A hacker recently discovered that he could take control of car engines remotely via GPS tracking applications. The latter has entered millions of accounts belonging to users of two GPS tracking applications, allowing him to monitor the location of tens of thousands of vehicles. He was also able to shut down some of their engines while the cars were in motion. Known as “L & M”, the hacker announced that he has hacked into more than 7,000 iTrack accounts and more than 20,000 ProTrack accounts, two applications that companies use to monitor and manage vehicle fleets using GPS tracking devices. The vehicles observed are found in various countries such as South Africa, Morocco and the Philippines. According to L&M, “all customers receive a default password of 123456 when they register“.
He then brute-force millions of user names will force the API of applications. He then managed to automatically enter thousands of accounts using the default password to extract data from them. In addition, for some users, it has managed to recover their personal data such as real names, phone numbers, e-mail addresses and physical addresses. The pirate finally gave up turning off the cars’ engines for fear of creating multiple accidents; he simply showed that he was capable of doing so.