Flaws in SETracker watch app posed danger to dementia patients

July 10, 2020
  • Make a device call any phone number.
  • Make a device send SMS with any text.
  • Call any device.
  • Spy on any device even in countries like Germany where this functionality was supposedly disabled.
  • Fake a message from a parent.
  • Kill the engine of a car tracker.
  • Access the camera of all devices with a camera.
  • Send a “Take Pills” command to the device to remind a relative to take medication.
  • Mysql password on all databases.
  • Ali yun file buckets credentials (s3 equivalent with ALL their pictures).
  • Email credentials.
  • SMS credentials.
  • Redis credentials.
  • IPs and services of 16 servers.
  • The entire server-side source code for SETracker.
  • The default password 123456 is hard coded in the source code.
prestitial ad