CyberSecurity news
FlagThis - #iot
|
Pierluigi Paganini@Security Affairs
//
US CISA has issued a warning about critical vulnerabilities discovered in SinoTrack GPS devices, which could allow attackers to remotely control vehicles and track their locations. The vulnerabilities affect all versions of the SinoTrack IoT PC Platform. Successful exploitation of these flaws could grant unauthorized access to device profiles through the common web management interface, enabling malicious actors to perform remote functions on connected vehicles.
The two main vulnerabilities are CVE-2025-5484 and CVE-2025-5485. CVE-2025-5484 is a weak authentication flaw stemming from the use of a default password and a username that is the identifier printed on the receiver. CVE-2025-5485 is an observable response discrepancy where the username used to authenticate to the web management interface is a numerical value of no more than 10 digits, making it easy for attackers to guess valid usernames. An attacker could retrieve device identifiers with physical access or by capturing identifiers from pictures of the devices posted on publicly accessible websites such as eBay. CISA recommends that device users take defensive measures to minimize the risk of exploitation of these vulnerabilities. The most crucial step is to change the default password to a unique, complex password as soon as possible. In the absence of a patch, users are advised to also take steps to conceal the identifier. Security researcher Raúl Ignacio Cruz Jiménez stated that due to its lack of security, this device allows remote execution and control of the vehicles to which it is connected and also steals sensitive information about you and your vehicles. As of June 11, 2025, SinoTrack has not responded to CISA’s requests for information or provided fixes for these problems.
Share:
References :
Classification:
Pierluigi Paganini@Security Affairs
//
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding two critical vulnerabilities discovered in SinoTrack GPS devices. These flaws could allow malicious actors to remotely control vehicles and track their locations. The vulnerabilities affect all known SinoTrack devices and the SinoTrack IOT PC Platform. This alert follows the disclosure of these security weaknesses by independent researcher Raúl Ignacio Cruz Jiménez.
The identified vulnerabilities include a weak authentication flaw (CVE-2025-5484) and an observable response discrepancy (CVE-2025-5485). The weak authentication stems from the use of a default password across all devices and the use of the device identifier as the username. The identifier, which is printed on the receiver, is easily accessible, either through physical access to the device or through images posted online. The observable response discrepancy arises from the numerical structure of usernames, which are up to 10 digits long. This enables attackers to guess valid usernames by trying different number sequences. Successful exploitation of these vulnerabilities could grant attackers unauthorized access to device profiles through the web management interface. This access could then be used to perform remote functions on connected vehicles, such as tracking the vehicle's location and, in some cases, disconnecting power to the fuel pump. With a CVSS v4 score of 8.8, CVE-2025-5485 is considered highly severe. While there are currently no official fixes available, CISA advises users to change the default password immediately and to conceal the device identifier, particularly in publicly accessible photographs. SinoTrack has not yet responded to CISA’s request.
Share:
References :
Classification:
Pierluigi Paganini@Security Affairs
//
A new botnet, dubbed PumaBot, is actively targeting Linux-based IoT devices, posing a significant security risk. This Go-based malware is designed to steal SSH credentials through brute-force attacks, allowing it to spread malicious payloads and illicitly mine cryptocurrency. Unlike other botnets that perform broad internet scans, PumaBot employs a more targeted approach by retrieving lists of IP addresses from its command-and-control (C2) server, enabling it to focus its attacks on specific devices. This approach, coupled with its ability to impersonate legitimate system files, makes PumaBot a stealthy and dangerous threat to embedded Linux systems.
The attack begins with PumaBot attempting to brute-force SSH credentials on targeted devices, aiming to gain unauthorized access. Once inside, it establishes persistence using systemd service files, ensuring it survives reboots and remains active on the compromised device. To further mask its activities, PumaBot disguises itself as a legitimate Redis system file, attempting to blend in with normal system processes. After successfully gaining access to an infected system, it collects and exfiltrates basic system information to the C2 server, where it can receive commands to carry out its malicious objectives. The primary goal of PumaBot appears to be cryptocurrency mining, as evidenced by the presence of "xmrig" and "networkxm" commands within its code. These commands suggest that compromised devices are being leveraged to generate illicit cryptocurrency gains for the botnet operators. Security experts also observed that the botnet performs checks to avoid honeypots and, curiously, looks for the string "Pumatronix," a surveillance and traffic camera manufacturer, hinting at a targeted or exclusionary approach. The discovery highlights the ongoing need for robust security measures for IoT devices, as they continue to be attractive targets for botnet recruitment and malicious activities.
Share:
References :
Classification: |