The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/93874 | Third Party Advisory VDB Entry |
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/ | Exploit Technical Description Third Party Advisory |
https://www.kb.cert.org/vuls/id/617567 | Third Party Advisory US Government Resource |
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ | Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/93874 | Third Party Advisory VDB Entry |
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/ | Exploit Technical Description Third Party Advisory |
https://www.kb.cert.org/vuls/id/617567 | Third Party Advisory US Government Resource |
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 02:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/93874 - Third Party Advisory, VDB Entry | |
References | () https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/ - Exploit, Technical Description, Third Party Advisory | |
References | () https://www.kb.cert.org/vuls/id/617567 - Third Party Advisory, US Government Resource | |
References | () https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ - Third Party Advisory, US Government Resource |
Information
Published : 2018-07-06 21:29
Updated : 2024-11-21 02:56
NVD link : CVE-2016-6539
Mitre link : CVE-2016-6539
CVE.ORG link : CVE-2016-6539
JSON object : View
Products Affected
thetrackr
- trackr_firmware
- trackr
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor