Purchasing News Hubb
Advertisement
  • Home
  • Procurement
  • Supply Chain
  • Contact us
No Result
View All Result
  • Home
  • Procurement
  • Supply Chain
  • Contact us
No Result
View All Result
Purchasing News Hubb
No Result
View All Result
Home Supply Chain

Cybersecurity experts sound alarm on popular GPS tracker

admin by admin
August 4, 2022
in Supply Chain


With GPS now a ubiquitous part of the digital society, the act of navigation or tracking has never been easier. Location-based apps know where you are and (inevitably) what you are doing, but a widely-available vehicle tracker that retails for $20 could cause significant disruption to the supply chain.

A recent report by cybersecurity firm BitSight found at least six severe vulnerabilities in the MiCODUS MV720 tracker, with the analyst identifying a number of organizations that utilize the device as part of their ongoing business operations. According to the authors of the report, the tracker can be hacked with relative ease and could result in “loss of life, supply chain disruption, unlawful data tracking, data breach, and more.”

BitSight’s research uncovered a variety of potential access points in the MV720, all of which had the potential to allow man-in-the-middle attacks, authentication bypass and persistent (or invisible) monitoring. Exploitation of any identified vulnerabilities would allow, the report said, a malicious actor to carry out a range of activities, including but not limited to vehicle disablement, deployment of ransomware and disruption to movement within a commercial infrastructure. 

Identify risk, limit exposure
There are reportedly 1.5 million devices currently in use, and the tracker Is used by both the private and public sector. Cyberattacks are an accepted part of the digital ecosystem, but there has been an increased focus on infrastructure by the black hat community in recent years.

Commenting on BitSight’s findings, Richard Clarke (a national security expert and former presidential advisor on cybersecurity) said:

“With the fast growth in adoption of mobile devices and the desire for our society to be more connected, it is easy to overlook the fact that GPS tracking devices such as these can greatly increase cyber risk if they are not built with security in mind. BitSight’s research findings highlight how having secure IOT infrastructure is even more critical when these vulnerabilities can easily be exploited to impact our personal safety and national security, and lead to extreme outcomes such as large-scale fleet management interruption and even loss of life.”

Hackers might be after more than your locationHackers might be after more than your location

It is also worth noting that the U.S. Cybersecurity and Infrastructure Agency (CISA) also flagged up the vulnerabilities in the MV720, with the agency recommending a number of strategies to mitigate the potential for exposure.

The full findings of the report can be found here, but (at the time of writing) the manufacturer – China-based MiCODUS – has not released any patches or updates to fix the identified vulnerabilities. In the meantime, BitSight and CISA recommend that concerned users protect themselves (and their data) by taking defensive measures such as device disablement or discontinuation.

“The MiCODUS MV720 will not be the final device discovered to have critical vulnerabilities capable of threatening business operations, human safety, national security, and more” BitSight said. “The next critical vulnerability could be discovered in another GPS tracker, medical sensor, smart fire alarm, or other IOT device. [We] urge organizations to make every effort to preempt the next critical vulnerability by managing their adoption, and third party adoption, of IOT devices.”





Source link

Tags: Cybersecurity experts sound alarm on popular GPS trackerThe Strategic SourcerorThe Strategic Sourceror: Cybersecurity experts sound alarm on popular GPS tracker
Previous Post

AP automation head-to-head technology evaluation

Next Post

NHS Social Value Procurement Changes from 1 April 2022

Next Post

NHS Social Value Procurement Changes from 1 April 2022

Recommended

Savings Target Management – An essential guide for procurement savings

August 6, 2022

Look at your procurement processes to create social change – The Ākina Foundation

November 20, 2022

Don't miss it

Supply Chain

Three supply chain risks that will hurt your bottom line in 2023

March 29, 2023
Procurement

Procurement Heads Awarded Kaleida Gold Seal

March 29, 2023
Supply Chain

Vendor Analysis — Supplier data management solution overview

March 28, 2023
Procurement

Procurement Leadership Blogs : Procurement Recruitment Blogs

March 28, 2023
Supply Chain

Vendor Analysis — Payment terms analytics solution overview

March 25, 2023
Supply Chain

SRM needs a CRM makeover in major procurement systems

March 24, 2023

© Purchasing News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • Procurement
  • Supply Chain
  • Contact us

Newsletter Sign Up

No Result
View All Result
  • Home
  • Procurement
  • Supply Chain
  • Contact us

© 2022 Purchasing News Hubb All rights reserved.

Our Spring Sale Has Started

You can see how this popup was set up in our step-by-step guide: https://wppopupmaker.com/guides/auto-opening-announcement-popups/