A hacker recently demonstrated that he could access two popular vehicle-monitoring apps that let him monitor where the cars were located, access drivers’ private information, and even kill the engines remotely.
The hack targeted two apps, iTrack and ProTrack, that companies can use to monitor their fleets of vehicles, according to Motherboard. The attack, which the hacker said he did to draw attention to flimsy cybersecurity, serves as a cautionary tale to double check your security practices — all 27,000-plus compromised accounts used the default password “123456.”
The hacker could also monitor each driver on a map view, just as an employer might. Both apps also come with a “kill engine” button that turns off a car if it’s traveling less than 12 miles per hour, which the hacker told Motherboard he didn’t touch out of safety concerns.
“I can absolutely make a big traffic problem all over the world,” the hacker told Motherboard. “I have [full] control [of hundreds] of thousands of vehicles, and by one touch, I can stop these vehicles engines.”
The hacker said that he demanded a ransom from the two companies, but that he was mostly interested in advocating for their customers.
“My target was the company, not the customers,” the hacker told Motherboard. “Customers are at risk because of the company. They need to make money, and don’t want to secure their customers.”