BlackVue: Difference between revisions

(One intermediate revision by the same user not shown)

Line 13:

}}

'''BlackVue''' is a dashcam brand manufactured by Pittasoft Co. Ltd., a privately held South Korean company founded in 2007.<ref name="tracxn">{{Cite web |author= |title==BlackVue Company Profile |url=https://tracxn.com/d/companies/blackvue/__sULi2NdAYMOKiZUnzCUB0a00DsfdWttUdzb7nzIMFaw |website=Tracxn |date=1 Mar 2026 |access-date=19 Apr 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0420-1242-51/https://tracxn.com:443/d/companies/blackvue/__sULi2NdAYMOKiZUnzCUB0a00DsfdWttUdzb7nzIMFaw |archive-date=20 Apr 2025}}</ref> Since 2018, multiple independent security researchers have found that BlackVue's cloud service broadcasts users' real-time GPS locations, live video feeds, and audio to anyone with a free account.<ref name="cybernews">{{Cite web |last=Lapienytė |first=Jurgita |title=BlackVue dash cameras let you track other users; the company says it's a feature, not a bug |url=https://cybernews.com/privacy/blackvue-dash-cameras-let-you-track-other-users-the-company-says-its-a-feature-not-a-bug/ |website=CyberNews |date=12 Jan 2022 |access-date=19 Apr 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0420-1249-07/https://cybernews.com:443/privacy/blackvue-dash-cameras-let-you-track-other-users-the-company-says-its-a-feature-not-a-bug/ |archive-date=20 Apr 2026}}</ref> Seven CVEs across two product lines remain un-patched or were only acknowledged after public disclosure,<ref name="cve23-github">{{Cite web |author=eyJhb |title=BlackVue DR750 CVE |url=https://github.com/eyJhb/blackvue-cve-2023 |website=[[GitHub]] |date=12 Apr 2023 |access-date=19 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20230505111212/https://github.com/eyJhb/blackvue-cve-2023 |archive-date=5 May 2023}}</ref><ref name="cve25-github">{{Cite web |author=geo-chen |title=BlackVue Security Vulnerabilities |url=https://github.com/geo-chen/BlackVue |website=[[GitHub]] |date=6 Jul 2025 |access-date=19 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260420035635/https://github.com/geo-chen/BlackVue |archive-date=20 Apr 2026}}</ref> and in April 2025 Pittasoft began requiring a BlackVue account to use the companion app, removing the ability to access a locally-connected dashcam without an internet login.<ref name="blog-update">{{Cite web |author= |title=Discover the Latest BlackVue App Update: Enhanced UI, New Features, and More |url=https://media.blackvue.com/discover-the-latest-blackvue-app-update-enhanced-ui-new-features-and-more/ |website=BlackVue |date=13 Mar 2025 |access-date=19 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20250728153154/https://media.blackvue.com/discover-the-latest-blackvue-app-update-enhanced-ui-new-features-and-more/ |archive-date=28 Jul 2025}}</ref>

'''BlackVue''' is a dashcam brand manufactured by Pittasoft Co. Ltd., a privately held South Korean company founded in 2007.<ref name="tracxn">{{Cite web |author= |title=BlackVue Company Profile |url=https://tracxn.com/d/companies/blackvue/__sULi2NdAYMOKiZUnzCUB0a00DsfdWttUdzb7nzIMFaw |website=Tracxn |date=1 Mar 2026 |access-date=19 Apr 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0420-1242-51/https://tracxn.com:443/d/companies/blackvue/__sULi2NdAYMOKiZUnzCUB0a00DsfdWttUdzb7nzIMFaw |archive-date=20 Apr 2025}}</ref> Since 2018, multiple independent security researchers have found that BlackVue's cloud service broadcasts users' real-time GPS locations, live video feeds, and audio to anyone with a free account.<ref name="cybernews">{{Cite web |last=Lapienytė |first=Jurgita |title=BlackVue dash cameras let you track other users; the company says it's a feature, not a bug |url=https://cybernews.com/privacy/blackvue-dash-cameras-let-you-track-other-users-the-company-says-its-a-feature-not-a-bug/ |website=CyberNews |date=12 Jan 2022 |access-date=19 Apr 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0420-1249-07/https://cybernews.com:443/privacy/blackvue-dash-cameras-let-you-track-other-users-the-company-says-its-a-feature-not-a-bug/ |archive-date=20 Apr 2026}}</ref> Seven CVEs across two product lines remain un-patched or were only acknowledged after public disclosure,<ref name="cve23-github">{{Cite web |author=eyJhb |title=BlackVue DR750 CVE |url=https://github.com/eyJhb/blackvue-cve-2023 |website=[[GitHub]] |date=12 Apr 2023 |access-date=19 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20230505111212/https://github.com/eyJhb/blackvue-cve-2023 |archive-date=5 May 2023}}</ref><ref name="cve25-github">{{Cite web |author=geo-chen |title=BlackVue Security Vulnerabilities |url=https://github.com/geo-chen/BlackVue |website=[[GitHub]] |date=6 Jul 2025 |access-date=19 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260420035635/https://github.com/geo-chen/BlackVue |archive-date=20 Apr 2026}}</ref> and in April 2025 Pittasoft began requiring a BlackVue account to use the companion app, removing the ability to access a locally-connected dashcam without an internet login.<ref name="blog-update">{{Cite web |author= |title=Discover the Latest BlackVue App Update: Enhanced UI, New Features, and More |url=https://media.blackvue.com/discover-the-latest-blackvue-app-update-enhanced-ui-new-features-and-more/ |website=BlackVue |date=13 Mar 2025 |access-date=19 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20250728153154/https://media.blackvue.com/discover-the-latest-blackvue-app-update-enhanced-ui-new-features-and-more/ |archive-date=28 Jul 2025}}</ref>

