Tracker Firm Hapn Spilling Names of Thousands of GPS Tracking Customers (techcrunch.com) 14
An anonymous reader quotes a report from TechCrunch: GPS tracking firm Hapn is exposing the names of thousands of its customers due to a website bug, TechCrunch has learned. A security researcher alerted TechCrunch in late November to customer names and affiliations -- such as the name of their workplace -- spilling from one of Hapn's servers, which TechCrunch has seen.
Hapn, formerly known as Spytec, is a tracking company that allows users to remotely monitor the real-time location of internet-enabled tracking devices, which can be attached to vehicles or other equipment. The company also sells GPS trackers to consumers under its Spytec brand, which rely on the Hapn app for tracking. Spytec touts its GPS devices for tracking the locations of valuable possessions and "loved ones." According to its website, Hapn claims to track more than 460,000 devices and counts customers within the Fortune 500.
The bug allows anyone to log in with a Hapn account to view the exposed data using the developer tools in their web browser. The exposed data contains information on more than 8,600 GPS trackers, including the IMEI numbers for the SIM cards in each tracker, which uniquely identify each device. The exposed data does not include location data, but thousands of records contain the names and business affiliations of customers who own, or are tracked by, the GPS trackers.
Hapn, formerly known as Spytec, is a tracking company that allows users to remotely monitor the real-time location of internet-enabled tracking devices, which can be attached to vehicles or other equipment. The company also sells GPS trackers to consumers under its Spytec brand, which rely on the Hapn app for tracking. Spytec touts its GPS devices for tracking the locations of valuable possessions and "loved ones." According to its website, Hapn claims to track more than 460,000 devices and counts customers within the Fortune 500.
The bug allows anyone to log in with a Hapn account to view the exposed data using the developer tools in their web browser. The exposed data contains information on more than 8,600 GPS trackers, including the IMEI numbers for the SIM cards in each tracker, which uniquely identify each device. The exposed data does not include location data, but thousands of records contain the names and business affiliations of customers who own, or are tracked by, the GPS trackers.
Customers asking (Score:2)
..."WTF is hapn?"
...to us!" (Score:1)
...to us!"
Re: (Score:2)
Not much, what's Hapn with you?
Repeat after me: (Score:3)
"I will only buy devices that can be configured to work without relying on a connection to someone else's servers"
Re: (Score:2)
**** Whoosh ****
Why is this ignorance getting up-votes?
This isn't about that. This is businesses wanting to know where their trucks and trailers are.
Re: (Score:3)
**** Whoosh **** Why is this ignorance getting up-votes?
This isn't about that. This is businesses wanting to know where their trucks and trailers are.
**** Whoosh **** From TFS: The company also sells GPS trackers to consumers under its Spytec brand, which rely on the Hapn app for tracking. Spytec touts its GPS devices for tracking the locations of valuable possessions and "loved ones. "
"Ignorance"? Or did you just not read the summary?
Re: (Score:2)
And either way... it doesn't take much to host your own GIS server and have your GPS units send data to it. I've actually written systems to do that from the ground up, solo.
Going through a central server is just asking to have someone else know more about your fleet than you do.
Re: (Score:2)
I suspect that "loved ones" will function normally when the spyware server is switched-off.
Re: (Score:2)
So, you don't have a phone? And you certainly didn't activate/install anti-theft software on your phone, right?
Having a GPS tracker report directly to your phone/laptop has 2 problems:
1. DHCP means the device can change IP address, unless you buy a fixed ISP-side address. (The DHCP on my house LAN changes addresses about every 6 months.)
2. Your own device must always be powered-on and connected to the internet to receive the tracking pings and build a travel history.
"Loved ones" (Score:3)
Spytec touts its GPS devices for tracking the locations of valuable possessions and "loved ones."
I get the distinct impression that the feeling need not be mutual.
In other words (Score:2)
The trackers can be tracked. Cool.
Re: (Score:2)
It sounds like they're exposing their entire client list in the session.
Grrreat. (Score:2)
wow (Score:2)
now THAT's Instant Karma!