Vulnerability Note: VU#251927: CalAmp LMU-3030 devices may not authenticate SMS interface
Published: 2017-06-08 13:12:17-04:00
Description: OBD-II devices are used to provide telematics information for managers of fleets of vehicles. One type of device,manufactured by CalAmp,has an SMS(text message)interface. We have found multiple deployments where no password was configured for this interface by the integrator/reseller. Companies using the CalAmp hardware should be aware that they need to set a password or disable SMS. Vendors were notified and the SMS interface was disabled or password-protected by all vendors known to be affected.