Security researchers have warned that security vulnerabilities that exist in popular GPS tracker MiCODUS MV720 can be hacked by threat actors, presenting a serious security risk. The flaw could be leveraged to track vehicle fleets by critical infrastructure, governments, and emergency services around the world. In addition, serious cases could result in the threat actor achieving control of the vehicle. Security researchers at BitSight released a detailed report that outlines the severity of the vulnerabilities and its potentially devastating effects.
According to BitSight, the severity of the vulnerabilities and their impact on vehicles means that the tracking devices should not be used until a security update is released and made available to users. There are as many as 1.5 million MiCODUS devices in use spanning 169 different countries. The Cybersecurity and Infrastructure Security Agency also issued an alert regarding the vulnerabilities, stating that they could have a range of consequences such as surveillance, access to vehicle fuel supplies, and loss of vehicle control. CISA and BitSight both reported that they made repeated attempts to contact MiCODUS about a patch for the security issues.