A GPS hack present in navigation apps iTrack and Protrack makes it possible to remotely kill your car engines with the flick of a button.
The hacker goes by the name of L&M and he is only using this exploit to show vulnerabilities in car security systems. He has no intention of causing any real-world harm.
GPS Hack: How It’s Done
According to L&M, the exploit in these apps mainly involve weak default passwords and an inbuilt function integrated by the manufacturers.
Most of these GPS tracking apps come with the default password ‘123456‘ and most of the time users don’t change them. Upon realizing this, the Hacker force fed millions of usernames into the log-in system while keeping the password as ‘123456’.
He was able to successfully break into a number of accounts with ease and received full information about the user’s location.
In some cases, the hacker received access to the user’s name, e-mail, phone number, physical home address and a lot more.
According to a leaked screenshot and confirmation from Concox, whose hardware is used by Protrack and iTrack, the car’s engine can be switched off remotely. If the car is running at 20km/h (12 miles/hr) or if it is standing still in traffic, its engine can be switched off easily using this GPS hack.
The hacker was able to use this exploit in several countries including India, Philippines, South Africa, etc.
What Is The Vulnerability?
The hardware used in ProTrack is made by a company in China named iTryBand Technology, while iTrack is made by SEEWORLD, which is also based in China. It is expected that the ability to turn off the car’s engine is inbuilt in hardware by the manufacturers themselves. Furthermore, the apps don’t inform their users about their weak passwords when they log in.
It creates an opportunity window which is waiting to be exploited. However, we tested both of these apps ourselves using the ‘123456’ as the password to see if any security changes have been made.
In the iTrack app, there was no warning telling us that our password is weak or can be exploited. On the other hand, in the ProTrack App, we were immediately informed that our password is at risk.
Car hacking and stealing is on the rise in 2019. A group of hackers recently stole 100 luxury cars from the car rental service Car2Go in which 21 people were charged.
It still doesn’t make sense how 21 people stole 100 cars, but the car GPS hack has come a long way since 2015 when instances of digital car hacking first surfaced. Very soon, with no driver behind the wheel, the police and the authorities would need to update their laws to deal with these crimes.