Article 3QFVB Website leaked real-time location of most US cell phones to almost anyone

Website leaked real-time location of most US cell phones to almost anyone

by
Dan Goodin
from Ars Technica - All content on (#3QFVB)
locationsmart-750x500.jpg

Enlarge / An image from the LocationSmart website. (credit: LocationSmart)

A little-known service has been leaking the real-time locations of US cell phone users to anyone who takes the time to exploit an easily spotted bug in a free trial feature, security news site KrebsOnSecurity reported Thursday.

LocationSmart, as the service is known, identifies the locations of phones connected to AT&T, Sprint, T-Mobile, or Verizon, often to an accuracy of a few hundred yards, reporter Brian Krebs said. While the firm claims it provides the location lookup service only for legitimate and authorized purposes, Krebs reported that a demo tool on the LocationSmart website could be used by just about anyone to surreptitiously track the real-time whereabouts of just about anyone else.

The tool was billed as a demonstration prospective customers could use to see the approximate location of their own mobile device. It required interested people to enter their name, email address, and phone number into a Web form. LocationSmart would then text the phone number and request permission to query the cellular network tower closest to the device. It didn't take long for Robert Xiao, a security researcher at Carnegie Mellon University, to find a way to work around the authorization requirement.

Read 7 remaining paragraphs | Comments

index?i=91YEmjq3Exo:wWAcRbAodiU:V_sGLiPB index?i=91YEmjq3Exo:wWAcRbAodiU:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments