On July 19, the Cybersecurity and Infrastructure Security Agency (CISA) released an Industrial Controls Systems Advisory (ICSA) detailing six vulnerabilities in the commonly used MiCODUS MV720 Global Positioning System (GPS) Tracker. It warned that successful exploitation of the vulnerabilities could allow a remote actor to exploit access and gain control of the GPS tracker, which could impact access to a vehicle fuel supply, vehicle control, or allow locational surveillance of vehicles in which the device is installed.
The vulnerabilities were reported by the cybersecurity firm BitSight Technologies. It noted that “MiCODUS is a Shenzhen, China-based manufacturer and supplier of automotive electronics and accessories which has 1.5 million GPS tracking devices in use today across 420,000 customers, including government, military, law enforcement agencies, and Fortune 1000 companies.”
The CISA Advisory reports that MiCODUS had not provided updates or patches to mitigate these vulnerabilities as of July 18th, 2022. BitSight recommends that users immediately cease using or disable any affected trackers until a fix is made available because there is no known workaround.
CISA suggests the following defensive measures to minimize the risk of exploitation of these vulnerabilities:
CISA also recommends the following measures to protect against social engineering attacks:
In addition to the warning about the vulnerabilities in this GPS tracker, the Advisory should serve as a reminder that a comprehensive cybersecurity program should go beyond endpoints, servers, networks, and cloud services. They should include inventories, risk assessments, security and privacy assessments, and appropriate safeguards for all technology that may impact the business or organization, including industrial control systems and Internet of Things devices. It should also serve as a reminder of the importance of keeping up with relevant threat intelligence like the Advisory.
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Clark Hill PLC | Attorney Advertising
This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.
Copyright © JD Supra, LLC