CATEGORIES
home News

LocationSmart Service Leaked Customer Location Data From All Four Major US Wireless Carriers

by Paul LillyFriday, May 18, 2018, 09:40 AM EDT
Location

Sometimes it feels like security and privacy are myths in this day and age of data leaks, hacking, and everything else. The latest example comes from a LocationSmart, a relatively obscure (to the public) location-as-a-service outfit has been leaking real-time location information of cell phone users on all of the major wireless networks in the United States, including AT&T, Verizon, T-Mobile, and Sprint.

LocationSmart offers a free demo in which anyone can see the approximate location of their own mobile phone simply by entering in their name, email address, and phone number into a form on the company's website. The service then sends a text to the phone number that was entered asking for permission to ping the device's nearest cell phone network tower. If a user consents, LocationSmart tracks the device's longitude and latitude and plots the location on a Google Street View map.

It's easy to see how something like that might be useful or interesting. However, it was recently discovered that LocationSmart was not performing even basic security and privacy checks to ensure that its service was not being abused. Anyone with a bit of knowledge about how websites work could figure out how to look up location data of other users without ever entering in any login information.

"I stumbled upon this almost by accident, and it wasn't terribly hard to do," Xiao, a PhD candidate at CMU's Human-Computer Interaction Institute, told KrebsOnSecurity. "This is something anyone could discover with minimal effort. And the gist of it is I can track most peoples' cell phone without their consent."

Xiao called it "really creepy stuff," noting that when he tested this on a friend's phone (who had given him consent), he was not only able to track his current location, but also his directional movements.

"We don’t give away data," LocationSmart founder and CEO Mario Proietti said in a statement. "We make it available for legitimate and authorized purposes. It’s based on legitimate and authorized use of location data that only takes place on consent. We take privacy seriously and we’ll review all facts and look into them."

The service has since been taken offline. However, it's not clear how long this has been going on and what the future plans are, and what, if anything, what actions the nation's largest wireless carriers might take in response to the data flub.
Tags:  security, Sprint, Privacy, T-Mobile, Verizon, at&t, locationsmart
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment