The Broadband Guide
search advanced
 forgot password?

LocationSmart website flaw exposed real-time locations of 200 million Americans

2018-05-21 11:25 by


A website flaw at the California company LocationSmart that gathers real-time data on cellular wireless devices could have allowed anyone to pinpoint the location of any AT&T, Verizon, Sprint or T-Mobile cellphone in the United States to within hundreds of yards, a security researcher said.

A PhD candidate from Carnegie Mellon University first discovered the vulnerability and reported it to KrebsOnSecurity. LocationSmart has since secured the data, but it appears that isn't enough for the federal government. The location data of customers with AT&T, Verizon, Sprint and T-Mobile were apparently easily available. The matter is being referred to the FCC's enforcement bureau.

LocationSmart offered a free demonstration on its website, where you could track any phone, as long as you had consent from the phone's owner. The flaw, which LocationSmart said it's fixed, would have allowed anyone to use the tracking feature, without needing prior consent.

Actually, LocationSmart is able to obtain accurate geolocation data on nearly any phone in the US because it buys that data from major US wireless carriers, including T-Mobile, Verizon, AT&T and Sprint. Though wireless carriers aren't allowed to provide location data to the government, they can sell that data to businesses.

Read more -here-


  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About