Connect with us

Technology

Security flaws in GPS trackers put global fleets at risk • The Register

Voice Of EU

Published

on

A handful of vulnerabilities, some critical, in MiCODUS GPS tracker devices could allow criminals to disrupt fleet operations and spy on routes, or even remotely control or cut off fuel to vehicles, according to CISA. And there’s no fixes for these security flaws.

Two of the bugs received a 9.8 out of 10 CVSS severity rating. They can be exploited to send commands to a tracker device to execute with no meaningful authentication; the others involve some degree of remote exploitation.

“Successful exploitation of these vulnerabilities could allow an attacker control over any MV720 GPS tracker, granting access to location, routes, fuel cutoff commands, and the disarming of various features (e.g., alarms),” the US government agency warned in an advisory posted Tuesday.

As of Monday, the gadget manufacturer, based in China, had not provided any updates or patches to fix the flaws, CISA added. The agency also recommended fleet owners and operators take “defensive measures” to minimize risk.

This apparently includes ensuring, where possible, that these GPS tracers are not accessible from the internet or networks that miscreants can get to. And when remote control is required, CISA recommends using VPNs or other secure methods to control access. That sounds like generic CISA advice so perhaps a real workaround would be: stop using the GPS devices altogether.

Bitsight security researchers Pedro Umbelino, Dan Dahlberg and Jacob Olcott discovered the six vulnerabilities and reported them to CISA after trying since September 2021 to share the findings with MiCODUS. 

“After reasonably exhausting all options to reach MiCODUS, BitSight and CISA determined that these vulnerabilities warrant public disclosure,” according to a BitSight report [PDF] published on Tuesday.

About 1.5 million consumers and organizations use the GPS trackers, the researchers said. This spans 169 countries and includes government agencies, military, law enforcement, aerospace, energy, engineering, manufacturing and shipping companies, they added.

“The exploitation of these vulnerabilities could have disastrous and even life-threatening implications,” the report authors claimed, adding:

For its research, the BitSight team used the MV720 model, which it said is the company’s least expensive design with fuel cut-off functionality. The device is a cellular-enabled tracker that uses a SIM card to transmit status and location updates to supporting servers and receive SMS commands.

Here’s a rundown of the vulnerabilities:

CVE-2022-2107 is a hard-coded password vuln in the MiCODUS API server. It received a 9.8 CVSS score and allows a remote attacker to use a hardcoded master password to log into the web server and send SMS commands to a target’s GPS tracker. 

These would look like they are coming from the GPS owner’s mobile number, and could allow a miscreant to gain control of any tracker, access and track vehicle location in real time, cut off fuel and disarm alarms or other features provided by the gadget.

CVE-2022-2141, due to broken authentication, also received a 9.8 CVSS score. This flaw could allow an attacker to send SMS commands to the tracking device without authentication.

A default password flaw, which is detailed in BitSight’s report but wasn’t assigned a CVE by CISA, still “represents a severe vulnerability,” according to the security vendor. There’s no mandatory rule that users change the default password, which ships as “123456,” on the devices, and this makes it pretty easy for criminals to guess or assume a tracker’s password.

CVE-2022-2199, a cross-site scripting vulnerability, exists in the main web server and could allow an attacker to fully compromise a device by tricking its user into making a request — for example, by sending a malicious link in an email, tweet, or other message. It received a 7.5 CVSS rating

The main web server has an insecure direct object reference vulnerability, tracked as CVE-2022-34150, on endpoint and parameter device IDs. This means they accept arbitrary device IDs without further verification.

“In this case, it is possible to access data from any Device ID in the server database, regardless of the logged-in user. Additional information capable of escalating an attack could be available, such as license plate numbers, SIM card numbers, mobile numbers,” BitSight explained. It received a 7.1 CVSS rating.

And finally, CVE-2022-33944 is another insecure direct object reference vuln on the main web server. This flaw, on the endpoint and POST parameter “Device ID,” accepts arbitrary device IDs, and received a severity score of 6.5.

“BitSight recommends that individuals and organizations currently using MiCODUS MV720 GPS tracking devices disable these devices until a fix is made available,” the report concluded. “Organizations using any MiCODUS GPS tracker, regardless of the model, should be alerted to insecurity regarding its system architecture, which may place any device at risk.” ®

Source link

Technology

Lego releases Atari Video Computer System set • The Register

Voice Of EU

Published

on

Lego has followed up its Nintendo Entertainment System retro throwback with one celebrating the Atari Video Computer System (VCS).

