Remember folks ...
"never attribute to malice that which is adequately explained by stupidity."
Oh, wait, this is business related. Substitute 'cupidity'.
A handful of vulnerabilities, some critical, in MiCODUS GPS tracker devices could allow criminals to disrupt fleet operations and spy on routes, or even remotely control or cut off fuel to vehicles, according to CISA. And there's no fixes for these security flaws. Two of the bugs received a 9.8 out of 10 CVSS severity rating. …
It's a GPS. What the hell does that have to do with how the vehicle functions ?
I don't care that it's a tracker, the only thing it needs is power from the battery. It has nothing to do on the CAN bus.
But of course, as in all the stupid things people do, they've linked it to the CAN bus.
Anti theft - if reported as stolen then stop it running?
You would hope it isn’t possible to do this whilst it is moving, which is what it seems to be able to do. In that case it is a very stupid design.
I mean how hard it is to write a routine that shuts down fuel when speed = 0
> and gets demolished by a rear ender from a big truck that your tracker couldn't see, possibly precipitating a multiple pile-up with numerous casualties.
That's one scenario. Another is simply that the fuel is cut-off when parked - e.g. busses / coaches parked-up overnight at the depot have their fuel cut off to deter joy riders; or farm machinery disabled when not in use to deter theft.
It's GPS tracker, shock sensor, and a solid state relay on a cellular connected processor The relay is normally configured to cut or reduce fuel pump power if the vehicle is out of geo-fencing, speeding, or stolen.
I won't buy a new car if the dealership has installed an anti-theft system. It guarantees you're eventually stranded on the side of the road ripping off interior panels to find an amateur's hidden wire splices, or now, an exploitable cellular tracker.
Hopefully nobody does something stupid like connect power stations to the public internet…..
Let’s face it folks, the lunatics are in charge of the asylum. I’m drawing conclusions here, quit developing before it’s too late, because clearly asking those pertinent questions of “can I”, “should I” and “what if” is beyond some peoples thought process, assuming there are any thought processes to begin with.
> It's a GPS.
Nope. It's a device that includes a GPS along with other components.
> What the hell does that have to do with how the vehicle functions ?
That's been more than adequately explained below.
I cannot speak for this particular product, which I'd never heard of, but I helped design and run one of the first devices of this kind, complete with remote cut off, nearly thirty years ago. Needless to say we were well aware of what happens when you trip a relay that shuts off the fuel supply to the engine, having tested the thing ourselves.
I've got one of these, the device itself communicates with the server over GSM.
It's the software running on the server end which may have an issue, BUT there is a very good Open Source Software server which runs on everything inlcuding a Raspberry Pi.
This is only an issue if using some closed source server software from China.
On the other hand these and their clones are great units, which can do a lot more than just vehicle location....
Umm I have one of these - haven't installed it yet. But having read the security issues - you are not safe because you're using traccar or any other open source solution for this.
The issue is that they have a hardcoded password in the firmware on the device, that can be accessed by SMS, it's also apparently possible to fake the SMS originating from the controlling phone number. Sure some things are probably only an issue if using the original server.
So I would be careful. Now if someone has an open source firmware for them - I'd be all for that.
Hard coded passwords and failure to validate requests. What could be more bleeding obvious? And yet we're still suffering from the same incompetent pseudo-engineering as we have for a couple of decades. The only difference is that it's becoming ever more critical as it's applied to increasingly hazardous situations.
Every time I'm discussing GPS functionalities with people, I'm baffled they all believe a GPS device is meant to tell the world where it is or can't work with no mobile data !
But no, GPS is passive, it's only some add-ons that make it connected, tell the world where you are/drive, and be a target.
Thankfully, my good old TomTom Premium X can be used as a 100% passive device, doesn't need mobile data or any such non sense.
And, it can move from car to car !
I don't need those vulnerable gadgets that often require a car dealer to update.
There aren't many devices left that don't at least receive radio data and all cars now have ecall trackers and mobile connection builtin supposedly "so they can send an emergency signal in case of accident".
Obviously an ideal system for governments and organisations to monitor and eventually control everything that happens in a car especially now electric cars are all fly-by-wire and fully integrated with junk like Android or IOS.
Now what is that they say about no cars allowed at weekends - easy-peasy - empty roads just for the "Special Ones"
Funny that no-one was allowed any say in this, but they do let us play games pretending we have some say over privacy with these hilarious meaningless cookie popups.
all cars now have ecall trackers and mobile connection builtin
Citation needed. My car doesn't.
Now what is that they say about no cars allowed at weekends
I have no idea, what do "they" say about it? Nobody - literally not one person - has said it to me, whatever it is.
Funny that no-one was allowed any say in this
Any say in what, exactly? Please be more specific and include citations in your paranoid ranting, then at least we'll know what you're talking about.