Internet-enabled dash cams that allow anyone to track your GPS location in real-time

Graham Cluley
@gcluley

Joseph Cox at Motherboard reports that car drivers who have installed a BlackVue dash cam into their vehicle can have their real-time GPS location tracked.

The issue was highlighted by infosec professional Lee Heath on Christmas Day, who received a BlackVue dash cam as a gift.

Motherboard explained how it was able to extract location data via the BlackVue iPhone app:

By reverse engineering the iOS version of the BlackVue app, Motherboard was able to write scripts that pull the GPS location of BlackVue users over a week long period and store the coordinates and other information like the user’s unique identifier. One script could collect the location data of every BlackVue user who had mapping enabled on the eastern half of the United States every two minutes. Motherboard collected data on dozens of customers.

With that data, we were able to build a picture of several BlackVue users’ daily routines: one drove around Manhattan during the day, perhaps as a rideshare driver, before then leaving for Queens in the evening. Another BlackVue user regularly drove around Brooklyn, before parking on a specific block in Queens overnight. The user did this for several different nights, suggesting this may be where the owner lives or stores their vehicle. A third showed someone driving a truck all over South Carolina.

An obfuscated screenshot of the location data of one BlackVue user that Motherboard tracked throughout New York. Source: Motherboard.

BlackVue says that it has now updated its security measures.

Concerns about the security and privacy of vehicle dash cams is nothing new.

In September 2018, it was disclosed that one vendor’s dash cams were sharing video footage from vehicles and real-time GPS location details by default – a design decision that was criticised for its “sheer unadulterated incompetence” that resulted in the “massive breach of their customers’ security and trust”

The name of that dashcam manufacturer? BlackVue.

You can hear what he had to say about that in a “Smashing Security” podcast we recorded at the time.

Smashing Security #97: 'Dash cam surveillance, robocall plague, and Zoho woe'

Your browser does not support this audio element. https://aphid.fireside.fm/d/1437767933/dd3252a8-95c3-41f8-a8a0-9d5d2f9e0bc6/0c4ecab1-0e09-40d0-b137-a331747ed4c7.mp3

Listen on Apple Podcasts | Google Podcasts | Pocket Casts | Spotify | Other... | RSS
More episodes...

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.