A GPS Tracker for Kids Had a Bug That Would Let Hackers Stalk Them


Image: HereO

Thanks to the so-called Internet of Things, gone are the days when parents had to wonder where the hell their kids were. Now, parents can just easily track their children on their smartphone screens’ thanks to myriad internet-connected wearablegizmos. But what happens when those devices get hacked?

The HereO watch and its accompanying iPhone and Android apps do just that, allowing “entire families to share their locations with each other throughout the day,” according to HereO’s official site. But due to bug in the app’s platform web service or API, the HereO also let pretty much anyone with a little technical know-how pretend to be part of the family, and thus gave stalkers a way to easily track and even send messages to any kids or family members wearing the watch, according to new research published on Tuesday.

Anyone could “basically impersonate the parents, which is creepy,” Tod Beardsley, the security research manager at Rapid7, the firm who studied the device, told Motherboard. “Not super useful for traditional computer crime but is definitely in the creepy zone.”

Anyone could “basically impersonate the parents, which is creepy.”

This is just yet another example of how Internet of Things (IoT) can go wrong. It’s the kind of issue that not only could end up as fodder for the hilarious, Internet of Shit parody Twitter account, but could one day give real-life stalkers and child predators an easy way to find their targets.

The issue with the HereO was that anyone could add themselves to the trusted family group just by knowing the user ID of any family member, according to Beardsley, who said the user ID is likely a person’s email address, thus easy to figure out. The API essentially allowed the hacker or stalker to add himself or herself to the family’s network and track members through the app.

Read More…

 


Source Article from http://feedproxy.google.com/~r/blacklistednews/hKxa/~3/-TQLMXA3AVs/M.html

You can leave a response, or trackback from your own site.

Leave a Reply

A GPS Tracker for Kids Had a Bug That Would Let Hackers Stalk Them


Image: HereO

Thanks to the so-called Internet of Things, gone are the days when parents had to wonder where the hell their kids were. Now, parents can just easily track their children on their smartphone screens’ thanks to myriad internet-connected wearablegizmos. But what happens when those devices get hacked?

The HereO watch and its accompanying iPhone and Android apps do just that, allowing “entire families to share their locations with each other throughout the day,” according to HereO’s official site. But due to bug in the app’s platform web service or API, the HereO also let pretty much anyone with a little technical know-how pretend to be part of the family, and thus gave stalkers a way to easily track and even send messages to any kids or family members wearing the watch, according to new research published on Tuesday.

Anyone could “basically impersonate the parents, which is creepy,” Tod Beardsley, the security research manager at Rapid7, the firm who studied the device, told Motherboard. “Not super useful for traditional computer crime but is definitely in the creepy zone.”

Anyone could “basically impersonate the parents, which is creepy.”

This is just yet another example of how Internet of Things (IoT) can go wrong. It’s the kind of issue that not only could end up as fodder for the hilarious, Internet of Shit parody Twitter account, but could one day give real-life stalkers and child predators an easy way to find their targets.

The issue with the HereO was that anyone could add themselves to the trusted family group just by knowing the user ID of any family member, according to Beardsley, who said the user ID is likely a person’s email address, thus easy to figure out. The API essentially allowed the hacker or stalker to add himself or herself to the family’s network and track members through the app.

Read More…

 


Source Article from http://feedproxy.google.com/~r/blacklistednews/hKxa/~3/-TQLMXA3AVs/M.html

You can leave a response, or trackback from your own site.

Leave a Reply

Powered by WordPress | Designed by: Premium WordPress Themes | Thanks to Themes Gallery, Bromoney and Wordpress Themes