CISA Issues MiCODUS MV720 GPS Tracker Advisory

Cybersecurity, Transportation & Logistics
by Daniel Hooven
share with a colleague Download PDF

The Cybersecurity & Infrastructure Security Agency (CISA) released an Industrial Controls Systems Advisory (ICSA) listing six unpatched vulnerabilities that can allow threat actors remote control of vehicles that are outfitted with the MiCODUS MV720 GPS tracker systems.

The CISA Advisory (ICSA-22-200-01) warns that successful exploitation of the vulnerabilities can allow threat actors to remotely takeover any MV720 GPS tracker which can grant unauthorized access and controls to vehicle locations, fuel and oil supply, or vehicle control.

According to the MiCODUS website, the MV720 GPS tracker is a hardwired locator that provides real time location tracking and anti-theft capabilities including oil and fuel cutoff, remote control and geofencing capabilities. Features that are extremely useful, but also extremely dangerous in the wrong hands.

"The exploitation of these vulnerabilities could have disastrous and even life-threatening implications," BitSight states in their MiCODUS MV720 report. "For example, an attacker could exploit some of the vulnerabilities to cut fuel to an entire fleet of commercial or emergency vehicles. Or, the attacker could leverage GPS information to monitor and abruptly stop vehicles on dangerous highways."

While the MV720 network is not available in the United States, there are reportedly more than 1.5 million trackers currently in use across approximately 420,000 customers in industries including government, miliary, law enforcement and Fortune 1000 companies.

What can companies do that are impacted by the MiCODUS MV720 GPS tracker vulnerability?

The CISA Advisory outlines recommendations including:

  • Minimizing network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
  • Locating control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, using secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.

As of this article, MiCODUS has not made any public comments on the vulnerabilities or CISA advisory. 

Related Links

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected]

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2024 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Cybersecurity, IT Risk Advisory BY Madeline Adamczyk
Allegheny County Marriage License Data Leak May Affect Recent Newlyweds
read more >
Risk Advisory/Internal Audit, Transportation & Logistics BY Elizabeth Rhodes
The Impact of the Baltimore Key Bridge Disaster on Supply Chain
read more >
Cybersecurity, Health Care BY Daniel Hooven
$1 Billion a Day: Unpacking the Financial Aftershock of the Change Healthcare Cyber-Attack
read more >
Cybersecurity, IT Risk Advisory, Retail BY Madeline Adamczyk
Get the Low Down Before You Download: Exploring the Temu App’s Security Risks
read more >
Cybersecurity BY Nicholas DeLuca
Six-Figure Ransomware Attack Hits Washington County, PA
read more >
Cybersecurity BY Daniel Hooven
Romance Scams: Guarding Your Heart and Wallet
read more >
Register to receive our weekly newsletter with our most recent columns and insights.
subscribe for updates
most popular
Master Your Credit Card Strategy: A Guide to Maximizing Rewards and Boosting Your Credit Score
Wealth Management
By Jessica Ellicott, Courtney Moriarty | 4.16.2024

Uncover the frequently asked questions surrounding managing your credit cards more effectively and harnessing their potential benefits. ...

read more
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh
Columbus
Metropolitan Washington
Image of Prime Global Logo
follow us client portal

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×
Accept