101 Views

Real-time Locations Of Most US Cell Phones Leaked By An Exploited Website

A little-known service has been leaking the real-time locations of US cell phone users to anyone who takes the time to exploit an easily spotted bug in a free trial feature, security news site KrebsOnSecurity reported Thursday.

LocationSmart, as the service is known, identifies the locations of phones connected to AT&T, Sprint, T-Mobile, or Verizon, often to an accuracy of a few hundred yards, reporter Brian Krebs said. While the firm claims it provides the location lookup service only for legitimate and authorized purposes, Krebs reported that a demo tool on the LocationSmart website could be used by just about anyone to surreptitiously track the real-time whereabouts of just about anyone else.

The tool was billed as a demonstration prospective customers could use to see the approximate location of their own mobile device. It required interested people to enter their name, email address, and phone number into a Web form. LocationSmart would then text the phone number and request permission to query the cellular network tower closest to the device. It didn’t take long for Robert Xiao, a security researcher at Carnegie Mellon University, to find a way to work around the authorization requirement.

Xiao published a detailed description of the demo bug. It showed how simple changes to the demo’s Web requests were able to bypass the requirement a location be queried only after a phone user approved.

LocationSmart founder and CEO Mario Proietti told Krebs he never intended to give away the service. “We make it available for legitimate and authorized purposes,” Krebs quoted the CEO as saying. “It’s based on legitimate and authorized use of location data that only takes place on consent. We take privacy seriously, and we’ll review all facts and look into them.”

Word of the leak comes five days after another little-known service called Securus came to national attention after The New York Times reported it allowed law enforcement officers to locate most US-based cell phones within seconds. According to ZDNet, Securus got the information through Carlsbad, California-based LocationSmart. Motherboard later reported that Securus experienced its own security breach that exposed the usernames and weakly protected passwords of thousands of Securus customers.

In a statement Sen. Ron Wyden (D-Ore) wrote: “This leak, coming only days after the lax security at Securus was exposed, demonstrates how little companies throughout the wireless ecosystem value Americans’ security. It represents a clear and present danger, not just to privacy but to the financial and personal security of every American family. Because they value profits above the privacy and safety of the Americans whose locations they traffic in, the wireless carriers and LocationSmart appear to have allowed nearly any hacker with a basic knowledge of websites to track the location of any American with a cell phone.”

You May Like

Top 10 Millionaire Success Stories That Share A Common Theme – Bitcoin!
Celebrities, technology
246957 views
Celebrities, technology
246957 views

Top 10 Millionaire Success Stories That Share A Common Theme – Bitcoin!

pwlvz - October 5, 2017

The economic meltdown of 2008 was definitely not just another crisis in history. It was the year we started paying…

How a young car enthusiast ended up working as a supercar reviewer after being forced out of a dealership
Incredible
58138 views
Incredible
58138 views

How a young car enthusiast ended up working as a supercar reviewer after being forced out of a dealership

pwlvz - September 22, 2017

Jacob Tremblay was a young car enthusiast from Toronto who considered himself a true “gearhead”. Whenever he wasn’t working or…

Once a homeless couple, now a growing business
Incredible
46260 views
Incredible
46260 views

Once a homeless couple, now a growing business

pwlvz - October 2, 2017

Charles and Sophie were once a happily married couple, until the company they worked for went bankrupt. Unable to find…

Ex-boyfriend Cheats With A Decade Younger Model – Gets Revenge For Flying Too Close To The Sun!
Funny, OMG
18614 views
Funny, OMG
18614 views

Ex-boyfriend Cheats With A Decade Younger Model – Gets Revenge For Flying Too Close To The Sun!

pwlvz - October 2, 2017

Leah Smith is a successful footwear model who works with famous photographers in Vancouver where she lives. But despite her…

Leave a Comment

Your email address will not be published.