The white-label location tracker, manufactured in China, is rebranded and sold by multiple UK companies - including Pebbell 2 by HoIP Telecom , OwnFone Footprint , and SureSafeGo.
"This issue teamed with the location tracking abilities of the device allows you to conceive some pretty scary potential use cases."
The researchers also found it was possible to remotely reset the GPS tracker without needing a PIN, and kill signal to the device altogether, rendering it effectively useless.
Fidus estimates that there are at least 10,000 of these devices in use in the UK, and thousands more around the world.
The team has informed several of the device makers about the flaws, but there is no way to fix the vulnerabilities without recalling every device. more
