Can Hackers Break Into GPS Trackers Used For Your Fleet?

Joseph Lazzarotti
Jackson Lewis P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

The answer may be yes.

GPS trackers enable businesses to derive greater efficiencies and productivity from their employees and their vehicle fleets. But, when businesses deploy this technology, HR departments often raise valid concerns about employee privacy on and, in some cases, off the job. When employers install GPS trackers on company-owned vehicles, these privacy concerns typically are outweighed by productivity gains, improved safety, and better control over time at work. According to a recent report, however, employers also need to be concerned about the security of their GPS trackers.

I can absolutely make a big traffic problem all over the world

According to Motherboard, a hacker known as L&M claims he has hacked into thousands of iTrack and ProTrack accounts. The reports indicate this activity has been going on in several countries, including South Africa, Morocco, India and the Philippines. iTrack and ProTrack are apps employers use with the GPS trackers to manage their fleets. The most unsettling part of this story is the hacker claims to be able to kill the engines of vehicles being driven by employees.

How can this happen?

Like many devices, they come with default passwords (e.g., 123456) which are among the most popular passwords and the least secure. According to the reports, the hacker acquires the usernames and then uses the anticipated default passwords to gain access to the account.

So, what can employers do?

I came across this NIST blog post which was a fun read and provided some excellent tips which basically boil down to the following:

  • Change default passwords! (And, not just for GPS trackers)
  • Develop passphrases – they generally are easier to remember and harder to crack.
  • Don’t store your passwords or passphrases on your devices.
  • Don’t use the same password or passphrase for all of your accounts, and certainly not your most important accounts.
  • Change your passwords and passphrases regularly. With billions of usernames and passwords being shared by hackers, it is possible that they have yours.
  • Don’t rely solely on passwords or passphrases. Adopt multifactor authentication.

When organizations roll out new technology, they simply have to add security considerations to list. This includes making sure default passwords are changed.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Jackson Lewis P.C. | Attorney Advertising

Written by:

Jackson Lewis P.C.
Jackson Lewis P.C.
Contact
more
less

Jackson Lewis P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide