banner



Bug in Free Demo Let You See Location Data on Any Cell Phone

Desire to learn someone's location? Due to some shoddy programming, a US company that hoards prison cell phone information accidentally gave anyone the disturbing ability to do this.

LocationSmart specializes in collecting cell telephone information from Usa wireless carriers equally a way to assist businesses understand their customers. According to its website, the California company has location data on over 400 meg devices.

However, LocationSmart appears to have been careless with that information. A computer scientist noticed on Wednesday that an online demo for ane of the company'southward services could permit anyone plug in a cell phone number, and pull up the device's location.

The searches were supposed to be express to only cell telephone numbers that had granted consent to the location lookups. To do this, the demo would text or call the phone number and request permission from the owner.

LocationSmart Demo

Unfortunately, the demo contained a software bug, according to Robert Xiao, a PhD candidate at Carnegie Mellon University. He was digging around the demo and noticed a flaw in the organization's API that can let you lot make cell phone location searches without obtaining the owner's consent.

Xiao disclosed the vulnerability to security announcer Brian Krebs, who verified that the LocationSmart demo could, indeed, pull upwards someone'due south approximate location; he and Xiao tested it on v of Krebs' trusted sources.

"One of those sources said the longitude and latitude returned by Xiao'south queries came within 100 yards of their then-current location," Krebs wrote on Thursday. "Another source said the location found by the researcher was 1.5 miles away from his current location. The remaining three sources said the location returned for their phones was betwixt approximately 1/5 to ane/3 of a mile at the time."

How long the bug has been around isn't known, just LocationSmart appears to accept taken the demo offline.

Xiao was investigating the company amidst news that it was supplying location data to a little-known prison technology business firm called Securus Technologies. Last week, a Us senator revealed that Securus was as well providing cell phone location lookups to law enforcement and correctional officers without a warrant.

And so far, LocationSmart and Securus haven't commented. But their practices are raising serious questions over why US wireless carriers are handing and so much individual information to third-party companies, when no controls appear to be in identify.

The major wireless providers haven't detailed their relationships with LocationSmart or Securus. But on Thursday, an AT&T spokesman said: "Nosotros don't let sharing of location information without customer consent or a need from law enforcement. If we learn that a vendor does non attach to our policy we will take appropriate action."

UPDATE 5/18/18: In a argument, LocationSmart said: "We have further confirmed that the vulnerability was not exploited prior to May 16th and did not effect in any client information being obtained without their permission."

"On that day (May 16) equally many every bit two dozen subscribers were located by Mr. Xiao through his exploitation of the vulnerability. Based on Mr. Xiao'south public statements, nosotros understand that those subscribers were located only later Mr. Xiao personally obtained their consent. LocationSmart is continuing its efforts to verify that not a unmarried subscriber's location was accessed without their consent and that no other vulnerabilities be. LocationSmart is committed to continuous improvement of its information privacy and security measures and is incorporating what it has learned from this incident into that process."

Source: https://sea.pcmag.com/news/21190/bug-in-free-demo-let-you-see-location-data-on-any-cell-phone

Posted by: weishaarmillan.blogspot.com

0 Response to "Bug in Free Demo Let You See Location Data on Any Cell Phone"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel