Trackmageddon: Consequences

Next story

Trackmageddon emerged early in 2018. Should this kind of vulnerability make us question the security of our GPS enabled smart devices?

Trackmageddon was discovered by researchers Vangelis Stykas and Michael Gruhn. The vulnerabilities span 103 online services, which are responsible for millions of devices.

The vulnerability itself could allow hackers to hijack and reveal their owners’ past and current locations.

With the increased level of GPS use with the saturation of smart devices, how concerned should we be about the amount of data relating to our movements?

Mark James, ESET IT Security Specialist, explains why GPS vulnerabilities could lead to both digital and real-world attacks.

“Whilst we like to have everything online and at our fingertips, it does of course have its disadvantages.

“Data like GPS locations along with times could enable an attacker to tailor an attack, digital or physical, with optimum effectiveness.

“This type of information shows a very clear footprint of your every move, something that if exploited could be the difference between a failed or successful attack.

“As usual, it is a case of patching the problems, ensuring the user is protected as soon as possible, changing passwords, and limiting the amount of data that is available will help to limit the damage.

“Sadly, unless the vendor patches their vulnerabilities there is not a lot you can do, you should also ensure you always change any default passwords, it’s one of the easiest routes into your information from attackers.

“Sometimes to protect the user, hands need to be forced. Releasing knowledge on unfixed vulnerabilities should push the vendor to fix the problem and help provide a safer environment for all.

“On the other hand, releasing said information could allow even more innocent users to end up as victims. In an ideal world, they should be released after being fixed.”

Do you allow most apps to have access to your location? Do you ever question why those apps need that permission? Let us know on Twitter @ESETUK.