The set, retailing at a heart-stopping $239.99 (£209.99 in the UK), is a non-functional replica of the iconic game console, although only the model with four switches rather than the six of others in the range. Not that those switches do an awful lot in Lego form.

In fact, compared to the cheaper Nintendo Entertainment System set (with all its twiddly technic bits and separate television), we’d have to describe the VCS set as a bit of a disappointment if it weren’t for the nostalgia factor.

The plastic bricks also fail to include a mock cartridge of the best game on the VCS, Combat. Asteroids, Centipede, and Adventure simply don’t cut it in comparison even with the reproduction of the hopelessly optimistic cover art so beloved by ’80s and ’90s designers and some neat Lego vignettes themed after the games.

Lego also opted to skip E.T. the Extra Terrestrial, described as the worst game ever. We can imagine an appropriate model for that example and the impact it had on the industry of the time.

Still, the 2,500-plus pieces will make for a fun build and includes a replica of the classic Atari joystick and a mini-fig scale 1980s room which pops up when the front is slid forward.

The price does seem high for what is effectively a plastic throwback to simpler times. Then again, other attempts to recreate that retro magic could cost you a lot more and potentially leave you without even a pile of plastic bricks to play with.

Or one could always take the plastic assembly and stick something like a Raspberry Pi (preloaded with an emulator) into it. Similar things were done with Lego’s Nintendo Entertainment System where the Technic guts of the television were removed and replaced with a Pi and an LCD screen to create something on which one can play games (ROM ownership notwithstanding).

Youtube Video

It is a shame that Lego did not see fit to include a television with the Atari VCS in the way it did with the NES, and also limited interaction to a pop-up 1980s room and some switches. However, the design looks good and is a reminder of an age when sticking something that looked like wood on the front of the console and squeezing games into kilobytes rather than gigabytes was state of the art.

Otherwise there are many examples of the VCS that can be had on various auction sites for considerably less than Lego’s asking price that are a good deal more interactive. ®

Source link

Continue Reading

Technology

4 reasons hybrid working looks set to stay for young professionals

Voice Of EU

Published

on

From priorities to practicalities, Dr Amanda Jones of King’s College London explains why hybrid working may be here to stay and outlines the pitfalls that younger employees will need to avoid.

Click here to visit The Conversation.

A version of this article was originally published by The Conversation (CC BY-ND 4.0)

We’re in the middle of a remote working revolution. In the UK, though remote working was slowly growing before the pandemic, in 2020 the number of people working from home doubled.

While this rapid rise can be explained by Covid lockdowns, a recent survey my colleagues and I conducted with 2,000 London workers found that six in 10 employees still regularly work from home despite restrictions no longer being in place. And most don’t want that to change.

Findings from other parts of the world similarly point to a substantial increase in the number of work days being undertaken from home.

For young professionals, the shift has been particularly significant. Before the pandemic, employees in their 20s were by far the least likely to work from home.

In 2022, 64pc of 16 to 24-year-olds we surveyed reported working at home for at least part of the week. This figure is in line with 25 to 49-year-olds (65pc) and in fact higher than for people over 50 (48pc).

Other research also shows that young professionals now engage in hybrid working – dividing their time between their home and their workplace – and may prefer this model to being in the office full time.

US and European data shows that around four in 10 jobs can be conducted from home. But this figure may be higher if we consider that some jobs could be at least partly done from home. In particular, jobs in finance and insurance, information and communication and education are among the most conducive to being performed remotely.

Technologies which support remote working, such as Zoom and Slack, have been available for a number of years. While the pandemic has served as a catalyst for the rise in remote working among younger employees, I would argue that other factors have also contributed to this shift – some of which were already evident before the pandemic.

Importantly, each of these factors suggest this change to the way young professionals work is here to stay.

1. Priorities

Evidence suggests that even before the pandemic, young people were becoming more focused on their own goals, wanted greater flexibility and control, and sought a better work-life balance compared with previous generations. The reasons for this may be related to the changing nature of organisations and careers, which I’ll discuss later.

Our own and other research indicates that remote working, especially working from home (as opposed to, say, at client sites), can boost feelings of flexibility and control and enhance work-life balance. So working remotely could help younger people achieve these goals in a way that traditional working arrangements can’t.

In fact, research indicates that many young people would now rather switch jobs than compromise on the flexibility they gain from hybrid working. So for employers, supporting hybrid working may be necessary to attract and retain the best employees.

