600,000 GPS trackers for people and pets are using 123456 as a password
Security researchers with Avast have discovered a range of critical flaws affecting around 600,000 GPS trackers designed for monitoring the location of children, seniors, and pets. The flaws include the presence of the same default password (123456) in all devices and the insecure transmission of data in plaintext.
The vulnerabilities impact close to 30 different tracking devices produced by Shenzhen i365 Tech, some of which include a camera and/or microphone. The use of these devices to secretly keep tabs on children or (grand)parents not only raises ethical questions, but it can also enable threat actors to carry out various attacks including eavesdropping, spying, and location spoofing.