May 17, 2018

Error in LocationSmart's free trial system let anyone track anyone

Joe Uchill

Phone cases at an Apple Store — Phone cases, from a Chicago Apple Store, in a photo taken in March. Photo: Jim Young/AFP via Getty Images.

A bug in a service used to track cellphones allowed anyone who signed up for a free demonstration to track any person without consent, ZDNet reports. That service, LocationSmart, is intended for marketers but was used by another firm, Securus, to provide law enforcement with a controversial phone tracking system.

Why it matters: LocationSmart can be used to track nearly all domestic cell phones in the U.S. and Canada.

The details: The bug was discovered by Robert Xiao, a Carnegie Mellon PhD. student.

LocationSmart offers a demonstration to track the location of a cell phone whose owner documented consent for the trial.
Xiao noticed that the LocationSmart API — an interface between LocationSmart computer code and a users' own computer code — did not properly check that consent was given.
Xiao and a Carnegie Mellon organization called CERT, which specializes in security, notified LocationSmart of the problem.

Add Axios on Google

Error in LocationSmart's free trial system let anyone track anyone

What to read next