This document discusses how embedded devices with cellular connectivity and GPS capabilities could potentially be exploited and used to track individuals without their consent. It describes how an attacker could send commands via SMS to intercept location data from compromised tracking devices. It also explains how an attacker could potentially impersonate targets by spoofing location data responses over HTTP. The document recommends ways for companies to better secure such devices, such as using encrypted communications and restricting device access.