Connect with us


Tech Researchers Calls For A Recall Of A Popular GPS Tracking System



Tech researchers are calling for a recall of a problematic GPS tracking system.

Tech researchers from the U.K. are calling for a product recall of a famous white-labeled GPS tracking device they found out to be risky in terms of protecting its users’ security and privacy.

The said GPS tracker is commonly used as a panic alarm system for elderly patients, to monitor kids, and track vehicles. Tech researchers found out that there are problematic security flaws in the system’s configuration and said that these security flaws are so “severe” that they are calling for a full recall of the said product.

According to the cybersecurity research firm Fidus Information Security based in the United Kingdom, the said product is white-labeled by location tracker companies, rebranded and sold by more than a dozen companies. The companies include Pebbell by HoIP Telecom, OwnFone Footprint, and SureSafeGo.

The GPS tracker uses a SIM card to connect to the 2G/GPRS cell network and while the system does not require an internet connection to function which means that the data cannot be found on exposed device database sites like Shodan, the researchers said that other people could remotely access data and control the device through SMS.

The research company noted that the device could be tricked into sending anyone the real-time location just by sending a text message to the device’s phone number with a keyword. The phone number in the device can also be called for other people to activate its built-in microphone and listen to the sounds, including conversations, within the vicinity. Worse, the activation of the built-in microphone does not alert anyone, and the device user can never know that someone can hear whatever is heard within the area.

Anyone can trick the system into sending real-time location information just by sending a text message to the device’s phone number with a keyword. Image from @zackwittaker / Twitter

The results of the study have also revealed that a specific command can also disable and kill the cell signal altogether, making the device useless.

“This device is marketed at keeping the most vulnerable safe and yet anybody can locate and listen into thousands of people’s lives without their knowledge,” said Fidus’ Andrew Mabbitt, who wrote up the team’s findings. “This day and age, everything is connected one way or another, and we seem to be leaving security behind; this isn’t going to end well.”

Even though the device can be protected with a PIN, the PIN is not enabled by default, and the user has to set it up proactively. And even if someone has set up a PIN for the device, the researchers have also found out that a command can also be used to reset it without needing a 2-factor authentication PIN virtually.

Mabbit said in an interview with tech media that an attacker only needs to know the device’s mobile number to carry out his plan to render the device useless, track the user’s real-time location, or listen to their conversations.

Furthermore, the team working on the exposure of the vulnerabilities in the said GPS tracking system found out that the phone numbers can be easily extrapolated based on other working numbers and attack can be serial this way.

We made the assumption that these numbers were purchased in a batch,” noted by the researchers.

During a test conducted by a popular technology-based publication, they found out that upon sending a specific phone number a keyword, the device was able to reply with the exact coordinates of the device with an accuracy level of a few meters. The device, within a few seconds, also sent the researchers a list of other information such as IMEI number and the battery level of the device.

“Fixing this broken security would be trivial,” said the team. “All they needed to do was print a unique code on each pendant and require that to be used to change configurations. The location and call functions could be locked down to calls and texts only from those numbers previously programmed in as emergency contacts.”

The severity of the security vulnerability of the device’s system prompted the team to call it a “glorified wiretap.”

Exposing the vulnerabilities of the said system comes a few months after the U.K. have announced a proposed new cybersecurity law that would require device makers to sell a connected device with a unique password and not a default password, unlike the conventional default password system.

A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Are Hackers Friends Of Crypto Industry Or Are They Enemies?

Hackers have been paid more than $30,000 for exposing and fixing security issues in crypto companies but at the same time, hackers are also the reason why some of them lose money. Click To Tweet



Hackers have been paid more than $30,000 for exposing and fixing security issues in crypto companies but at the same time, hackers are also the reason why some of them lose money.
Hackers have been paid by crypto companies to fix bugs. Photo: Christoph Scholz | Flickr | CC BY-SA 2.0

The unregulated universe of cryptocurrencies have found its unlikely allies among hackers in solving systemic problems and fixing bugs, a report reveals.

