The answer may be yes.
GPS trackers enable businesses to derive greater efficiencies and productivity from their employees and their vehicle fleets. But, when businesses deploy this technology, HR departments often raise valid concerns about employee privacy on and, in some cases, off the job. When employers install GPS trackers on company-owned vehicles, these privacy concerns typically are outweighed by productivity gains, improved safety, and better control over time at work. According to a recent report, however, employers also need to be concerned about the security of their GPS trackers.
I can absolutely make a big traffic problem all over the world
According to Motherboard, a hacker known as L&M claims he has hacked into thousands of iTrack and ProTrack accounts. The reports indicate this activity has been going on in several countries, including South Africa, Morocco, India and the Philippines. iTrack and ProTrack are apps employers use with the GPS trackers to manage their fleets. The most unsettling part of this story is the hacker claims to be able to kill the engines of vehicles being driven by employees.
How can this happen?
Like many devices, they come with default passwords (e.g., 123456) which are among the most popular passwords and the least secure. According to the reports, the hacker acquires the usernames and then uses the anticipated default passwords to gain access to the account.
So, what can employers do?
I came across this NIST blog post which was a fun read and provided some excellent tips which basically boil down to the following:
- Change default passwords! (And, not just for GPS trackers)
- Develop passphrases – they generally are easier to remember and harder to crack.
- Don’t store your passwords or passphrases on your devices.
- Don’t use the same password or passphrase for all of your accounts, and certainly not your most important accounts.
- Change your passwords and passphrases regularly. With billions of usernames and passwords being shared by hackers, it is possible that they have yours.
- Don’t rely solely on passwords or passphrases. Adopt multifactor authentication.
When organizations roll out new technology, they simply have to add security considerations to list. This includes making sure default passwords are changed.