back to article Guess – go on, guess – where a vehicle tracking company left half a million records

A US outfit that sells vehicle tracking services has been accused of leaving more than half a million records in a leaky AWS S3 bucket. The Kromtech Security Centre, which has made belling this particular cat its hobby, says it found a total of 540,642 ID numbers associated with SVR Tracking, an outfit that uses GPS devices to …

  1. Nolveys

    S3 Buckets

    We're up to what, one of these per day? And that's only the stuff that's important or observed enough to be reported.

    I had to use S3 on a project a while ago. The web interface was weird and confusing.

    Weird, confusing and security don't mix well. If you pour them all into a beaker they just striate and smell bad.

    1. Lysenko

      Re: S3 Buckets

      Agreed, the S3 access control interface is byzantine. We still use it because while I'm pretty sure our buckets are correctly secured, I'm damn sure there is nothing in them that isn't AES encrypted. Too many people seem to treat S3 as an AWS version of OneDrive.

      1. David 140

        Re: S3 Buckets

        I only use them as extra web storage for large images - so security isn't all that critical.

        A while back, we wrote something that used their time-expiring URLs for selling downloads - and that was pretty good.

        1. Anonymous Coward
          Anonymous Coward

          Re: S3 Buckets

          "I only use them as extra web storage for large images - so security isn't all that critical."

          Does that expose the risk that someone can introduce a nefarious payload into an image file's content?

          1. David 140

            Re: S3 Buckets

            Hmm. I think they only have Read permission.


  2. TrumpSlurp the Troll
    Black Helicopters

    Hidden GPS trackers in vehicles?

    Would those be even legal in the UK?

    I suppose with informed consent they would be similar to the insurance trackers which charge you on the basis of speed and when you drive. Also to the trackers on delivery vans and HGVs which are used for logistics planning and tracking.

    However I think that a release of PII which gave detailed tracking of your vehicle for the last 100 days would have far more serious effects here than in the States.

    Do the police have access to this data?

    1. Salestard

      Re: Hidden GPS trackers in vehicles?

      The interesting/telling bit is why they're tracking them - arrears or default on payments, allowing for recovery of the veee-hickle. Mrs Salestard had some cable trash TV on recently which featured US tow truck operators; one business owner reckoned on 80% of his work now being recovering defaulted cars, from 20% a decade ago.

      Here in Blighty its much harder to hide a car you owe money on, but with the anticipated popping of PCP/PCH bubble, I'd expect this sort of service to be more desirable. Given the strength of the motoring lobby, wouldn't anticipate legality to be an issue for very long.

      1. Orv

        Re: Hidden GPS trackers in vehicles?

        Many of these devices also have the ability to disable the vehicle's starter remotely if the owner is late with payments. That would make this leak a little more interesting.

        These have inspired some practices that are shady even by the standards of subprime auto loans, such as dealerships demanding a couple hundred bucks to remove the tracker once the loan is paid off, and disabling the car if they don't get it.

        1. UncleZoot

          Re: Hidden GPS trackers in vehicles?

          I'd love that they attempt to extort me. I've got access to a bug finder.

          Scan to find tracker, remove said tracker, remove label, crush the shit out of said tracker, and place label on pile of tracker remains. Take back to dealership and force feed to finance manager.

          1. Orv

            Re: Hidden GPS trackers in vehicles?

            I think how well that worked would depend on how devious they were about wiring it to disable the car. Smashing it and then having the car never start again wouldn't be a great outcome.

    2. Lysenko

      Re: Hidden GPS trackers in vehicles?

      Would those be even legal in the UK?

      I suspect that they mean "hidden from crims". It is perfectly possible to jam and/or shield a tracker when nicking a car, but in the end you have to find the thing and disable it or else break the vehicle for parts in a Faraday cage. Knowing where to find the tracker on a specific vehicle would be a big advantage and might therefore make the vehicles on this list preferential theft targets.

      1. TrumpSlurp the Troll

        Re: Hidden GPS trackers in vehicles?

        Just noting that the security tracking devices in the UK (as found in caravans, motor homes, bicycles, expensive cars) are generally passive and only broadcast when interrogated.

        This makes them more difficult to locate by criminals.

        The ones described in the article seem to be transmitting all the time so should be fairly easy to locate (at least, the aerial doing the transmitting).

        I assume that the vehicle would "go dark" in a car ferry, or a multi-storey car park, or a Faraday Cage may not be necessary for concealment.

  3. handleoclast

    Another hole in an Amazon bucket?

    Then fix it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Another hole in an Amazon bucket?

      According to Wikipedia the sentiment of the song goes back to at least 1700.

      "The earliest known archetype of this song seems to be in the German collection of songs Bergliederbüchlein (c 1700)."

      It seemed to be a standard in Christmas Pantomimes in England - possibly as far back as the 1950s.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022