Internet of Things: a new stealthy GPS tracker?



Can Internet of Things (IoT) be exploited for tracking? Security researchers just recently have shed some light on the matter. According to their statements during during a community event called the Black Hat EU conference. The meeting took place for researchers to have a place to gather and to engage in various trainings and analysis of vulnerabilities. Two participants, Joe Tanen and Scott Tenaglia of Invincea Labs stated that IoT was targeted by hackers. They explained how the attack worked: basically, the detected flaw allowed an Android device (connected to IoT) to pose as a GPS. Of course, the researchers introduced the topic without much technicality and hoped that appropriate authorities would look into this issue. That is exactly the decision that Belkin made: to quickly respond to the discovered vulnerability and fix it. During the course of analysis, researchers discovered the ways how the vulnerability was exploited.

In order to turn a device into a GPS, hackers had to prepare a specific code and launch it on the targeted model. Before that, crooks had to take advantage of code infection zero vulnerabilities, SQL injection. If the attack was carried out successfully, then hackers were able to transform the targeted Android into a functional tracking device.

Thankfully, Belkin was quick to find techniques of fixing errors and making products safe from attacks. According to Belkin:
“We were able to issue a fix for the first Android App issue almost immediately, and then just recently released the firmware patch for the SQL Injection vulnerability on Nov. 1. Both of these fixes address all of the vulnerabilities reported by Invincea. ”

The ways that devices are compatible with different applications should be treated as a field to be more properly researched. As a tip for the future, not entirely related with the topic discussed, we would advise you to download apps for your phone very carefully. It is very easy to download a questionable program and become bothered with advertisements or other inconvenient features.


About the author

 - Main Editor

I have started in 2007 after wanting to be more or less independent from single security program maker. Since then, we kept working on this site to make internet better and safer place to use.


Leave a Reply

Your email address will not be published. Required fields are marked *