O LocationSmart alegou que poderia localizar qualquer telefone nos Estados Unidos, e agora está sendo investigado depois que um pesquisador de segurança expôs uma vulnerabilidade de segurança em seu site. Como um resultado, Comissão Federal de Comunicações (FCC) has started an investigation against the California-based company.
More about LocationSmart
LocationSmart’s service is able to obtain accurate geolocation data on nearly any mobile phone in the US. Ser capaz de fazer isso, the website buys data from major US wireless carriers such as T-Mobile, Verizon, AT&T and Sprint. Though wireless carriers aren’t allowed to provide location data to the government, they can sell that data to businesses, CNET recently explicado.
The vulnerability within the phone-tracking website LocationSmart could have been easily exploited to track any user of a mobile device registered via a major U.S. cellular carrier, in real time, with a quite precise accuracy.
LocationSmart featured a free demonstration on its website, where anyone could track any phone, as long as there was consent from the phone’s owner. a falha, which is already addressed, would have allowed anyone to use the tracking feature, without the need of prior consent.
Researcher Robert Xiao claims that he needed Menor que 15 minutes to uncover the vulnerability, after having a look at LocationSmart’s offivial website. Considering how easy it was for him to find the bug, the classified it as an elementary exploit. The vulnerability then incited an FCC investigation, with the Enforcement Bureau leading the process.
Em cima disso, the Ney York Times recently revealed that Securus, an inmate call tracking service, offered the same tracking service. These two events pushed Sen. Ron Wyden, a Democrat from Oregon, demanded the FCC and major wireless carriers to investigate these companies.
“The negligent attitude toward Americans’ security and privacy by wireless carriers and intermediaries puts every American at risk,” Wyden said. “I urge the FCC expand the scope of this investigation, and to more broadly probe the practice of third parties buying real-time location data on Americans.”
além do que, além do mais, LocationSmart said in a statement that it was investigating the flaw to make sure that no customer information was stolen or compromised.
“LocationSmart is continuing its efforts to verify that not a single subscriber’s location was accessed without their consent and that no other vulnerabilities exist,” explained Brenda Schafer, LocationSmart’s vice president of product and marketing.