SinoTrack GPS Flaws Let Hackers Control Vehicles Remotely

SinoTrack GPS tracking devices contain two security vulnerabilities that could allow unauthorized remote access to vehicles, according to a recent disclosure. The flaws affect the web management interface used to control the devices, exposing them to potential exploitation via default or weak passwords.

If successfully exploited, the vulnerabilities could grant attackers access to device profiles, enabling them to track vehicle locations and execute remote functions. These could include commands typically reserved for authorized users, raising concerns about the broader implications for fleet security and individual vehicle owners.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about the issue, warning that the flaws present a significant risk if left unaddressed. The agency emphasized that the vulnerabilities stem from insufficient access controls in the commonly used web interface.

SinoTrack users are advised to review device settings and update default credentials to mitigate exposure to potential threats. Further technical details were not disclosed.