Skip to content
Search AI Powered

Latest Stories

Service Allowed People To Track Pretty Much Anyone Else's Location Through Their Cell Phone. Whoops.

Service Allowed People To Track Pretty Much Anyone Else's Location Through Their Cell Phone. Whoops.
(Ute Grabowsky/Photothek via Getty Images)

Little did consumers know that the smartphones they carried in their pockets also served as a tracking device, not just for phone companies, but for other users thanks to a buggy location demo service.

KrebsOnSecurity reported that a small company called LocationSmart – an aggregator of real-time data of the locations of cell phone users – was inadvertently allowing anyone with free access to the feature without passwords.


The service was enabled on AT&T, Sprint, T-Mobile, and Verizon devices and had the capability of tracking down customers within a few hundred-yard accuracy.



KrebsOnSecurity provided details on how the system works:

LocationSmart's demo is a free service that allows anyone to see the approximate location of their own mobile phone, just by entering their name, email address and phone number into a form on the site. LocationSmart then texts the phone number supplied by the user and requests permission to ping that device's nearest cellular network tower.

After LocationSmart receives consent from the user, they are sent latitudinal and longitudinal coordinates, via text, on Google Street View maps as confirmation.

Sometimes it feels like, somebody's watching YOU.

Giphy



Robert Xiao, a security researcher at Carnegie Mellon University found a way to avoid the authentication process after realizing that LocationSmart "failed to perform basic checks to prevent anonymous and unauthorized queries."

The system's flaw left anyone who is Internet savvy to abuse its function.

I stumbled upon this almost by accident, and it wasn't terribly hard to do. This is something anyone could discover with minimal effort. And the gist of it is I can track most peoples' cell phone without their consent.
This is really creepy stuff.

Don't tell him twice.

Giphy




LocationSmart's demo was taken offline on Thursday after the technical snafu.



The company's founder Mario Proietti had no intention for the service to be free, but was meant "for legitimate and authorized purposes."

It's based on legitimate and authorized use of location data that only takes place on consent.We take privacy seriously, and we'll review all facts and look into them.




The gaffe occurred after the New York Times reported on a little-known service called Securus that allowed law enforcers to track down anyone with a U.S.-based smartphone within seconds.

The service suffered a security breach leaking subscribers' usernames and passwords

Stephanie Lacambra from the Electronic Frontier Foundation said that wireless customers are obligated to location tracking enabling by their cellphone carriers by law. The function is relied upon for improving customer service as carriers use the information in the event of an emergency to comply with 911 regulations.





However, Krebs mentioned the inherent danger in third parties compromising customers' security.

But unless and until Congress and federal regulators make it more clear how and whether customer location information can be shared with third-parties, mobile device customers may continue to have their location information potentially exposed by a host of third-party companies, Lacambra said.



H/T - KrebsOnSecurity, Twitter

More from Trending

Jasmine Crockett Calls Out Trump's Hypocrisy By Pointing Out How Melania Got Her Visa
Leigh Vogel/Getty Images for SiriusXM; Kayla Bartkowski/Getty Images

Jasmine Crockett Calls Out Trump's Hypocrisy By Pointing Out How Melania Got Her Visa

Texas Democratic Representative Jasmine Crockett pointed out President Donald Trump's hypocrisy on immigration considering how First Lady Melania Trump's pathway to citizenship was possible because she received an "Einstein visa," which is usually reserved for an individual with "some sort of significant achievement."

Speaking during a House Judiciary Committee hearing titled “Restoring Integrity and Security to the Visa Process,” Crockett noted that “the idea that Trump and my Republican colleagues want to restore integrity and security in the visa process is actually a joke," and harshly criticized the Trump administration's immigration crackdown and visa restrictions.

Keep ReadingShow less
Screenshots of Jennifer Griffin and Pete Hegseth
The Hill

Fox Host Comes To Reporter's Defense After Pete Hegseth Berates Her At Pentagon Briefing

Fox News' chief political analyst Brit Hume came to the defense of Fox national security reporter Jennifer Griffin after their former colleague, Defense Secretary Pete Hegseth, criticized Griffin as the reporter "who misrepresents the most intentionally what the president says” in a Pentagon news conference.

Hegseth, a former Fox News anchor, had criticized media outlets—including his former network—for what he described as unpatriotic reporting. Hegseth took particular aim at early intelligence assessments suggesting that President Donald Trump's bombing of Iran may not have significantly crippled Iran’s nuclear capabilities.

Keep ReadingShow less

Teachers Share The Questions Students Asked In Class That Broke Their Hearts

Being a teacher is a calling.

It is not for the meek or weak of heart.

Keep ReadingShow less
Screenshot of Emily Compagno
Fox News

Fox Host Slams Dem For Dropping An F-Bomb After Praising Trump For The Same Thing Just Minutes Earlier

Fox News host Emily Compagno was criticized after she praised Donald Trump's use of the "f-bomb" earlier this week before condemning Texas Democratic Representative Jasmine Crockett's use of the same word—on the same episode of her show, no less.

Trump made headlines this week after admonishing Israel and Iran for violating a ceasefire agreement he'd announced on Truth Social. Although he claimed the ceasefire had been "agreed upon," Iran fired at least six missile barrages at Israel after it was supposed to take effect.

Keep ReadingShow less
Ken Jennings; Emily Croke
@Jeopardy/Instagram

Champ's Wild Final Jeopardy Connection

In a dramatic conclusion on last Monday’s Jeopardy!, a contestant revealed a surprising relationship to the final clue's answer. Hailing from Denver, Emily Croke made it to the final write-in portion of the game show with $12,200 in earnings.

In the category of “Collections,” host Ken Jennings read the clue:

Keep ReadingShow less