Can Hackers Break Into GPS Trackers Used For Your Fleet?
Sunday, April 28, 2019
Semi Truck Sunset
Print Mail Download i

The answer may be yes.

GPS trackers enable businesses to derive greater efficiencies and productivity from their employees and their vehicle fleets. But, when businesses deploy this technology, HR departments often raise valid concerns about employee privacy on and, in some cases, off the job. When employers install GPS trackers on company-owned vehicles, these privacy concerns typically are outweighed by productivity gains, improved safety, and better control over time at work. According to a recent report, however, employers also need to be concerned about the security of their GPS trackers.

I can absolutely make a big traffic problem all over the world

default passwordAccording to Motherboard, a hacker known as L&M claims he has hacked into thousands of iTrack and ProTrack accounts. The reports indicate this activity has been going on in several countries, including South Africa, Morocco, India and the Philippines. iTrack and ProTrack are apps employers use with the GPS trackers to manage their fleets. The most unsettling part of this story is the hacker claims to be able to kill the engines of vehicles being driven by employees.

How can this happen?

Like many devices, they come with default passwords (e.g., 123456) which are among the most popular passwords and the least secure. According to the reports, the hacker acquires the usernames and then uses the anticipated default passwords to gain access to the account.

So, what can employers do?

I came across this NIST blog post which was a fun read and provided some excellent tips which basically boil down to the following:

  • Change default passwords! (And, not just for GPS trackers)
  • Develop passphrases – they generally are easier to remember and harder to crack.
  • Don’t store your passwords or passphrases on your devices.
  • Don’t use the same password or passphrase for all of your accounts, and certainly not your most important accounts.
  • Change your passwords and passphrases regularly. With billions of usernames and passwords being shared by hackers, it is possible that they have yours.
  • Don’t rely solely on passwords or passphrases. Adopt multifactor authentication.

When organizations roll out new technology, they simply have to add security considerations to list. This includes making sure default passwords are changed.

Jackson Lewis P.C. © 2024

Current Legal Analysis

More from Jackson Lewis P.C.

USCIS Issues Employment Authorization Procedures for Palestinians on Deferred Enforced Departure
by: Forrest G. Read IV
OSHA Proposes Expansion of Workplace Protections for Emergency Responders
by: Courtney M. Malveaux , Melanie L. Paul
Ninth Circuit Holds Warehouse Worker Qualifies as Transportation Worker Under FAA Exemption
by: Scott P. Jang
MSHA Issues Long Awaited Final Silica Rule
by: Karl F. Kumli
Labor Commissioner’s FAQ on Fast Food Minimum Wage
by: Laura A. Pierson-Scheinberg , Benjamin A. Tulis
New Study Shows Gen Z LGBTQIA+ Students, Graduates Value, Seek Out Inclusive Workplaces
by: Teresa Burke Wright
DHS Extends, Redesignates Temporary Protected Status for Ethiopia
by: Forrest G. Read IV
Privacy Versus Cyber – What is the Bigger Risk?
by: Joseph J. Lazzarotti
Top Five Labor Law Developments for March 2024
by: Jonathan J. Spitz , Richard F. Vitarelli
How Manufacturers Can Stay Ahead of the Changing Landscape of PFAS Regulations
by: Arthur Cunningham

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins