It’s become evident that LocationSmart failed to take cybersecurity preventive measures while selling the real-time locations of cell phones wholesale. The problem started with a partner of LocationSmart called Securus that runs a business of prison communication.
LocationSmart has allowed Securus to provide mobile device locations in real time to law enforcement and others. The company works by locating the phones by finding a recently connected tower and then tracks their location within seconds as close to about 100 feet. However, a consent is required in order to track the phone.
If the police or the FBI or any other investigators required this kind of information, they need to directly access the network carriers. In order to skip through the paperwork hassle, network carriers allow LocationSmart to access the data and in turn sells it to someone else, like Securus. Securus in turn sells it to law enforcers or anyone who pays for it, without the need for paperwork.
But the catch here is that phone could still be tracked and located using tools from LocationSmart without user consent of carriers. It looks like the company forgot to secure the API and has caused a whole lot of damage.
India stops MasterCard from issuing new cards for violating data storage rules
LG Uplus Building Its Second Hyperscale Data Center in South Korea
Domino’s India data gets compromised; cyber security experts say it’s massive
NTT Data acquires Nexient to elevate Cloud Native App
It’s a big day for China! Big Data Expo to start from May 20
© 2021 CIO Bulletin. All rights reserved.