Cell­phone data gets ex­posed

Tampa Bay Times - - Nation & World -

A web­site flaw at a Cal­i­for­nia com­pany that gath­ers re­al­time data on cel­lu­lar wire­less de­vices could have al­lowed any­one to pin­point the lo­ca­tion of any AT&T, Ver­i­zon, Sprint or TMo­bile cell­phone in the United States to within hundreds of yards, a se­cu­rity re­searcher said.

The com­pany in­volved, Lo­ca­tionS­mart of Carls­bad, Cal­i­for­nia, op­er­ates in a lit­tle-known busi­ness sec­tor that pro­vides data to com­pa­nies for such uses as track­ing em­ploy­ees and tex­ting e-coupons to cus­tomers near rel­e­vant stores.

Among the cus­tomers Lo­ca­tionS­mart iden­ti­fies on its web­site are the Amer­i­can Au­to­mo­bile As­so­ci­a­tion, FedEx and the in­sur­ance car­rier All­state. Lo­ca­tionS­mart did not im­me­di­ately re­spond to emails and tele­phone mes­sages seek­ing com­ment on the flaw and its busi­ness prac­tices.

The Lo­ca­tionS­mart flaw was first re­ported by in­de­pen­dent jour­nal­ist Brian Krebs. It’s the lat­est case to un­der­score how eas­ily wire­less car­ri­ers can share or sell con­sumers’ ge­olo­ca­tion in­for­ma­tion with­out their con­sent.

The New York Times re­ported ear­lier this month that a firm called Se­cu­rus Tech­nolo­gies pro­vided lo­ca­tion data on mo­bile cus­tomers to a for­mer Mis­souri sher­iff ac­cused of us­ing the data to track peo­ple with­out a court or­der. On Wed­nes­day, Mother­board re­ported that Se­cu­rus’ servers had been breached by a hacker who stole user data that mostly be­longed to law en­force- ment of­fi­cials.

Se­cu­rus may have ob­tained its lo­ca­tion data in­di­rectly from Lo­ca­tionS­mart. Se­cu­rus of­fi­cials told the of­fice of Sen. Ron Wy­den, an Ore­gon Democrat, that they ob­tained the data from a com­pany called 3Cin­ter­a­tive, said Wy­den spokesman Keith Chu. Lo­ca­tionS­mart lists 3Cin­ter­ac­tive among its cus­tomers on its web­site.

Wy­den said the Lo­ca­tionS­mart and Se­cu­rus cases un­der­score the “lim­it­less dan­gers” Amer­i­cans face due to the ab­sence of fed­eral reg­u­la­tion on ge­olo­ca­tion data.

“A hacker could have used this site to know when you were in your house so they would know when to rob it. A preda­tor could have tracked your child’s cell­phone to know when they were alone,” he said in a state­ment.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.