It may appear counterintuitive to publish an article on how to protect yourself against tracking devices that use GPS technology and that are designed to keep you, your loved ones and your possessions safe. But in reality, just how safe are they?
Internet of Things (IoT) devices are designed so that our virtual world can speak to our physical world. And speak they do, to the tune of 18 billion of connected devices by 2022 according to a report by Ericsson.
A recent report by Avast security identified approximately 600,000 GPS trackers manufactured by a technology company were using the same default password of ‘123456.’
According to Avast, all the models manufactured by the company, including those sold as white label products, all shared the same backend infrastructure, which consisted of a cloud server to which GPS trackers reported, a web panel where customers logged in via their browsers to check the tracker’s location, and a similar mobile app, which also connects to the same cloud server.
The practice of setting default passwords on IoT devices is common amongst many manufacturers, as there is currently no legal obligation and no economic incentive to set unique password to each device, or to design IoT devices with security in mind.
Regrettably for consumers, there has been little education on the hypercritical need to reset passwords on these devices. IoT enabled devices are accessible using the internet. This makes them highly vulnerable to potential hackers.
The website shodan.io is a great site that identifies and lists IoT products globally.
Consumer risks - GPS trackers spying on owners
“It isn’t just the ease with which hackers can identify the usernames and passwords and gain access to the account that is alarming,” said, IoTAA Workstream Enabler 3 (WSe3) member and contributor, Nam Nguyen.
“It is the emergency feature on these devices where user privacy can be potentially compromised. The hackers can place a phone call to the GPS tracker, and listen in to the wearer of the GPS tracker.”
“What we are saying here is that your tracking device can potentially be spying on you.”
“With the proliferation of these and other IoT devices, it is critical that consumers understand how to maximise their value, but equally as important, how to protect themselves,” said IoTAA WSe3 Chair, Matt Tett.
“Before they purchase an internet connected product, consumers and procurement agents need to know what security, safety and privacy questions to ask, and what responses to expect from manufacturers and suppliers. The real cost isn’t necessarily just the price of the device, it is the potential loss of information, damage to reputation and the risk of a regulatory breach, not to mention the impact of the breach itself and the effect on productivity and cost of remediation.”
It is important that we don’t get caught up in the hype of the devices capability but pause and give thought to what safety and security measures are attached to them.
This is not a new requirement, but an extension of what we, as consumers, have been conditioned to expect, and enjoy under consumer protection laws. We would no sooner purchase a toaster or vehicle without a warranty stipulating the safety and security features, than we would purchase milk without checking the use by date.
Consumers should be afforded the same assurances on any IoT enabled devices as they do on any other goods and services. We encourage consumers to be pro-active in exercising their right to make informed decisions based on true and accurate information provided by manufacturers and suppliers.
IoT Alliance Australia (IoTAA) is the peak industry body representing the Internet of Things (IoT) in Australia. Over 500 participating organisations and 1000 individual participants are working to accelerate the adoption of IoT across the Australian economy and society.