2. Practicalities

Across all age groups, participants in our research picked avoiding the commute as the biggest benefit of working remotely. While this has long been a recognised advantage of remote working, it’s important to note that we surveyed London workers – and the commute may be less of an issue for people in other places.

Aside from the time and hassle involved in commuting, travelling to work every day can be expensive. The cost of working in the office goes up if you also factor in lunches, coffees and after-work social activities.

This may be difficult for younger people – who are contending with the rising costs of living, often on lower salaries – to manage. Working remotely can help reduce spending, making it an attractive option – and even a potential lifeline – for younger employees.

3. Career trajectories

Studies show that a move towards less hierarchical, more efficient and flexible organisations results in a “new deal” of employment. Employers no longer guarantee job security and progression for employees, but gain their commitment by providing opportunities – including training programmes – that enhance their employability.

The onus then moves to employees to manage their own career progression, which remote working may help them with. For example, we know working from home can reduce distractions and improve productivity.

Taken with the commuting time saved, young professionals may have more time to dedicate to development opportunities, such as studying for additional qualifications. This could increase their attractiveness in the job market.

Indeed, young professionals seem to be the most likely to switch jobs. If they don’t expect to remain with an organisation long term, they may be less motivated to build strong relationships with colleagues and managers, and unwilling to put their own goals aside for those of the organisation.

4. Managers’ behaviour

Research shows many more managers now work remotely compared with before the pandemic. This change has two important effects.

First, managers who work remotely are likely to find it harder to stop juniors from doing the same. Managers’ ability to monitor and develop their junior staff in person, a common reason for prohibiting remote work in the past, is also reduced if managers are away from the office themselves.

Second, as more managers work remotely, younger employees may feel more confident that doing so won’t prevent them achieving success. Managers serve as role models to junior employees and evidence shows that younger professionals seek success by copying role models’ behaviour.

Avoiding the pitfalls of hybrid working

Despite the positives, younger employees, with comparatively limited experience and networks, may face disproportionately negative outcomes from remote working in terms of recognition, development and networking opportunities.

So if you’re a young professional working remotely, how can you avoid the pitfalls of hybrid working?

Setting your own goals can keep motivation and performance high. Meanwhile, proactively communicating your challenges and achievements to senior and peer-level colleagues can ensure that you receive guidance and recognition.

It’s a good idea to plan some of your time in the office to coordinate with team members or managers. At the same time, it’s useful to try to schedule office visits on different days of the week. This can help maintain key relationships but also help build networks through bumping into colleagues you don’t necessarily work as closely with.

Finally, upping attendance at external conferences and events could increase your value to the organisation through encouraging innovation and fresh ideas, while keeping you aware of external employment opportunities.

The Conversation

By Dr Amanda Jones

Dr Amanda Jones is a lecturer in organisational behaviour and human resource management at King’s College London.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

Kids’ tech: the best children’s gadgets for summer holidays | Gadgets

Voice Of EU

Published

on

With the long school summer holiday well under way, you may need a bit of help keeping the kids entertained. From walkie-talkies and cameras to tablets, robot toys and fitness trackers, here are some of the best kid-aimed tech to keep the little (and not-so-little) ones occupied.

Robot toys

Sphero Mini – about £50

Sphero Mini robotic ball.
Sphero Mini robotic ball. Photograph: Bryan Rowe/Sphero

Lots of tech toys are fads but my longtime favourite has stood the test of time as a modern update to remote control fun. Sphero is a ball you control using a smartphone or tablet, and has hidden depths, with games and educational elements also available.

The mini Sphero ball is a lot of fun to drive around and small enough that overexuberant indoor excursions won’t result in broken furniture and scuffed-up paintwork. The Sphero Play app has games, while the Sphero Edu app is great at fostering creative learning.

Kids or big kids can learn to program, follow examples, get the robot to do all sorts of things, or go deeper and write some code for it in JavaScript. Higher-end versions such as the £190 BOLT take the educational elements to the next level, too.

Tablets

Amazon Fire 7 Kids – about £110

Amazon Fire 7 Kids edition tablet.
Amazon Fire 7 Kids edition tablet. Photograph: Amazon

If you would rather not lend your precious breakable phone or iPad to your little ones, Amazon’s practically indestructible Kids edition tablets could be just the ticket.

The cheapest and smallest Fire 7 has just been updated and is available in a range of bright-coloured cases with a pop-out stand. If your offspring do manage to break it, Amazon will replace it for free under its two-year “worry-free” guarantee.

