Source: Motherboard
What you need to know
- Vice tech outlet Motherboard was able to pull GPS location data for BlackVue users.
- It reverse-engineered the iOS app and tracked users over a week-long period.
- BlackVue has confirmed that this wasn't supposed to be possible and appears to have fixed the problem.
A report has revealed that GPS location data from the dashcam app BlackVue was available to be viewed and stored in real-time over days or even weeks, highlighting a significant security flaw in the app.
As revealed by Motherboard, Vice's tech branch, the report states:
BlackVue has an app that shows the location of drivers that opt-in. The creators say it shouldn't be possible to track its users in bulk; we found otherwise...
BlackVue is a dashcam company with its own social network. With a small, internet-connected dashcam installed inside their vehicle, BlackVue users can receive alerts when their camera detects an unusual event such as someone colliding with their parked car. Customers can also allow others to tune into their camera's feed, letting others "vicariously experience the excitement and pleasure of driving all over the world," a message displayed inside the app reads.
The report then states:
But what BlackVue's app doesn't make clear is that it is possible to pull and store users' GPS locations in real-time over days or even weeks. Motherboard was able to track the movements of some of BlackVue's customers in the United States.
BlackVue lets anyone create an account on its website for the purpose of viewing live broadcasts. Live broadcasting isn't on by default, it's an opt-in feature. According to BlackVue, a "tiny fraction" of BlackVue's overall customer base uses the feature. Broadcasting users are displayed on a map and you can tune into the feed in real-time. The available feeds are displayed on a map for selection, which is where it starts to get interesting. According to Motherboard:
But the actual GPS data that drives the map is available and publicly accessible... By reverse-engineering the iOS version of the BlackVue app, Motherboard was able to write scripts that pull the GPS location of BlackVue users over a week-long period and store the coordinates and other information like the user's unique identifier. One script could collect the location data of every BlackVue user who had mapping enabled on the eastern half of the United States every two minutes. Motherboard collected data on dozens of customers.
A BlackVue spokesperson said that "collecting GPS coordinates of multiple users over an extended period of time is not supposed to be possible", and speaking to Motherboard said:
"Our developers have updated the security measures following your report from yesterday that I forwarded."
Motherboard notes that several web requests that had previously provided user data were no longer functional. Thankfully, the issue has been highlighted and fixed. But up until now, it looks like BlackVue customers who had chosen to broadcast their feeds might well have got more than they bargained for.
Buying a Mac monitor comes down to whether you like tiny pixels or not
Buying a monitor for your Mac can be either infuriatingly complicated or the easiest thing in the world, money notwithstanding. Many of the concerns Mac buyers had were fixed when Apple announced the Studio Display in early 2022 — but that isn't the end of the story.
Terrifying AirTag tracking saga detailed by actor who was being followed
Apple's AirTag item trackers are again at the center of a report that claims that one of the coin-sized devices was used to track an actor as she walked around Disneyland.
Apple slashes trade-in prices ahead of iPhone 14, Apple Watch Series 8
Apple has cut the trade-in prices of all of its iPhones and some Macs, iPads, and Apple Watch models.
Need to print something from your iPhone? Check out these printers!
Printers are a reliable way of obtaining a physical copy of documents. Even if you're mostly using your iPhone or iPad for everyday computing, AirPrint capable printers will keep you printing with no problems. Here are some of our favorites!