According to the latest reports, a breach in a cell phone tracking service allowed anyone to track the location of devices without requiring any authorization. For this, it was enough to take advantage of some openings offered by the tool.
OMG! Real-Time Location Data Of Nearly All US Smartphone Users Exposed
A breach in a cell phone tracking service allowed anyone to track the location of devices without requiring any authorization. For this, it was enough to take advantage of some openings offered by the tool.
The flaw was present at LocationSmart, as the platform is known, and was discovered by computer science professor Robert Xiao. According to him, it was possible to track the location of AT&T, Sprint, T-Mobile and Verizon, the largest carriers in the United States.
LocationSmart sells itself as a real-time smartphone location service. To convince potential customers, it offered a free demo for you to find your mobile by entering only the name, email, and phone on a form.
The tool then sent a text message asking permission to communicate with the nearest cell phone tower. With the authorization, the service passed the longitude and latitude of the mobile, along with a Google Street View screen.
However, according to Xiao, LocationSmart did not perform basic checks to prevent anonymous, unauthorized searches. Thus, simple changes to the service API allowed cell phones that did not give the permission to be located as well.
The failure was proven by Brian Krebs of Krebs on Security. According to him, tests showed the approximate location of five people. With the authorization of each, Xiao was able to determine where they were. The accuracy ranged from 90 meters to 2.5 kilometres.
After the breakthrough was discovered, the demonstration was taken off the air. According to Mario Proietti, CEO of LocationSmart, the service is based on the legitimate and authorized use of location data. “We take privacy seriously and we will review and investigate all the facts,” he said.
So, what do you think about this? Simply share all your views and thoughts in the comment section below.