UK cyber-security experts are calling for an immediate recall of a GPS tracker used as a panic alarm for elderly patients, monitoring children, or tracking vehicles.
Cybersecurity firm Fidus Information Security says the tracker can be hacked and tricked into disclosing its real-time location by anyone sending it a text message with a keyword.
With another command, snoops would have no trouble calling the device and listening remotely to its in-built microphone.
To top it off, there is also a command which can kill the cell signal completely from afar.
Cybersecurity experts are claiming that despite the option of protecting the device with a PIN, it’s not enabled by default. To their dismay, they found that the device can be reset remotely without any PIN at all.
While the device itself doesn’t have internet connectivity, it does use a SIM card to connect to a cell network for location tracking. Almost anyone can give the device commands if they know the phone number and send it a text.
“This device is marketed as keeping the most vulnerable safe, and yet anybody can locate and listen into thousands of people’s lives without their knowledge,” warns Fidus director Andrew Mabbitt, TechCrunch reports.
Mabbitt explained, in the organisation’s blog, that while the team have informed manufacturers of the major security flaws, the only way to fix the issue is to recall tens of thousands of units already in use around the world.
There are at least 10,000 in use in the UK alone, according to Fidus.