==Consumer impact summary==

Line 93:

==References==

~~<!-- INCIDENT SEVERITY SCORES (for pipeline orchestration, not displayed)~~

INCIDENT_SCORE: GPS location broadcasting | 72/100 | Six years of documented privacy exposure across multiple independent investigations (Vice, CyberNews, CSO Online, ZephrSec). Company acknowledged but refused to change default behavior. Affected users globally. No regulatory action found.

INCIDENT_SCORE: Firmware security vulnerabilities | 68/100 | Seven CVEs across two product lines (DR750, DR590X), two rated CVSS 9.8 Critical, two rated CVSS 8.8 High. DR750 vulnerabilities reported in 2022 remain unpatched. DR590X acknowledged but fix status unclear. Approximately 300 vulnerable devices found online. No regulatory action.

INCIDENT_SCORE: Mandatory app registration | 52/100 | Retroactive functional restriction on purchased hardware. Second attempt after first was reversed in 2023. Documented community backlash across Reddit, DashCamTalk, and app stores. No legal action. Offline mode available after initial login partially mitigates impact.

INCIDENT_SCORE: Cloud subscription tier removal | 40/100 | Documented bait-and-switch from "Free Forever" to paid. Affected existing customers. Community complaints on Reddit. No legal action or regulatory response found. -->

[[Category:{{PAGENAME}}]]

[[Category:Dashcams]]

