Login

Register

Login

Register

#cybersecurity | #infosec | Internet-enabled dash cams that allow anyone to track your GPS location in real-time


Internet-enabled dash cams that allow anyone to track your location in real-time

Internet-enabled dash cams that allow anyone to track your location in real-time

Joseph Cox at Motherboard reports that car drivers who have installed a BlackVue dash cam into their vehicle can have their real-time GPS location tracked.

The issue was highlighted by infosec professional Lee Heath on Christmas Day, who received a BlackVue dash cam as a gift.

Motherboard explained how it was able to extract location data via the BlackVue iPhone app:

By reverse engineering the iOS version of the BlackVue app, Motherboard was able to write scripts that pull the GPS location of BlackVue users over a week long period and store the coordinates and other information like the user’s unique identifier. One script could collect the location data of every BlackVue user who had mapping enabled on the eastern half of the United States every two minutes. Motherboard collected data on dozens of customers.

With that data, we were able to build a picture of several BlackVue users’ daily routines: one drove around Manhattan during the day, perhaps as a rideshare driver, before then leaving for Queens in the evening. Another BlackVue user regularly drove around Brooklyn, before parking on a specific block in Queens overnight. The user did this for several different nights, suggesting this may be where the owner lives or stores their vehicle. A third showed someone driving a truck all over South Carolina.

A screenshot of the location data of one Blackvue user that Motherboard tracked throughout New York.
An obfuscated screenshot of the location data of one BlackVue user that Motherboard tracked throughout New York. Source: Motherboard.

BlackVue says that it has now updated its security measures.

Concerns about the security and privacy of vehicle dash cams is nothing new.

In September 2018, it was disclosed that one vendor’s dash cams were sharing video footage from vehicles and real-time GPS location details by default – a design decision that was criticised for its “sheer unadulterated incompetence” that resulted in the “massive breach of their customers’ security and trust”

The name of that dashcam manufacturer? BlackVue.

You can hear what he had to say about that in a “Smashing Security” podcast we recorded at the time.

Graham Cluley





Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW