Unpatched Flaws in Popular GPS Devices Allow Adversaries to Disrupt and Track Vehicles
BitSight described six ‘severe’ vulnerabilities in the MiCODUS MV720 GPS tracker
Stay updated on GPS security threats and advancements. Explore the latest news and insights in the GPS infosec field. Protect your tracking tech today.
Search across headline titles and summaries.
Background for this topic.
GPS (Global Positioning System) is a satellite-based navigation and timing service. A receiver calculates its position and precise time from signals broadcast by satellites; it usually does not authenticate those signals before using them. GPS is one component of the broader family of global navigation satellite systems (GNSS), although “GPS” is often used informally for satellite navigation generally.
Its main security concerns are spoofing and jamming. Spoofing transmits counterfeit signals that can make a receiver report a false location or time; jamming overwhelms the weak satellite signals and causes loss of service. These attacks can disrupt navigation, geofencing, surveying, or systems that depend on GPS timing, but their effect depends on receiver design and signal exposure. Defenses include authenticated signals where available, interference monitoring, plausibility checks, and independent sources such as inertial sensors or terrestrial timing. GPS-enabled phones, vehicles, and tracking systems also create privacy risks because stored location histories can reveal movements and routines; access controls, retention limits, and transparent collection practices are relevant safeguards.
BitSight described six ‘severe’ vulnerabilities in the MiCODUS MV720 GPS tracker
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations
About '1.5 million' folks and organizations use these gadgets A handful of vulnerabilities, some critical, in MiCODUS GPS tracker devices could allow criminals to disrupt fleet operations and spy on routes, or even remotely control or cut off fuel to vehicles, according to CISA. And there's no fixes for these security flaws.…
Vulnerability researchers have found security issues in a GPS tracker that is advertised as being present in about 1.5 million vehicles in 169 countries. [...]
A GPS device from MiCODUS has six security bugs that could allow attackers to monitor 1.5 million vehicles that use the tracker, or even remotely disable vehicles.