Chicago Sun-Times

FLAW GIVES HACKERS ABILITY TO PINPOINT CELLPHONE USERS

- BY FRANK BAJAK

A California company confirmed that a flaw in its website allowed outsiders to pinpoint the location of mobile phones in the United States without authorizat­ion.

But LocationSm­art, which gathers realtime data on cellular wireless devices, says it has no evidence that anyone exploited the vulnerabil­ity beforeMay 16, when a security researcher at Carnegie Mellon discovered it.

Brenda Schafer, a LocationSm­art vice president, said via email Friday that the company is still seeking to verify that no location data was accessed without individual subscriber­s’ consent. She did not respond to questions about LocationSm­art’s business practices or how long the flaw had existed.

Privacy advocates say the case is the latest to underscore how easily wireless carriers can share or sell consumers’ geolocatio­n informatio­n without their consent. The LocationSm­art flaw was first reported by independen­t journalist Brian Krebs.

LocationSm­art operates in a little- known business sector that provides data to companies for such uses as tracking employees and texting e- coupons to customers near relevant stores. Among the customers Location Smart identifies on its website are the American Automobile Associatio­n, FedEx and the insurance carrier Allstate.

The New York Times reported this month that a firm called Securus Technologi­es provided location data on mobile customers to a former Missouri sheriff accused of using the data to track people without a court order. On Wednesday, Motherboar­d reported that Securus’ servers had been breached by a hacker who stole user data that mostly belonged to law enforcemen­t officials.

Securus may have obtained its location data indirectly from Location Smart. Securus officials told the office of Sen. Ron Wyden, an Oregon Democrat, that they obtained the data from a company called 3C interative, said Wyden spokesman Keith Chu. Location Smart lists 3Cinteract­ive among its customers on its website.

Wyden said the Location Smart and Securus cases underscore the “limitless dangers” Americans face due to the absence of federal regulation on geolocatio­n data.

?? AP FILE PHOTO ?? Aman checks his phone in an alley in downtown Chicago last year. A security researcher says a website flaw at a U. S. company could have allowed hackers to locate nearly any cellphone in the country.
AP FILE PHOTO Aman checks his phone in an alley in downtown Chicago last year. A security researcher says a website flaw at a U. S. company could have allowed hackers to locate nearly any cellphone in the country.

Newspapers in English

Newspapers from United States