It’s become evident that LocationSmart failed to take cybersecurity preventive measures while selling the real-time locations of cell phones wholesale. The problem started with a partner of LocationSmart called Securus that runs a business of prison communication.
LocationSmart has allowed Securus to provide mobile device locations in real time to law enforcement and others. The company works by locating the phones by finding a recently connected tower and then tracks their location within seconds as close to about 100 feet. However, a consent is required in order to track the phone.
If the police or the FBI or any other investigators required this kind of information, they need to directly access the network carriers. In order to skip through the paperwork hassle, network carriers allow LocationSmart to access the data and in turn sells it to someone else, like Securus. Securus in turn sells it to law enforcers or anyone who pays for it, without the need for paperwork.
But the catch here is that phone could still be tracked and located using tools from LocationSmart without user consent of carriers. It looks like the company forgot to secure the API and has caused a whole lot of damage.
China Launches a Global Data Security Initiative
Tech Data to Acquire Innovix Distribution
TikTok has been breaking Android policies and collecting user data
Asus ROG Phone 3 launched officially in India with a starting price of Rs 49,999
Hiranandani Group’s Yotta to set up its second data centre in Chennai, India
© 2020 CIO Bulletin. All rights reserved.