600,000 GPS trackers are threatened by their password

Used by default on hundreds of thousands of GPS boxes, the password “123456” can be exploited by hackers. The dangers are many, according to Avast who made the discovery.

Simple passwords are the cause of many hackers of email boxes or accounts on social networks, and they do not spare manufacturers of hardware. Thus Avast, the famous editor of antivirus, found that i365-Tech, manufacturer of GPS trackers, using the same password “123456” for all its products.

In total, this would represent 600,000 devices in the trade. Hackers could use this password to gain control because the manufacturer uses the cloud and a mobile application to communicate the tracker with its user.

The signal between the tracker and the telephony operator is then sent to the cloud.  With the password, the hacker takes control over the entire chain of trade.  © Avast

A flaw not yet corrected

A tracker is a small box with a GPS chip; it allows us to monitor children, elderly or even a car. It can be placed anywhere, and in case of a problem, the person presses a button that allows reporting its location, remotely  via SMS. In this case, by hacking the password, hackers could very well spy on individuals in their daily lives, or even take control by changing the password.

What Avast also discovered is that this ”  flaw  ” was also present on dozens of other models, designed by the same manufacturer, but sold under other brands. Another problem identified: hackers can get the phone number linked to the SIM card of the tracker. Contacted by Avast following this discovery, the Chinese manufacturer has not yet responded or alerted the owners of these small boxes that cost only a few tens of euros.