Crypto companies including crypto exchanges have paid a lump sum of at least $32,150 to different white-hat hackers by fixing the security flaws in popular crypto and blockchain platforms such as TRON, Brave, EOS, and Coinbase.

The data revealed that 15 blockchain and crypto-related firms had made hefty payments as rewards to security researchers between March 28 and May 16. The said rewards were made concerning 30 publicly-released bug reports during the entire duration.

Among all the companies who had the security threats, Omise, the software firm behind cryptocurrency OmiseGo, need the most fixes with six disclosed bugs and security issues. Blockchain-powered prediction market Augur disclosed three reports, as did Brave Software, makers of the Brave browser, which features its own native token.

Crypto and blockchain technology has since been criticized by different financial institutions for being volatile and vulnerable to technology and cyber crimes, making the technology not conducive to become a working technology. It only makes sense that in time when they need help the most, white-hat hackers and security researchers are there to help them – for a price.

According to the study, he payment varies depending on the severity of the bug. They adjust their HackerOne rewards depending on how easy or difficult it is for the white-hat hacker to reolve a security issue. For instance, majority of Omise’s disclosed security flaws were only worth around $100 each, there are other payments that amounted to a lot more, the study suggests.

Both, the company that owns the EOS “blockchain,” and budding network Aeternity paid one hacker with more than $10,000 for a single issue that the hacker paid. TRON also paid $3,100 to the researcher who realized the network was susceptible to being flooded with malicious smart contracts, something thatcould jeopardize the future of the company.

Most of cryptocurrency companies and blockchain firms, just like other tech-based companies, have set up a reward or bounty system that would pay anyone that can point out any form of security issue in their systems; a bigger reward is also provided to those who can fix them.

While hackers who decided to use their skills to improve the technology stratosphere are increasing in number steadily, they could at any time decide to use their skills to exploit the vulnerabilities they have discovered for bigger take home money.

Just like how last week, cryptocurrency exchange Binance announced that hackers had successfully stolen 7,000 BT (then $40 million, now $55 million) from its own wallets.

Similarly crypto exchange company Cryptopia announced last week that the company is going into liquidation following the attack that lost the company millions of dollars worth of crypto money in January.

According to a blockchain data analytics firm, their investigation allowed them to estimate the loss caused by the cyber attack to be as much as $16 million in ether and ERC-20 tokens. While the company has restarted their trading services in March, no one is still certain of the actual damages that the cyber attacked caused the company. Until now, the company is still recovering from the aftermath of the breach and still having banking issues.

According to the liquidation firm, Grant Thornton, since the damages caused by the hacking was too “severe” and has impacted the company massively in terms of trade, and amidst the effort of its management to regain composure by reducing costs and returning the business to profitability, they have decided that liquidation is the best option for the company and all stakeholders moving forward.

It is still unclear whether or not Cryptopia is running its own bounty program but coincidentally, Binance has a bounty reward of $100,000 for anyone who can solve the mystery of their stolen crypto money, but until now, the perpetrator is still at large and unidentified.

“At Binance, the security of our users is our number one priority. As such, we strive to provide the most secure platform possible. We will evaluate reported security issues based on the security impact to our users and the Binance ecosystem.”

In the end, the question still remains: Are hackers friends of the crypto industry or are they the enemy?

Continue Reading


Cloud Computing Drives Taiwan & HK Organizations To Encrypt Data As “Employee Mistakes” Are The #1 Data Security Threat

Rising trend in cloud computing seen as the key driver of organizations setting up encryption strategies in Hong Kong and Taiwan. Click To Tweet



Rising trend in cloud computing seen as the key driver of organizations setting up encryption strategies in Hong Kong and Taiwan.
Cloud Computing. Photo: Jane Boyko | Flickr | CC BY 2.0

Erring employees are the most prolific cause of data breaches and not cyber attacks by hackers in Hong Kong and Taiwan, according to businesses, an independent cybersecurity study reveals.

According to a study conducted by nCipher Security, a B2B applications provider, nearly half of the organization in Hong Kong and Taiwan cite “employee mistakes” as their biggest data security threat. 48% of the organization from the study said that their employees’ mistakes are more likely the case when a data breach happens; only 22% cite external hackers and 17% cite malicious hackers.

The data was revealed by 2019 Hong Kong and Taiwan Encryption Trends study from the Ponemon Institute. The annual review is conducted to capture how organizations, businesses, and institutions around the world are dealing with “compliance, increased threats, and the implementation of encryption to protect their business-critical information and applications.”

With the acknowledgment that human error is most likely to cause a data breach, nCipher says, and the prevalence of data breaches and data security issues around the world, organizations in both Hong Kong and Taiwan have started to realize the value of protecting themselves from data security breaches through data encryption.

“With corporate data breaches making headlines globally, encryption is vital in protecting data by making it unreadable to anyone other than those holding the corresponding encryption key,” reads a press release by nCipher.

A hopeful future awaits most of the organizations globally, with 45% of the respondents to the said study said that their organizations have a comprehensive and holistic encryption plan applied throughout their entire business. The trend was also observed to be continuously rising. However, the study notes that only 39% of organizations in both Hong Kong and Taiwan already have an encryption plan already in place; this is of direct contrast to Germany, which at 67% has the highest number of organization with encryption strategy being implemented.

“Organizations are under relentless pressure to protect their business-critical information and applications, but the proliferation of data, concerns around data discovery and policy enforcement, together with lack of cybersecurity skills makes this a challenging environment,” notes Michael Tai, head of sales, Greater China at nCipher Security.

But it is still not late for Hong Kong and Taiwan to catch up with implementing encryption policies throughout their industries as an overwhelming number of organizations have recognized the importance of protecting customer information and their intellectual property. Seventy-four percent of respondents see protecting customer personal information a priority – highest among all the regions surveyed and is 20% higher than the global average.

The most common type of data encrypted by organizations in Hong Kong and Taiwan is employee or human resources data (63%) and intellectual property (53%). The least common type of data to be encrypted is healthcare information (17%), which is 7% below the global average.

Furthermore, Hong Kong and Thailand leads the world in cloud adaptation with 80% of respondents either currently using cloud computing services or planning to do so within the year. This is another reason, nCipher says, that organizations in both Asian countries are driven to have a robust data security policy and to implement a sound encryption strategy.

“Enterprises are increasingly turning to cloud environments to help them save time and money. While these technologies are digitally transforming businesses, there are potential security risks associated with them,” says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

“Consequently the use of encryption to protect cloud data in Hong Kong and Taiwan is high just as it is elsewhere around the globe. Encryption usage is a clear indicator of a strong security posture. Organizations that deploy encryption are more aware of threats to sensitive and confidential information and making a greater investment in IT security.”

However, amidst the recognition of the need for encryption plans, organization cite data discovery as the most common factor that stops them from setting up encryption systems. Other factors cited by the respondents include classifying which data to encrypt and the ease of time with deploying encryption technologies.

“nCipher empowers customers by providing a high assurance security foundation that ensures the integrity and trustworthiness of their data, applications and intellectual property,” added Tai, encouraging organizations to treat data security as a priority and set up their data encryption systems.

Continue Reading


Hackers-For-Hire Are Ineffective And Expensive, Google Study Says

Researchers from Google and University of California said that hackers-for-hire services are frauds and expensive. They also said that they are not threats to individual accounts. Click To Tweet



Researchers from Google and University of California said that hackers-for-hire services are frauds and expensive.
Researchers says they are not threats to individual Google accounts. Photo: Richard Patterson | Flickr | CC BY 2.0

Researchers from Google have yet again found a new and compelling reason why people should not hire hackers online, even if their offers are enticing enough for some people to fall for. New research published last week by Google, and researchers from the University of California, San Diego reveals that hackers-for-hire services available online are scams and ineffective.

