- The atonement of an alt-right troll Today 9:25 AM
- #StopTheBans protests draw thousands across the country in support of abortion rights Today 9:24 AM
- North Korea is using Trump’s low IQ attack on Joe Biden Today 9:14 AM
- How to watch ‘Kidding’ for free Today 8:00 AM
- What’s the deal with Bran Stark at the end of ‘Game of Thrones’? Today 6:30 AM
- How to watch TruTV online for free Today 6:00 AM
- Fans call out Madonna for edited Eurovision video Tuesday 9:36 PM
- Partnered Twitch streamer temporarily banned for airing troll’s racist message Tuesday 8:45 PM
- Reddit theory says fans are wrong about who won ‘Game of Thrones’ Tuesday 6:52 PM
- Elon Musk hires ‘absolute unit’ sheep meme creator to be Tesla’s social media manager Tuesday 6:12 PM
- Jason Momoa stands by his Khaleesi after the ‘Game of Thrones’ finale Tuesday 4:05 PM
- Airbnb, 23andMe partner for creepy heritage travel recommendations Tuesday 3:26 PM
- Rep. Katie Porter goes viral again for trouncing Ben Carson (updated) Tuesday 3:26 PM
- This deepfake takes Bill Hader’s Schwarzenegger impression to the next level Tuesday 2:58 PM
- Wanda Sykes rails against Trump and offers much-needed perspective in ‘Not Normal’ Tuesday 2:41 PM
Gemma Longman/Wikimedia (CC-BY)
A hacker who breached two major GPS tracker apps says he was able to monitor countless vehicles and shut off their engines remotely, Motherboard reports.
Known as L&M, the hacker stated that he was able to access “more than 7,000 iTrack accounts and more than 20,000 ProTrack accounts” after discovering that both apps used “123456” as a default password for customer accounts.
Upon accessing the accounts, the hacker says he collected a wide range of information, including “usernames, real names, phone numbers, email addresses, and physical addresses.”
The hacker says he was able to monitor customers in numerous countries including India, the Philippines, Morocco, and South Africa.
L&M stresses that he did not disable any vehicles, but he would have been able to turn off the engines of countless cars that were either stopped or traveling 12 miles per hour or slower.
“I can absolutely make a big traffic problem all over the world,” the hacker told Motherboard. “I have fully [sic] control hundred of thousands of vehicles, and by one touch, I can stop these vehicles engines.”
A representative for GPS company Concox confirmed to Motherboard that the ability to shut down an engine is embedded into both apps, seemingly confirming that such an attack could be possible.
When contacted for comment, ProTrack denied to Motherboard that any breach had taken place but admitted that it recently asked users to change their passwords.
“Our system is working very well and change password is normal way for account security like other systems, any problem?” a ProTrack representative said. “What’s more, why you contact our customers for this thing which make them to receive this kind of boring mail. Why hacker contact you?”
While L&M says he did ask to be compensated for discovering the issue, it is unclear whether ProTrack agreed to his demands.
The hacker describes the incident as a “success” given that customers were told to change their insecure passwords.
“They warned after my attack [sic], and that was a success for me. To force them take care about security,” L&M said. “They know now that their customers at risk, So they focused on how to secure their service, a little bit.”
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.