04 Jan Trackmageddon GPS Flaw Leaks User Info
Security researchers have recently identified a bug dubbed “Trackmageddon” that affect a number of GPS and location tracking services. These services collect geolocation data from GPS-enabled devices such as kid or pet trackers.
The researchers, Vangelis Stykas and Michael Gruhn, said that an attacker could use the flaws to collect geolocation data from the users of those services, and even extract data such as GPS coordinates, phone numbers, device data (IMEI, serial number, etc.). Depending on the tracking service and device configuration, Trackmageddon may even be used to access personal data.
The research team said that they had been working for months to reach out to the affected tracking services, but only four had implemented fixes. They added that they had to go public since the services were leaking sensitive personal information.
Source: Bleeping Computer