In the past 30 years, with the popularization of smart devices, GPS trackers and application scenarios have become more and more extensive, such as the control of the whereabouts of children and the elderly with GPS personal tracker, highway inspection, valuable cargo tracking, tracking and service dispatch, private detective tools, personal property tracking, pet tracking, wildlife tracking, freight industry, car anti-theft, bicycle anti-theft, electric car anti-theft, motorcycle anti-theft, bank money transport vehicles, military and police exercise control, inspection tracking, official vehicle management, etc. One of the main functions of these devices is to collect GPS coordinates of the tracker’s location and send them to a remote server via a cellular modem and SIM card. However, with the development of technology, in addition to simple location positioning, the GPS personal tracker also includes many additional functions such as a microphone, camera, or Wi-Fi interface, thereby enabling many advanced tracking activities. For example, children’s watches can not only locate the baby’s current location but also make voice calls and even video with them. In this study, we not only proposed a method for evaluating the security of mini 4g GPS personal tracker with different functions but also found several security vulnerabilities in our security assessment, highlighting the need to perform these devices when used in critical environments Appropriate safety protection.
The security and privacy issues involved in the global positioning system. The Global Positioning System (usually referred to as GPS) is an all-weather, space-based navigation system developed by the United States Department of Defense that can satisfy military users located anywhere in the world or near-Earth space continuously and accurately determine three positions. The position and the needs of three movements and time. It is a mid-range circular orbit satellite navigation system. But today we only talk about its civilian application field. The main purpose of the GPS tracker for civilian application products is to send GPS coordinates that track the location of the device or individual, and then the smallest GPS personal tracker collects automatically and periodically by using a data connection or text message Data and send the data to a remote server through the cellular network.
When testing multiple tracker solutions, we observed that the manufacturers of these devices have added additional smart features. In this way, these devices not only have simple GPS functions but full-featured monitoring devices with motion or noise detectors, microphones, cameras, and additional wireless interfaces.
The configuration of these devices is achieved through a proprietary protocol on the text message. Before using such devices, users must configure a set of parameters, such as the remote server IP address and identification and authentication credentials, in order to upload the collected data to Cloud infrastructure.
From a security and privacy point of view, if an attacker can obtain the phone number of the SIM card set by these trackers, he can launch a targeted attack.
GPS tracker information is stored in multiple cloud management systems, but attackers are not only interested in cloud management infrastructure, but also locate 3g GPS personal tracker (such as SMS configuration interface) through mobile networks to access advanced features, such as microphones Or stop the engine (some functions in the GPS personal tracker can provide remote access to the car engine).