CISA Releases Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker

This week, the Cybersecurity and Infrastructure Security Agency (CISA) released a security advisory detailing six vulnerabilities that were detected in MiCODUS MV720 Global Positioning System (GPS) Tracker. Successful exploitation of these vulnerabilities could allow threat actors to gain control over any MV720 GPS tracker, granting access to vehicle location, routes, fuel cutoff commands, and the disarming of various features such as alarms, according to CISA. These devices are present in vehicles used by businesses and governments across the world. Consequently, compromised devices could impact organizations’ security and privacy. Attackers who successfully compromise “an MV720 device could use it for tracking or even immobilizing the vehicle carrying it, or to collect information about the routes, and manipulate data,” according to BleepingComputer. There are currently no patches for the vulnerabilities. Accordingly, users are recommended to disable devices immediately and replace them with actively supported GPS trackers. Read more at CISA.