Safety experts say a popular Chinese-made car tracing device presents a serious risk of cyber attacks.
A cyber attack is an attack against or through a computer network.
The device, made by Shenzen-based MiCODUS, is used by people around the world to protect their vehicles from theft.
A report from US-based cybersecurity firm BitSight has warned that the system has harsh software vulnerabilities.
The problems could allow attackers remotely hijack vehicles using the tracking device, security researchers said. This could give attackers the ability to cut off fuel or take control of the vehicle while it is moving, BitSight said in its report.
The MV720 device costs less than $25, says BitSight. The researchers recently issued a press release urging users of the device to stop using it until a fix for the vulnerabilities is available.
The BitSight report came as a US government agency issued a official notice which also described the vulnerabilities of the device.
BitSight told The Associated Press that it had been trying since September to contact MiCODUS representatives to discuss the security risks it had identified. He said those attempts were unsuccessful. BitSight said that the US agency investigating the device, the Cybersecurity and Infrastructure Security Agency (CISA), joined its efforts to reach out to MiCODUS in April.
The Associated Press emailed MiCODUS about the matter but reported that it did not receive a response.
CISA said in a statement that it was not aware of “any exploitationβ of the vulnerabilities.
GPS trackers are used around the world to track groups of vehicles, from trucks to school buses to military vehicles. The devices also act as security to prevent vehicles from being lost or stolen.
In addition to collecting vehicle tracking data, many devices are also equipped to examine other information about vehicle and driver actions. This information could include driver behavior and fuel usage. Many of the devices can control a vehicle’s fuel or interlock systems and more.
Using the MV720 device, BitSight said, a cyber attacker could remotely cut the fuel line of a moving vehicle. An attacker could also see where a vehicle is in real time for spying purposes, said BitSight researcher Pedro Umbelino.
One of the main vulnerabilities of the device is that it comes with a flaw password that more than 90 percent of users don’t change, BitSight found. He also discovered security weaknesses in the software that the web server uses to control devices over the Internet.
MiCODUS claims that around 1.5 million devices are being used by 420,000 customers.
BitSight said its investigation found that the clients included a major energy company and an aerospace company and national militaries in South America and Eastern Europe. Others included a nuclear power plant operator and a national law enforcement agency in Western Europe. BitSight did not name either company. The countries with the most users include Brazil, Mexico, Spain, and Russia.
Richard Clarke is a former top US cybersecurity official. He told the AP that while he doesn’t believe the device was designed to be “used malevolently by the Chinese government,β that remains a possibility.
Clarke said the threat is real because Chinese companies are required by law to follow orders from their government. βYou wonder, how often are we going to find these things that are infrastructure – when there is potential for the abuse of Chinese, and users do not know? Clarke said.
I’m Bryan Lynn.
Associated Press reported this story. Bryan Lynn adapted the report for VOA Learning English.
__________________________________________________________
words in this story
clue β v. to record the development progress of something
vulnerable β adj. capable of being harmed or at risk of being harmed
remotely βadv. from afar
blowβ v. use or develop something for one’s own benefit
flawβ adj. what usually exists if no changes are made
client β north. someone who buys goods and services from a company
malicious β adj. intended to hurt or annoy someone
infrastructure β north. the basic equipment and structures (such as roads and bridges) needed for a country or area
potential β north. a possibility when the necessary conditions exist
_____________________________________________________________
What do you think about this story? We want to hear from you. We have a new feedback system. Is that how it works:
- 1. Write your comment in the box.
- 2. Below the box, you can see four images for social media accounts. They are for Disqus, Facebook, Twitter and Google.
- 3. Click on an image and a box will appear. Enter the login for your social media account. Or you can create one on the Disqus system. It’s the blue circle with a “D” in it. It’s free.
Every time you come back to comment on the Learning English site, you can use your account and see your comments and responses to them. Our comment policy is here.