It does all the standard tablet things such as movies, apps, games, a web browser if you want it, and parental controls to lock it, set time limits and age filters. There’s even an option restricting access to curated child-safe sites and videos but it doesn’t have access to the Google Play store, only Amazon’s app store.

The Kids edition comes with a one-year subscription to Amazon Kids+ (£3 to £7 a month afterwards), which is a curated collection of child-friendly text and audio books, movies, TV shows and educational apps.

The larger £140 Fire HD 8 and £200 Fire HD 10 are available in Kids versions, too, if you want something bigger, or Amazon’s new Kids Pro tablets start at £100 with additional features aimed at school-age children.

Alternatives include LeapFrog’s various educational tablets, which are fine for younger children, or hand-me-down or refurbished iPads (from £150) in robust cases, which can be locked down with some parental controls.

Cameras

VTech Kidizoom Duo 5.0 – about £39

VTech Kidizoom Duo 5.0 kids’ camera in pink.
VTech Kidizoom Duo 5.0 kids’ camera in pink. Photograph: VTech

Before the advent of smartphones, standalone cameras were the way we visually documented our lives, and they still can be a bit of creative fun and inspiration for kids.

The VTech Kidizoom Duo 5.0 is a “my first digital camera” of sorts made of rugged plastic and simple in operation, which VTech reckons is suitable for three- to nine-year-olds. It captures 5MP photos of reasonable quality and can shoot from the back for selfies, too, all viewable on a 2.4in screen.

The optical viewfinder helps them line up the shot, which they can transform with fun filters and effects. It even shoots video, too. The kid-centric nature of it might turn off older children but every award-winning photographer has to start somewhere before the smartphone takes over.

It needs an SD card for storage and takes four AA batteries at a time, and chews through them fast, so buy some rechargeables to help save money and the planet.

For older children, rugged and waterproof action cams could be the way to go, shooting video and photos. Budget no-brand cams cost from about £80 but secondhand or refurbished models from the big boys such as GoPro and DJI go for about £100 and on eBay and elsewhere.

Fitness trackers

Garmin Vivofit Jr 3 – from about £55

Garmin Vivofit Jr 3 Star Wars edition.
Garmin Vivofit Jr 3 Star Wars edition. Photograph: Garmin

Your child may not need any encouragement to tear about the place but if you are after a gadget to “gamify” and reward their activity – as well as giving them a smartwatch-esque gadget to play with – the Garmin Vivofit Jr 3 could be a winner for ages four and up.

Its watch-like form comes in various themes and designs, including with various Star Wars, Marvel and Disney characters, with custom watchfaces to choose from. The user-replaceable coin-cell battery lasts a year, so you don’t have to worry about charging it. Water-resistance to 50 metres means swimming should be no problem either.

It tracks steps, activity and sleep with motivational messaging. It has mini games to play once your child has hit their goals, and can all be managed from a parent’s phone or tablet, so you can keep an eye on their data. Parents can even set goals, competitions with their own activity levels, chore reminders and tasks that can earn virtual coins for them to trade for rewards with you.

It is button-operated rather than touchscreen, and the backlight doesn’t stay on long to preserve the battery.

If you are a user of Google’s Fitbit trackers yourself, then the firm’s Ace 3 (£50) means you can compete on activity, but it needs charging every seven or so days. Other cheaper adult-focused fitness trackers such as the Xiaomi Mi Smart Band 6 (about £29) may be better for older children.

Walkie-talkies

Motorola T42 Talkabout – about £35 for three

Motorola Talkabout T42 two-way radios.
Motorola Talkabout T42 two-way radios. Photograph: Motorola Solutions

Walkie-talkies are a great replacement for phones, allowing kids and big kids to keep in touch without fear of fees or smashed screens.

There are plenty of child-centric options available with various character themes but basic units usually work better. Motorola’s T42 Talkabout comes in various colours and multipacks.

They are simple to set up, with a pairing button and multiple channel selection to find a clear one. Once going, just push to talk, even over long distances. Their quoted 4km range might be a bit ambitious but they should be good for at least 500 metres in urban environments, or much further in the open air.

They take three AAA batteries each, which last about 18 hours of talking or roughly three to four days in active use, so you might need a small army of rechargeable batteries.

They have a belt clip and loop for hooking to a carabiner (metal loop) or similar, and are fairly rugged, too, so should survive being launched across a room or two.

Nestling’s camouflage walkie-talkies (about £26) are also a popular choice but there are lots of choices under £30 available on the high street.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!