- Security researchers find an unprotected database belonging to Angelsense
- The company builds GPS monitoring systems for disabled people
- The database contained names, GPS data, and more
A manufacturer of GPS monitoring equipment would have been at the risk of disclosing sensitive data on the Internet, the experts warned.
Cybersecurity researchers Upguard have discovered a database unprotected by passwords belonging to Angelsense online, keeping it active for at least a few weeks, by filling it with information generated by its equipment.
Angelsense is a GPS monitoring and safety system designed for people with special needs, such as autistic children or elderly people with dementia. It offers follow-up of the location in real time, two-way vocal communication and alerts on caregivers to ensure the safety and well-being of their loved ones.
Access stop
Techcrunch Said that the company is “presented by the law enforcement services and the police of the United States”.
Unprotected databases are, unfortunately, common occurrence and one of the main causes of data leaks. In this incident, the company stored update newspapers in real time from an Angelsense system, including personal information from Angelsense customers. Names, postal addresses, telephone numbers, GPS contact details, health information, etc., were exposed. In addition, the database has also held technical newspapers on business systems.
E-mail addresses, passwords, authentication tokens to access customer accounts and partial credit card information were all stored in clear text.
The archives have since been closed, but the researchers could not establish exactly how long the database was exposed, although the list of the database on Shodan shows that it was spotted for the first time the January 14, although it could have been available for longer.
It is also not known if someone found it before Upguard. All that a person would need is to know the IP address and a browser.
“It was only when Upguard called us that the problem was raised to our attention,” admitted the CEO of Angelsence, Doron Somer. “During its discovery, we acted quickly to validate the information provided to us and to remedy vulnerability.”
“We note that apart from Upguard, we have no information suggesting that data on the journalization system was potentially accessible. We also have no evidence or indication that the data has been used to be unhealthy or are threatened with improper use. »»
Via Techcrunch
