The details of users at Ituran can be stolen relatively simply.
TheMarker magazine reports that a serious breach has been found at Ituran, which allowed attackers to access the company’s customers’ information and in some cases even to watch their exact location.
Ituran are the biggest fleet management company in Israel, and every company who give cars to their employees use Ituran services.
According to the writer Amitai Ziv, this is a weakness caused by a very weak password-keeping mechanism. It is very surprising that a company like Ituran is working with a system such as this. In fact, Ituran uses the customer’s ID as its identification tool, both as a user name and as a password The password simply adds a single English letter in front of the ID number. Ituran Customer You simply have to go through a maximum of 26 letters, and within a few minutes you can view the customer details.
The customer details at risk by this leak included: the name of the customer (including family), telephone, email, vehicle number and number of child.
Incidentally, the ID number is a readily accessible resource on the net. For example, senior executives at public companies give their ID number on the TASE portal when they are appointed to the job, so that it is very easy to obtain the ID number of all senior officials in the economy, including Ituran chairman Izzy Sheratzky.
Ituran’s response in TheMarker’s article:
“Ituran does everything to protect the privacy of its customers, but there may always be illegal infiltrations. Our investigation indicates that the password management policy requires upgrading in order to prevent more efficient infiltration attempts, so we are working to reduce the exposure immediately, New password mechanisms “.