“A website flaw at a California company that gathers real-time data on cellular wireless devices could have allowed anyone to pinpoint the location of any AT&T, Verizon, Sprint or T-Mobile cellphone in the United States to within hundreds of yards, a security researcher said,” Frank Bajak reports for The Associated Press. “The company involved, LocationSmart of Carlsbad, operates in a little-known business sector that provides data to companies for such uses as tracking employees and texting e-coupons to customers near relevant stores.”
“Among the customers LocationSmart identifies on its website are the American Automobile Association, FedEx and the insurance carrier Allstate,” Bajak reports. “The LocationSmart flaw was first reported by independent journalist Brian Krebs. It’s the latest case to underscore how easily wireless carriers can share or sell consumers’ geolocation information without their consent.”
U.S. Senator Ron Wyden “said the LocationSmart and Securus cases underscore the ‘limitless dangers’ Americans face due to the absence of federal regulation on geolocation data. ‘A hacker could have used this site to know when you were in your house so they would know when to rob it. A predator could have tracked your child’s cellphone to know when they were alone,’ he said in a statement,” Bajak reports. “LocationSmart took the flawed webpage offline Thursday, a day after Carnegie Mellon University computer science student Robert Xiao discovered the software bug and notified the company, Xiao told The Associated Press. The doctoral researcher said the bug ‘allowed anyone, anywhere in the world, to look up the location of a U.S. cellphone,’ said Xiao. ‘I could punch in any 10-digit phone number,’ he added, ‘and I could get anyone’s location.'”
Read more in the full article here.
MacDailyNews Take: We did not authorize our location data to be obtained by LocationSmart. You likely did not, either. So why are they allowed to have our location data?
Until Americans wake up about privacy, and demand stringent laws, these myriad risks due to blatant data theft will continue.
[Thanks to MacDailyNews readers too numerous to mention individually for the heads up.]
I wonder which government agency owns this company, CIA, FBI or NSA? Or maybe it is one of the lesser known ones which does not already have access to all the data the NSA collects while spying on innocent Americans.
Location info is kind of “baked in”..is it not? Just go to google search and look at the bottom. They know where you are. MDN can get my ip, OS, and browser info, etc from their logs. If you have an ip, someone has your location. That has always been the case. Carriers giving away that info is in their EULA.
Cell phones require that they check in with the closest tower constantly so the system knows where to send any calls.
It has nothing to do with IP addresses.
Cell phones were always tracking devices before the internet.
“M” is great proof on how a little bit of knowledge is a dangerous thing.
M… Sigh
Carrier..internet provider..they know your location. Naïvety. Insult me. We know your location.
Ok I admit it! I’m responsible for this. It’s why I am called Snoop, Dog.
Government regulation of any sort is anti Libertarian…
Invasion of privacy is anti Libertarian…
What ever are we going to do?
The government has its place. Regulating regions of civil vulnerability is one of its most important functions. That includes finance, privacy and liberty. Weaken government too much, and it can’t perform it most basic function and we all suffer.
I switched to Consumer Cellular from AT&T customer since the 1990s the day my SE arrived. Wonder if they are affected? …
Consumer Cellular is an MVNO. In all likelihood, the vulnerability would also apply to whatever network an MVNO utilizes.
An MVNO, what is that? Inside baseball tech speak that most people don’t understand or how it applies is my guess. Unless you are talking your fav liberal politics where you clearly spell it out — when it comes to tech you have an abbreviated style of writing, and that’s fine. Not a criticism, just an observation. “In all likelihood” so you”re not certain, fair enough. Thanks for the reply …
Interesting. Now MDN is calling for stricter laws, stricter regulation. When it suits you, you go for more government. When it doesn’t, you blame the government for everything, ridicule all civil servants as incompetent and corrupt, and support efforts to deconstruct government. Seriously, make up your damn minds.
Only an EXTREMIST ABSOLUTIST wants it one way ALL the time. You adjust your position to what oversight is required at the time …
Why your head doesn’t explode with shame and irony_desert disease…I’ll never know.
Coming from one of MDN’s resident reactionary partisan absolutists, that’s rich beyond belief. Nothing you have ever contributed here has even hinted that you understand words like consensus, give and take, negotiation, necessary legislation to curb excess…or anything hinting at a balanced viewpoint. No, with you it’s always Democrat scum, Libtards, anti gun elitists…you name it, you’ve repeatedly SHOUTED it here.
We can now add wilful dissembling to your list of convenient failings.
Not unexpected of course.
All of these exposed data stories need a corollary in their headline: “…that we know of so far.”
:/
MDN calling for what Republicans always deride as ”job killing” regulations.
If the company throws a few dollars to the RNC and the Trump Campaign, the Republicans will become their best friend.
The GOP and Trump are highly transactional, as in pay to play.
MDN,
This just goes to show you that no matter what any company says they will or will not do, you have no guarantees that your information will be disclosed or sold to anybody, anywhere. That includes the holy grail, Apple.
If you think otherwise, you are naive.