“A website flaw at a California company that gathers real-time data on cellular wireless devices could have allowed anyone to pinpoint the location of any AT&T, Verizon, Sprint or T-Mobile cellphone in the United States to within hundreds of yards, a security researcher said,” Frank Bajak reports for The Associated Press. “The company involved, LocationSmart of Carlsbad, operates in a little-known business sector that provides data to companies for such uses as tracking employees and texting e-coupons to customers near relevant stores.”
“Among the customers LocationSmart identifies on its website are the American Automobile Association, FedEx and the insurance carrier Allstate,” Bajak reports. “The LocationSmart flaw was first reported by independent journalist Brian Krebs. It’s the latest case to underscore how easily wireless carriers can share or sell consumers’ geolocation information without their consent.”
U.S. Senator Ron Wyden “said the LocationSmart and Securus cases underscore the ‘limitless dangers’ Americans face due to the absence of federal regulation on geolocation data. ‘A hacker could have used this site to know when you were in your house so they would know when to rob it. A predator could have tracked your child’s cellphone to know when they were alone,’ he said in a statement,” Bajak reports. “LocationSmart took the flawed webpage offline Thursday, a day after Carnegie Mellon University computer science student Robert Xiao discovered the software bug and notified the company, Xiao told The Associated Press. The doctoral researcher said the bug ‘allowed anyone, anywhere in the world, to look up the location of a U.S. cellphone,’ said Xiao. ‘I could punch in any 10-digit phone number,’ he added, ‘and I could get anyone’s location.'”
Read more in the full article here.
MacDailyNews Take: We did not authorize our location data to be obtained by LocationSmart. You likely did not, either. So why are they allowed to have our location data?
Until Americans wake up about privacy, and demand stringent laws, these myriad risks due to blatant data theft will continue.
[Thanks to MacDailyNews readers too numerous to mention individually for the heads up.]