The research methodology includes contracting 27 hacking services, and as expected, a considerable chunk of them did not respond to the inquiries made by the researchers, while 12 of them responded but never actually attempted to launch an attack. The researchers noted that only five service providers ended up launching assaults against the test Gmail accounts.

“Using unique online buyer personas, we engaged directly with 27 such account hacking service providers and asked them with compromising victim accounts of our choosing,” researchers said.

“These victims, in turn, were ‘honey pot’ Gmail accounts, operated in coordination with Google, and allowed us to record key interactions with the victim as well as with other fabricated aspects of their online persona that we created (e.g., business web servers, email addresses of friends or partner).”

Additionally, out of the 12 who responded to the inquiries of the researchers, nine of them have said that they are no longer working in the hacking business and it turned out that the rest are straight up scams.

The services offered online was said to be charged between $100 and $500 and interestingly, none of the service providers used automated tools for the attacks that they promise their clients.

The attacks are instead involving social engineer, with the hackers using spear-phishing techniques to target attacks for each intended victim. Researchers highlighted that while some of the hackers have asked them for information about the intended victims of the supposed attacks, others didn’t even bother and chose to employ a “re-usable email phishing templates.”

Interestingly, one of the five hackers who ended up launching an attack to the test Gmail account tried to infect the victim with malware rather than straightforwardly phish for account credentials. Once the malware infected email was opened and the malware installed in the victim’s system, the hacker will have virtual remote control of the entire system and would have been able to recover passwords and authentication cookies from local browsers.

Another hacker was able to bypass two-factor authentication ((2FA), the safety mechanism that requires the account holder to use another verification process independent from password authentication such as through a code sent to the connected SMS number in the account. Researchers reveal that the hacker was able to direct the decoy victim to a spoofed Google login page and successfully scraped for both passwords as well as SMS coded while effectively checking the validity of both in real time.

The hacker, says the researchers, who know that he needs to bypass a 2FA actually (and usually) double his prices citing the complexity of the task. An increase in the prices for hacking Gmail accounts have been observed to grow throughout the years with $125 per account in 2017 to $400 today. Researchers posit that the improved security protocol causes the price hike by Google.

“As a whole, however, we find that the commercialized account hijacking ecosystem is far from mature,” the research team said. “We frequently encountered poor customer service, slow responses, and inaccurate advertisements for pricing.

“Further, the current techniques for bypassing 2FA can be mitigated with the adoption of U2F security keys,” they added.

In the end, the researchers concluded that while there are capable hackers, most of those who offer hacking services are either ineffective or just plain frauds. As a consequence, they said that ignoring scam sites, they didn’t view hacker-for-hire services as an actual danger for user accounts. The researchers cited high prices for hacking each account and the low quality of services the service providers provide as reasons.

“However, despite the ability to successfully deliver account access, the market exhibited low volume, poor customer service, and had multiple scammers. As such, we surmise that retail email hijacking has yet to mature to the level of other criminal market segment,” the researchers wrote in their study’s abstract.

Continue Reading

Today’s Latest

Our Voices

Apple2 days ago

Privacy-Centered Web Browsers, A Marketing Strategy?

[bctt tweet="Privacy is a great thing to invest in, but the moment it becomes a selling point rather than an...

Silicon Valley Silicon Valley
Our Voice4 days ago

How Tech Companies Affect Communities In Places They Call ‘Home’

Tech companies are today’s driving forces in the economic world, mostly because of the introduction of the Internet. It allows...

We reviewed RingCentral's VoIP offers We reviewed RingCentral's VoIP offers
Our Voice1 week ago

RingCentral VoIP Review

VoIP has had a significant shift from a technology exclusively used by the early adopters or hobbyist to a widely...

April Fools April Fools
Our Voice2 months ago

April Fools Jokes Aren’t Just “Jokes”

April Fools is undoubtedly a fun day, exceptionally if you have crafted the most elaborate prank on your friends and...

Facebook Facebook
Facebook2 months ago

Facebook Should Do Better At Processing Community Standard Violations, And They Should Do It Fast

A few months ago, I saw a photo of myself used by another Facebook account with a “R.I.P. (Rest in...

