GPS trackers can be incredibly handy devices, allowing people to keep up with kids, elderly patients, and more. However, security researchers found flaws in one popular GPS tracker.
In a blog post published by U.K. cybersecurity firm Fidus Information Security, researchers said they identified issues with an “extremely common” Alarm & GPS device used by “vulnerable people around the world.”
None of the devices are connected to the internet. However, they can be accessed remotely. By simply knowing a phone number, researchers could gain a whole lot of information.
That included live GPS data, calling the device and having that call automatically answered, disabling GPRS to render it useful, powering the device off completely, and more.
Those are all alarming in terms of safety, especially for a device that is being used by vulnerable people.
“This device is marketed at keeping the most vulnerable safe and yet anybody can locate and listen into thousands of people’s lives without their knowledge,” Fidus’ Andrew Mabbitt told TechCrunch. “This day and age, everything is connected one way or another and we seem to be leaving security behind; this isn’t going to end well.”
The device itself is manufactured in China, but researchers say it seems to be purchased in bulk and then rebranded by various providers. So far, researchers have found it rebranded with Pebbell by HoIP Telecom, OwnFone Footprint, and SureSafeGo, and more.
“Fixing this broken security would be trivial,” researchers wrote. “Any local authorities that are supplying these devices or employers who are using them to keep their workforce safe should be aware of the privacy and security problems and should probably switch to another device with security built from the ground up.”
Currently, there are 10,000 of these devices in the United Kingdom alone. It’s unclear how many are used across the world.