CISA Warns of Remote Control Flaws in SinoTrack GPS Trackers

The US CISA reports critical vulnerabilities in SinoTrack GPS devices that could let attackers remotely control vehicles and track locations. Discover the vulnerabilities and essential steps to secure your device.

Owners of SinoTrack GPS devices should be aware of significant security weaknesses that could allow unauthorized individuals to track vehicles or even cut off their fuel remotely. These vulnerabilities, affecting all known SinoTrack devices and the SinoTrack IOT PC Platform, were recently brought to light by independent researcher Raúl Ignacio Cruz Jiménez. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding these issues.

What are the Risks?

Two main problems have been identified. The first, labelled CVE-2025-5484, is a weak authentication flaw, which means that logging into the device’s management system is too easy. Every device uses its unique identifier, which is printed on the receiver as the username.

What’s more concerning is that ...