Thursday, August 6, 15:40
Home security Smartwatch tracker that helps vulnerable people can be hacked

Smartwatch tracker that helps vulnerable people can be hacked

Researchers have uncovered a number of serious security issues in a smartwatch tracker used in applications, including services designed to support older and vulnerable people.

On Thursday, cybersecurity experts from Pen Test Partners revealed safety issues found in SETracker, software aimed at children and the elderly - especially people with dementia or people who need reminders to complete their daily tasks. such as taking medication.

Smartwatch tracker

The GPS tracker app can be used in conjunction with a smartwatch, and in turn, users can use the system to make a call if they need help.

The SETracker application of the Chinese company 3G Electronics, is available in iOS and Android and has been downloaded over 10 million times.

However, the safety flaws in the product showed that it was not just the caregivers or loved ones who could monitor the movements or activities of a user.

Supplier software, of which there are now three versions of mobile applications, often runs on background cheap smartwatch offered by various brands. SETracker is also available in headphones and car software.

According to Pen Test Partners, the first major security issue was the discovery of an unlimited "server to server API". The server could be used to violate the SETracker service in ways that involve, but are not limited to, change passwords devices, realization calls, send text messages, monitor and access cameras built-in devices.

If a screen support system is based on SETracker, it was possible to send fake messages, including "TAKEPILLS" commands, which are set to remind users to take their medications.

"A person with dementia is unlikely to remember that he has already taken his medication," the researchers said. "It simply came to our notice then.

The researchers also found the source code software, which was accidentally made public through a compiled node file hosted on the internet as a backup security.

passwords MySQL, e-mail, SMS and Redis, as well as passwords source code were available for viewing. A database containing user images was also open for abuse.

"The source code showed that this bin was where all the photos taken by devices were sent. But it has not been confirmed ", says Pen Test Partners. "Since these devices are mainly used by children, it is very likely that these images contain images of children."

It is also not known if any of the security issues have been exploited by a hacker.

Pen Test Partners revealed its findings to 3G Electronics on January 22. The company did not respond until 12 February. Triage then went on to reveal the server's vulnerabilities API on February 17, which were fixed a day later.

On May 20, the researchers reported the problem of the node to the supplier, and on May 29, 3G Electronics confirmed that the file had been removed and that all passwords had been changed.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

Twitter: Android error exposes DMs and other user data to hackers!

Twitter announced that it fixed a bug found in the Twitter application for Android, which could allow hackers to ...

Trump: Facebook removes misinformation post about Covid-19

Facebook removes Donald Trump's post claiming that children are "almost immune" to Covid-19.

US: $ 10.000.000 to anyone who identifies election hackers!

A few months before this year's US presidential election to be held in November, the US State Department announced that it will give ...

Hackers can "invade" hospitals through Temi robots!

Temi robots used in hospitals and care centers to help the sick and the elderly, can be found at ...

Ransomware gang threatens Canon for leaking photos!

The Maze ransomware gang appears to be behind a recent cyber attack against Canon.

Why the Edge crashed with Google's default search engine

An explanation has been given by Microsoft, regarding the error that caused the collapse of the Edge, when Google was set ...

Waymo: 18 months in prison for the employee who stole the data!

Anthony Levandowski, former chief engineer of Waymo, was sentenced to 18 months in prison for stealing confidential data from Google.
00:02:16

Call of Duty Warzone: The game's hackers have grown exponentially

While cheats are a long-standing problem for Call of Duty: Warzone, they seem to be commonplace in the game.

SEE LIVE NOW: Presentation of the Samsung Galaxy Note 20 5G

Watch live now on YouTube the presentation of Samsung's new product, the Galaxy Note 20 5G. SEE ...

Remote Work means more hours and meetings

The massive shift to remote work since the pandemic began brought several upheavals: more flexibility, no routes, comfortable clothes.