By - Security researchers find unprotected database belonging to AngelSense
- Company builds GPS tracking devices for persons with disabilities
- The database contained names, GPS data, and more
A GPS tracking gear manufacturer was reportedly at risk of leaking sensitive data on the internet, experts have warned.
Cybersecurity researchers UpGuard discovered a non-password-protected database belonging to AngelSense online, keeping it active for at least a few weeks, filling it up with information generated by its equipment.
AngelSense is a GPS tracking and safety device designed for individuals with special needs, such as children with autism or elderly individuals with dementia. It provides real-time location tracking, two-way voice communication, and alerts to caregivers to ensure their loved ones’ safety and well-being.
Shutting down access
TechCrunch says the company is “touted by law enforcement and police departments across the US”.
Unprotected databases are, unfortunately, a common occurrence and one of the key causes of data leaks. In this incident, the company was storing real-time updating logs from an AngelSense system, including personal information of AngelSense customers. Names, postal addresses, phone numbers, GPS coordinates, health information, and more, were being exposed. Furthermore, the database kept technical logs about the company’s systems, as well.
Email addresses, passwords, authentication tokens for accessing customer accounts, and partial credit card information were all being stored in plaintext.
The archive has since been closed down, however the researchers couldn’t establish exactly for how long the database was exposed, although the database’s listing on Shodan shows it was first spotted on January 14, although it could have been available for longer.
It is also unknown if anyone found it before UpGuard. All a person would need is knowledge of the IP address and a browser.
“It was only when UpGuard phoned us that the issue was raised to our attention,” AngelSence CEO, Doron Somer, admitted. “Upon its discovery, we acted promptly to validate the information provided to us and to remedy the vulnerability.”
“We note that other than UpGuard, we have no information suggesting that any data on the logging system potentially was accessed. Nor do we have any evidence or indication that the data has been misused or is under threat of misuse.”
Via TechCrunch
