Stories

Error in LocationSmart's free trial system let anyone track anyone

Phone cases at an Apple Store
Phone cases, from a Chicago Apple Store, in a photo taken in March. Photo: Jim Young/AFP via Getty Images.

A bug in a service used to track cellphones allowed anyone who signed up for a free demonstration to track any person without consent, ZDNet reports. That service, LocationSmart, is intended for marketers but was used by another firm, Securus, to provide law enforcement with a controversial phone tracking system.

Why it matters: LocationSmart can be used to track nearly all domestic cell phones in the U.S. and Canada.

The details: The bug was discovered by Robert Xiao, a Carnegie Mellon PhD. student.

  • LocationSmart offers a demonstration to track the location of a cell phone whose owner documented consent for the trial.
  • Xiao noticed that the LocationSmart API — an interface between LocationSmart computer code and a users' own computer code — did not properly check that consent was given.
  • Xiao and a Carnegie Mellon organization called CERT, which specializes in security, notified LocationSmart of the problem.
More stories loading.