Company Selling Real-Time Cell Phone Tracking Ends Up Leaking Location Data
https:// www.zerohedge.com/news/2018-05-18/company-selling-real-time-cell-phone-tracking-ends-leaking-location-data
'''On Tuesday we covered a disturbing story from the New York Times and ZDnet.com detailing how some of the country's largest cellular providers have been selling your real-time location information, allowing a Texas-based prison technology company, Securus, to track any phone "within seconds" - all without a warrant - through an intermediary called LocationSmart. Now, as KrebsOnSecurity reports, in addition to a story from Motherboard on a hacker which had broken into the Securus servers and stolen the usernames, email addresses, phone numbers and other information of 2,800 users - mostly law enforcement, it turns out that a flaw in LocationSmart's tracking demo website gave anyone the ability to surveil anyone else's cell phone on the open web.
The demo, which has since been taken down, was a free service that would give anyone the approximate location of their own cell phones by entering their name, email address and phone number into a form. LocationSmart's service would then text the supplied phone number and request permission to ping that device's nearest cellular tower. Once consent was obtained, the service would then reveal the subscriber's approximate latitude and longitude on a Google Street View map.
As Krebs notes, "It also potentially collects and stores a great deal of technical data about your mobile device. For example, according to their privacy policy that information “may include, but is not limited to, device latitude/longitude, accuracy, heading, speed, and altitude, cell tower, Wi-Fi access point, or IP address information."'''