Previously, GPS positioning services for individuals were limited to the use of dedicated devices, and usually used for navigation while driving. Now, at all times we carry a GPS in our pocket: our smartphone and it is also connected to dozens of positioning services. Well, they have discovered several vulnerabilities that expose your location, in such a way that a ‘hacker’ could attack them to know exactly where you are.
The debate on privacy is constantly open around GPS services, due to the limited control that users have over the option – of their smartphones – to share the location on a regular basis with different services. The ‘locators’, which are responsible for monitoring the location of the device constantly, are becoming more common and it has been discovered that they can be attacked according to several vulnerabilities that expose our exact position in a worrying way. They are the databases in which the location data are stored which can be easily used.
Trackmageddon are several GPS service vulnerabilities that expose where you are located
There are several security problems; for example, the use of default passwords, or failures in IDOR elements. It is relatively simple, given these vulnerabilities, to gain access to certain databases on the GPS location of users’ devices. But in these databases there is information regarding the IMEI, the serial number of the devices, also the telephone number or the MAC identifier. Therefore, a review of the affected services is recommended to avoid their use at least temporarily, until the vulnerabilities are resolved.
To find an answer to this we can access this link in which, in the form of a list, the GPS services affected by Trackmageddon are collected. If we find in this list any that we are using, it is recommended to delete our user profile information until the security problems are solved, as well as to change the password and until the problems are solved, which should not happen in too long, it is advisable to stop using the affected services to maximize security and privacy.