LocationSmart website flaw exposed real-time locations of 200 million Americans2018-05-21 11:25 by Daniela
A website flaw at the California company LocationSmart that gathers real-time data on cellular wireless devices could have allowed anyone to pinpoint the location of any AT&T, Verizon, Sprint or T-Mobile cellphone in the United States to within hundreds of yards, a security researcher said.
A PhD candidate from Carnegie Mellon University first discovered the vulnerability and reported it to KrebsOnSecurity. LocationSmart has since secured the data, but it appears that isn't enough for the federal government. The location data of customers with AT&T, Verizon, Sprint and T-Mobile were apparently easily available. The matter is being referred to the FCC's enforcement bureau.
LocationSmart offered a free demonstration on its website, where you could track any phone, as long as you had consent from the phone's owner. The flaw, which LocationSmart said it's fixed, would have allowed anyone to use the tracking feature, without needing prior consent.
Actually, LocationSmart is able to obtain accurate geolocation data on nearly any phone in the US because it buys that data from major US wireless carriers, including T-Mobile, Verizon, AT&T and Sprint. Though wireless carriers aren't allowed to provide location data to the government, they can sell that data to businesses.
Read more -here-