A security researcher at Carnegie Mellon University in Pennsylvania, Robert Xiao, told the public that he was able to locate the majority of US citizens because of the inability of the Location-smart service. The resource did not use due verification of the identity of users, because of which everyone could track the location of mobile devices of virtually all US residents in a special demo section of the site.
Location-smart is an American service that provides services like LaaS. It allows you to track the location of devices in real time. This is done through special technologies – the same as emergency services use to quickly determine the coordinates of victims. Local operators sell Location-smart service information about the location of smartphones, tablets, computers and similar gadgets. Under US law, operators are not allowed to disclose the coordinates of subscribers to the government, but the prohibition of providing this information to other private companies is out of the question.
Earlier on the site, Location-smart had a demo version of the service capabilities, designed to help anyone find their device – to verify the identity, the person was required to fill in information about themselves and their device. But Robert Xiao managed to bypass this window of authorization without any problems, so he was able to track the location of any US citizen (or rather, the coordinates of his smartphone). By the time the news was written, Location-smart had already fixed this error.
This service sells information about moving people to other companies. Recently it became known that an American retired policeman was tracking the location of another person’s phone without a corresponding warrant. The surveillance was carried out through the site of Secures, which cooperates with Location-smart.