With reports of artists committing harassments, should you separate the art from the artist? With reports of artists committing harassments, should you separate the art from the artist?
Our Voice2 months ago

Supporting Problematic Artists And Their Arts, An Opinion

As the world becomes swarmed by reports of famous artists – musicians, comedians, actors, painters – being alleged or in...

How to regulate facial recognition without possible risks How to regulate facial recognition without possible risks
Our Voice2 months ago

Ethical Regulation Of ‘Facial Recognition’ Is A Shared Responsibility

There is an ongoing discussion both in online and offline spaces regarding the growth of facial recognition technology and its...

Solving Data Breachs, must focus on SMBs Solving Data Breachs, must focus on SMBs
Cybersecurity2 months ago

Data Breach Epidemic: Solving The Problem In SMBs Will Solve The Problem For All

In the last two weeks, we’ve witnessed a vast amount of data breaches and information leaks, and the issue has...

Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects
Our Voice2 months ago

We Agree To PM Ardern Of Keeping Christchurch Murderer Nameless, And The Media Should Listen

In the wake of Christchurch mosques shooting in New Zealand that killed 50 people at two mosques, the shooter is...

Apple Anti-Snooping Paten Apple Anti-Snooping Paten
Apple2 months ago

Apple vs. Police Authorities; A Cold War Against iPhone’s Anti-Snooping Patent

To protect its customers from hackers and illegal surveillance, Apple is developing an anti-snooping technology that would impede police and...

Fighting misinformation over measles outbreak Fighting misinformation over measles outbreak
Our Voice3 months ago

An Epidemic: Measles Or Misinformation?

2018 was the year when people started asking the question: ‘should I get my child vaccinated?’ Most people answered yes,...

Join us as we delve into the future of the VoIP industry Join us as we delve into the future of the VoIP industry
Our Voice3 months ago

Take A Look At The Predicted Future Of The VoIP Industry

For the past 20 years, VoIP has become an integral part of the lives of millions of people around the...

Contact Center Solutions Contact Center Solutions
Business3 months ago

Choose The Right Call Center And The Best Contact Center Solutions of 2019

The Ins And Outs Of Business Communication Management For your business to exist in today’s world, you must know how...

Instagram poses as a threat to some of the world's most famous location Instagram poses as a threat to some of the world's most famous location
Our Voice3 months ago

How Instagram Corrupts Famous Locations In The World

Is Instagram corrupting the beauty of breathtakingly beautiful locations and sucking all the joy out of traveling? With the era...

How one can earn crypto How one can earn crypto
Our Voice4 months ago

Ways To Earn Cryptocurrency

Cryptocurrency is one of the growing medium for exchange in most countries as it offers a more convenient and safer...

Ending Payday Loans Ending Payday Loans
Our Voice4 months ago

Can We End Payday Loans?

We can’t neglect the fact that debt is one of the pressing problems in the country, especially in today’s economy....

How will 5G change our lives -- Our Voice How will 5G change our lives -- Our Voice
Our Voice4 months ago

Jumping From 4G To 5G: Here’s What 5G Can Do For You

One of the most awaited advancements in technology is the cellular industry. With its monthly updates on software, model and...

VoIP vs Traditional Telephones: Cost Factors to consider VoIP vs Traditional Telephones: Cost Factors to consider
Our Voice4 months ago

What are the cost factors of VoIP?

In the next few years, we might be saying goodbye to traditional telephone systems in exchange for Voice over Internet...

Manufacturing Firms Investment on Technology Manufacturing Firms Investment on Technology
Our Voice5 months ago

Manufacturing Firms are Investing More on Technology

Based on the recent research on how manufacturing companies are coming up in the market industry, they have been increasing...

How to properly take Technology Innovation in companies How to properly take Technology Innovation in companies
Our Voice5 months ago

Technology innovation in companies—for the better or the worse?

Technology has significantly impacted both homes and workplaces in the last years. As much as we want to keep our...