On July 19, 2022, six vulnerabilities in the MiCODUS MV720 GPS tracker were discovered. This device allows users to manage vehicles and other assets using cloud-based platforms such as web, iOS, and Android. Severe vulnerabilities in the device could allow bad actors to exploit it, resulting in:
- Injury or loss of life
- National security breaches
- Property damage
- Supply chain disruption
- Individual or fleet-wide ransomware
- Personal, business, or political surveillance and tracking
As of July 20, 2022, MiCODUS has not released a patch for these vulnerabilities. Given its major security risk, Bitsight recommends discontinuing use of the MiCODUS MV720 immediately.
Refer to the MiCODUS MV720 GPS Tracker Vulnerability Resource Center for further details and recommendations.