Carnegie Mellon University computer science student and doctoral researcher, Robert Xiao, discovered a website flaw at a Carlsbad, California company that allowed anyone to pinpoint the location of nearly all cellphones within the United States.
The company, LocationSmart, gathers real-time data on cellular wireless devices. This is an area of business within the business sector that is mostly unknown to the general public, wherein companies such as this provide real-time location and other data to companies for multiple uses such as tracking employees, and messaging coupons to consumers near particular stores.
The flaw was first reported by independent journalist Brian Krebs. This is the latest release of information regarding such businesses and business practices that highlights how easy it is for your information to be accessed. It also spotlights how companies gain access to wireless consumers’ information without expressed consent from the consumer.
The information obtained is known as geolocation data. As of yesterday, LocationSmart took the webpage offering this service offline; only after Xiao discovered the flaw and notified the company.
While seemingly innocuous, the site allowed potential customers to try the location service by entering their own cellphone number. Once the information was inputted, the service would notify the phone via text or call to obtain consent, and only then would it provide the phone's location. However, Xiao was able to bypass this consent in just over 10 minutes. What makes the flaw so worrisome is that anyone who, particularly hackers, could access location information for any cell number they desired.
Some of the abilities LocationSmart lists on their website include a service they call Location Intelligence, wherein they claim this service can provide “over 95% subscriber reach to more than 400 million devices with no app or software download required. Direct connections to the wireless carrier networks” and “global reach to more than 120 million cell tower IDs. Monitor all devices even when roaming”. If you think that your computer and landline are clear, LocationSmart also states their Location Intelligence services can “geo-locate over 3 billion IP addresses around the world” and their landline capabilities are advertised as providing “name, address and business insights and location for more than 100 million fixed line landlines nationwide”.
If you ever wondered where your telemarketing calls get your information, businesses such as this may be it.