A popular GPS tracker used as a panic alarm for elderly people and to monitor children's whereabouts can be hacked to spy on users, researchers have warned.
The white-label location tracker, manufactured in China, is rebranded and sold by multiple UK companies - including Pebbell 2 by HoIP Telecom , OwnFone Footprint , and SureSafeGo.
"There were no signs from the device when this was activated or when you called in, turning this device issued to vulnerable people into a remote listening bug,” said Fidus.
"This issue teamed with the location tracking abilities of the device allows you to conceive some pretty scary potential use cases."
The researchers also found it was possible to remotely reset the GPS tracker without needing a PIN, and kill signal to the device altogether, rendering it effectively useless.
Fidus estimates that there are at least 10,000 of these devices in use in the UK, and thousands more around the world.
The team has informed several of the device makers about the flaws, but there is no way to fix the vulnerabilities without recalling every device. more