@@ Line 13: / Line 13: @@
 }}
-'''BlackVue''' is a dashcam brand manufactured by Pittasoft Co. Ltd., a privately held South Korean company founded in 2007.<ref name="tracxn">{{Cite web |author= |title==BlackVue Company Profile |url=https://tracxn.com/d/companies/blackvue/__sULi2NdAYMOKiZUnzCUB0a00DsfdWttUdzb7nzIMFaw |website=Tracxn |date=1 Mar 2026 |access-date=19 Apr 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0420-1242-51/https://tracxn.com:443/d/companies/blackvue/__sULi2NdAYMOKiZUnzCUB0a00DsfdWttUdzb7nzIMFaw |archive-date=20 Apr 2025}}</ref> Since 2018, multiple independent security researchers have found that BlackVue's cloud service broadcasts users' real-time GPS locations, live video feeds, and audio to anyone with a free account.<ref name="cybernews">{{Cite web |last=Lapienytė |first=Jurgita |title=BlackVue dash cameras let you track other users; the company says it's a feature, not a bug |url=https://cybernews.com/privacy/blackvue-dash-cameras-let-you-track-other-users-the-company-says-its-a-feature-not-a-bug/ |website=CyberNews |date=12 Jan 2022 |access-date=19 Apr 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0420-1249-07/https://cybernews.com:443/privacy/blackvue-dash-cameras-let-you-track-other-users-the-company-says-its-a-feature-not-a-bug/ |archive-date=20 Apr 2026}}</ref> Seven CVEs across two product lines remain un-patched or were only acknowledged after public disclosure,<ref name="cve23-github">{{Cite web |author=eyJhb |title=BlackVue DR750 CVE |url=https://github.com/eyJhb/blackvue-cve-2023 |website=[[GitHub]] |date=12 Apr 2023 |access-date=19 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20230505111212/https://github.com/eyJhb/blackvue-cve-2023 |archive-date=5 May 2023}}</ref><ref name="cve25-github">{{Cite web |author=geo-chen |title=BlackVue Security Vulnerabilities |url=https://github.com/geo-chen/BlackVue |website=[[GitHub]] |date=6 Jul 2025 |access-date=19 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260420035635/https://github.com/geo-chen/BlackVue |archive-date=20 Apr 2026}}</ref> and in April 2025 Pittasoft began requiring a BlackVue account to use the companion app, removing the ability to access a locally-connected dashcam without an internet login.<ref name="blog-update">{{Cite web |author= |title=Discover the Latest BlackVue App Update: Enhanced UI, New Features, and More |url=https://media.blackvue.com/discover-the-latest-blackvue-app-update-enhanced-ui-new-features-and-more/ |website=BlackVue |date=13 Mar 2025 |access-date=19 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20250728153154/https://media.blackvue.com/discover-the-latest-blackvue-app-update-enhanced-ui-new-features-and-more/ |archive-date=28 Jul 2025}}</ref>
+'''BlackVue''' is a dashcam brand manufactured by Pittasoft Co. Ltd., a privately held South Korean company founded in 2007.<ref name="tracxn">{{Cite web |author= |title=BlackVue Company Profile |url=https://tracxn.com/d/companies/blackvue/__sULi2NdAYMOKiZUnzCUB0a00DsfdWttUdzb7nzIMFaw |website=Tracxn |date=1 Mar 2026 |access-date=19 Apr 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0420-1242-51/https://tracxn.com:443/d/companies/blackvue/__sULi2NdAYMOKiZUnzCUB0a00DsfdWttUdzb7nzIMFaw |archive-date=20 Apr 2025}}</ref> Since 2018, multiple independent security researchers have found that BlackVue's cloud service broadcasts users' real-time GPS locations, live video feeds, and audio to anyone with a free account.<ref name="cybernews">{{Cite web |last=Lapienytė |first=Jurgita |title=BlackVue dash cameras let you track other users; the company says it's a feature, not a bug |url=https://cybernews.com/privacy/blackvue-dash-cameras-let-you-track-other-users-the-company-says-its-a-feature-not-a-bug/ |website=CyberNews |date=12 Jan 2022 |access-date=19 Apr 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0420-1249-07/https://cybernews.com:443/privacy/blackvue-dash-cameras-let-you-track-other-users-the-company-says-its-a-feature-not-a-bug/ |archive-date=20 Apr 2026}}</ref> Seven CVEs across two product lines remain un-patched or were only acknowledged after public disclosure,<ref name="cve23-github">{{Cite web |author=eyJhb |title=BlackVue DR750 CVE |url=https://github.com/eyJhb/blackvue-cve-2023 |website=[[GitHub]] |date=12 Apr 2023 |access-date=19 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20230505111212/https://github.com/eyJhb/blackvue-cve-2023 |archive-date=5 May 2023}}</ref><ref name="cve25-github">{{Cite web |author=geo-chen |title=BlackVue Security Vulnerabilities |url=https://github.com/geo-chen/BlackVue |website=[[GitHub]] |date=6 Jul 2025 |access-date=19 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260420035635/https://github.com/geo-chen/BlackVue |archive-date=20 Apr 2026}}</ref> and in April 2025 Pittasoft began requiring a BlackVue account to use the companion app, removing the ability to access a locally-connected dashcam without an internet login.<ref name="blog-update">{{Cite web |author= |title=Discover the Latest BlackVue App Update: Enhanced UI, New Features, and More |url=https://media.blackvue.com/discover-the-latest-blackvue-app-update-enhanced-ui-new-features-and-more/ |website=BlackVue |date=13 Mar 2025 |access-date=19 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20250728153154/https://media.blackvue.com/discover-the-latest-blackvue-app-update-enhanced-ui-new-features-and-more/ |archive-date=28 Jul 2025}}</ref>
 ==Consumer impact summary==
@@ Line 93: / Line 93: @@
 ==References==
 {{Reflist}}
-<!-- INCIDENT SEVERITY SCORES (for pipeline orchestration, not displayed)
-INCIDENT_SCORE: GPS location broadcasting | 72/100 | Six years of documented privacy exposure across multiple independent investigations (Vice, CyberNews, CSO Online, ZephrSec). Company acknowledged but refused to change default behavior. Affected users globally. No regulatory action found.
-INCIDENT_SCORE: Firmware security vulnerabilities | 68/100 | Seven CVEs across two product lines (DR750, DR590X), two rated CVSS 9.8 Critical, two rated CVSS 8.8 High. DR750 vulnerabilities reported in 2022 remain unpatched. DR590X acknowledged but fix status unclear. Approximately 300 vulnerable devices found online. No regulatory action.
-INCIDENT_SCORE: Mandatory app registration | 52/100 | Retroactive functional restriction on purchased hardware. Second attempt after first was reversed in 2023. Documented community backlash across Reddit, DashCamTalk, and app stores. No legal action. Offline mode available after initial login partially mitigates impact.
-INCIDENT_SCORE: Cloud subscription tier removal | 40/100 | Documented bait-and-switch from "Free Forever" to paid. Affected existing customers. Community complaints on Reddit. No legal action or regulatory response found. -->
 [[Category:{{PAGENAME}}]]
 [[Category:Dashcams]]