

[RejZoR]

It was meant big ass, but missed the G spot and ended up being bi. XD

[The King of the Undead]

5 hours ago, RejZoR said:

Oh hi there fellow user, your GPS data shows your cat has been running a lot lately. May we present you this fine selection of Nike running shoes for cats? Click now and learn more!

 

You can't fool bi ass corporations. They'll sell you everything

he doesn't usually he got chased by a joking dog.