LocationSmart Leaks Customers' Real-Time Location Data
Fri, 05/18/2018 - 5:30pm
BarneyBadass
12 years
by Lucian Armasu May 18, 2018 at 2:20 PM - Source: Robert Xiao
LocationSmart [ https://www.locationsmart.com ] is a location-tracking services company that seems to have deals in place with all the major U.S. and Canadian carriers to share people’s locations based on cell tower triangulation with both private companies and law enforcement. The company’s service has turned controversial lately now that more people have discovered how its services could be abused by both hackers and law enforcement.
The most recent issue is about a vulnerability in LocationSmart's demo API, which could have exposed anyone's real-time location to hackers. However, even without this vulnerability, any LocationSmart customer would still be able to gain access to the same type of information.
Carriers Are Sharing Your Location Data With Others
Although the story revolves around LocationSmart, the real story here is that carriers have been sharing your real-time location data with basically anyone that asks for it. LocationSmart just happens to be one of the more prominent clients that has also gotten some recent media attention.
This sort of sharing wouldn’t be permissible under the General Data Protection Regulation (GDPR), which will go into effect at the end of this month. It’s also not clear whether or not Senator Ed Markey’s “Consent Act” would put an end to this type of practice, as it specifically targets “edge providers.”
As a web service, LocationSmart may fall under that category, but on the other hand, unless the law is clear, the company could also claim that it works with carrier data at the network level, so it could also be exempt from the Consent Act as it is currently written.
And here's the kicker
You Can’t Opt Out
I know.. I can hear it now, you've nothing to hide, what do you care, right????
Because the LocationSmart service is carrier-based, your phone’s operating system or privacy settings are irrelevant, and you also don’t have any ability to opt out of the service.
by Lucian Armasu May 18, 2018 at 2:20 PM - Source: Robert Xiao
LocationSmart [ https://www.locationsmart.com ] is a location-tracking services company that seems to have deals in place with all the major U.S. and Canadian carriers to share people’s locations based on cell tower triangulation with both private companies and law enforcement. The company’s service has turned controversial lately now that more people have discovered how its services could be abused by both hackers and law enforcement.
The most recent issue is about a vulnerability in LocationSmart's demo API, which could have exposed anyone's real-time location to hackers. However, even without this vulnerability, any LocationSmart customer would still be able to gain access to the same type of information.
Carriers Are Sharing Your Location Data With Others
Although the story revolves around LocationSmart, the real story here is that carriers have been sharing your real-time location data with basically anyone that asks for it. LocationSmart just happens to be one of the more prominent clients that has also gotten some recent media attention.
This sort of sharing wouldn’t be permissible under the General Data Protection Regulation (GDPR), which will go into effect at the end of this month. It’s also not clear whether or not Senator Ed Markey’s “Consent Act” would put an end to this type of practice, as it specifically targets “edge providers.”
As a web service, LocationSmart may fall under that category, but on the other hand, unless the law is clear, the company could also claim that it works with carrier data at the network level, so it could also be exempt from the Consent Act as it is currently written.
And here's the kicker
You Can’t Opt Out
I know.. I can hear it now, you've nothing to hide, what do you care, right????
Because the LocationSmart service is carrier-based, your phone’s operating system or privacy settings are irrelevant, and you also don’t have any ability to opt out of the service.
Prease to read more here:
https://www.tomshardware.com/news/locationsmart-real-time-lo...
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!