Woman using a GPS watch

Flawed GPS Trackers Can Leak Your Location and More

GPS trackers are helpful for keeping tabs on anyone from a child to an elderly family member. Whether the tracker is worn as an emergency pendant, or a smart watch, it’s a simple way to locate a loved one and provide peace of mind in case of an emergency.

However, it’s been recently discovered that a collection of Chinese-manufactured GPS trackers contain serious security flaws that wreak serious havoc. These white-labeled trackers can be tampered with remotely and, as a result, can reveal your location to strangers, allow them to hack into the device directly, change your security information and more.

Uncovering the flaws in compromised GPS trackers

It’s estimated that hundreds of thousands of flawed GPS trackers were on the market in 2019. Two security companies, Avast and Fidus Information Security, published their findings after uncovering major security breaches with several different GPS products on the market.

Researchers from Fidus Information Security first uncovered the problem when they discovered that a Chinese-based company had manufactured flawed GPS trackers as a white-label product. Since they are white labeled, they do not have a brand name attached, allowing multiple companies to purchase the rights to use the products and rebrand them under their own name. That means you can purchase the same trackers from different brands without even knowing it.

The flawed GPS trackers, sold by Shenzhen i365 Tech and Thinkrace, could reveal the location of the device, along with allowing users to eavesdrop through the speaker. All hackers need is the phone number to the device. The trackers are unencrypted, leaving sensitive information wide open for hackers.

Which GPS trackers are compromised?

Researchers found several different companies around the world selling the flawed GPS trackers in 2019, including trackers from OwnFone Footprint and SureSafeGo. Security company avast noted up to 29 companies over 600,000 trackers sold online. Those include wrist watch GPS trackers for kids.

Affected models include the T58, A9, T8S, T28, TQ, A16, A6, 3G, A18, A21, T28A, A12, A19, A20, A20S, S1, P1, FA23, A107, RomboGPS, PM01, A21P, PM02, A16X, PM03, WA3, P1-S, S6, and S9, according to Avast.

The problem is widespread because the trackers are sold under different names, all made by the same manufacturer. “It does not appear the manufacturers, nor the companies reselling the devices, conducted any security testing or penetration testing of the device,” wrote Fidus’ Andrew Mabbit in the security team’s findings.

Safety issues with GPS trackers

So how exactly can a bad guy get their hands on sensitive information with a GPS tracker? Fidus’ research shows hackers only need a phone number to the device to send it a special keyword in order to get your real-time location. Hackers can even dial in to eavesdrop by using another method, all because the flawed GPS trackers are not encrypted and have shoddy security.

Although each of the devices has a PIN that must be set, the security flaws allow the device to be reset remotely, rendering the PIN useless. It does seem that most of the companies have ameliorated these issues with software updates, but Avast says this only counts for the devices that were sold after the security issue was unveiled. “It is easy to fix new devices, but not so much devices already in the wild,” wrote Mabbit.

Flawed GPS trackers: How to stay safe

If you recently purchased one of the affected flawed GPS trackers, it’s more than likely that the devices have already been patched. If you’re not sure if your GPS tracker has been compromised or if it has been patched, contact the company you bought it from and get your questions answered directly.

In order to make sure your personal information doesn’t get into the wrong hands, you should make sure to set your device with a PIN number that is unlikely to be guessed. (No, 123456 isn’t a good password.) Think of a memorable date or other series of numbers that isn’t generic.

When looking for any type of GPS tracker, you should research the company’s security methods. It’s important to confirm that the company you buy your GPS tracker from uses encryption technology to fend off security breaches like this one. Look for trusted brands to make sure your information is safe. Although this may mean the GPS tracker you purchase is a little more expensive, it is worth the extra money to make sure your information doesn’t fall into the wrong hands.

How to find the right GPS tracker for you

There are lots of GPS trackers on the market with all sorts of bells and whistles, but at the end of the day, you just want a tracker that keeps your information safe from the bad guys.

Do your research and make sure whichever option you choose has the best encryption technology available. If possible, find a device that offers extra security measures like a PIN code. GPS tracking is a very helpful security tool, but make sure you steer clear of flawed GPS trackers by only purchasing from trusted companies.

This article has been reviewed and approved by Officer Banta.

Officer James Banta

Officer Banta is the official SecurityNerd home security and safety expert. A member of the Biloxi Police Department for over 24 years, Officer Banta reviews all articles before lending his stamp of approval. Click here for more information on Officer Banta and the rest of our team.