Serious security flaws in GPS trackers manufactured by a Chinese company have been found to expose location data of nearly 6 lakh children and elderly, according to researchers from cybersecurity firm Avast.
The researchers spotted the vulnerabilities in the T8 Mini GPS tracker and nearly 30 other models by the same manufacturer, Shenzhen i365 Tech.
Marketed to keep kids, seniors, pets, and even possessions safe, these devices expose all data sent to the Cloud, including exact real-time GPS coordinates, showed the findings revealed last week.
Further, design flaws can enable unwanted third-parties to spoof the location or access the microphone for eavesdropping, Avast said.
"We have done our due diligence in disclosing these vulnerabilities to the manufacturer, but since we have not heard back after the standard window of time, we are now issuing this public service announcement to consumers and strongly advise you to discontinue use of these devices," Martin Hron, a senior researcher at Avast said in a statement.
The researchers estimate that there are about 6 lakh of these unprotected trackers in use globally that are using the very generic default password of "123456".