5G Technology World

  • 5G Technology and Engineering
  • FAQs
  • Apps
  • Devices
  • IoT
  • RF
  • Radar
  • Wireless Design
  • Learn
    • 5G Videos
    • Ebooks
    • EE Training Days
    • FAQs
    • Learning Center
    • Tech Toolboxes
    • Webinars/Digital Events
  • Handbooks
    • 2024
    • 2023
    • 2022
    • 2021
  • Resources
    • Design Guide Library
    • EE World Digital Issues
    • Engineering Diversity & Inclusion
    • Engineering Training Days
    • LEAP Awards
  • Advertise
  • Subscribe

Website Flaw Exposes Real-Time Locations of US Cellphones

By Frank Bajak, AP Cybersecurity Writer | May 18, 2018

A website flaw at a California company that gathers real-time data on cellular wireless devices could have allowed anyone to pinpoint the location of any AT&T, Verizon, Sprint or T-Mobile cellphone in the United States to within hundreds of yards, a security researcher said.

The company involved, LocationSmart of Carlsbad, California, operates in a little-known business sector that provides data to companies for such uses as tracking employees and texting e-coupons to customers near relevant stores.

Among the customers LocationSmart identifies on its website are the American Automobile Association, FedEx and the insurance carrier Allstate. LocationSmart did not immediately respond to emails and telephone messages seeking comment on the flaw and its business practices.

The LocationSmart flaw was first reported by independent journalist Brian Krebs. It’s the latest case to underscore how easily wireless carriers can share or sell consumers’ geolocation information without their consent.

The New York Times reported earlier this month that a firm called Securus Technologies provided location data on mobile customers to a former Missouri sheriff accused of using the data to track people without a court order. On Wednesday, Motherboard reported that Securus’ servers had been breached by a hacker who stole user data that mostly belonged to law enforcement officials.

Securus may have obtained its location data indirectly from LocationSmart. Securus officials told the office of Sen. Ron Wyden, an Oregon Democrat, that they obtained the data from a company called 3Cinterative, said Wyden spokesman Keith Chu. LocationSmart lists 3Cinteractive among its customers on its website.

Wyden said the LocationSmart and Securus cases underscore the “limitless dangers” Americans face due to the absence of federal regulation on geolocation data.

“A hacker could have used this site to know when you were in your house so they would know when to rob it. A predator could have tracked your child’s cellphone to know when they were alone,” he said in a statement.

LocationSmart took the flawed webpage offline Thursday, a day after Carnegie Mellon University computer science student Robert Xiao discovered the software bug and notified the company, Xiao told The Associated Press.

The doctoral researcher said the bug “allowed anyone, anywhere in the world, to look up the location of a U.S. cellphone,” said Xiao. “I could punch in any 10-digit phone number,” he added, “and I could get anyone’s location.”

The web page was designed to let visitors test out LocationSmart’s service by entering their cellphone number. The service would then ring their phone or send a text message to obtain consent, after which it would display the phone’s location — generally to within several hundred yards.

But Xiao found a flaw that allowed him to bypass consent in just 15 minutes. “It would not take anyone with sufficient technical knowledge much time to find this,” he said. He wrote a script to exploit it.

“It was just surreal when I discovered this,” he said. Xiao’s research indicated that LocationSmart had offered the service since at least January 2017.

LocationSmart touts itself as the “world’s largest location-as-service company.” It says it obtains location information from all major U.S. and Canadian wireless companies, with 95 percent coverage.

Representatives for AT&T and Sprint said they don’t allow sharing of location information without individual consent or a lawful order such as a warrant. Verizon spokesman Rich Young said the company has taken steps to ensure that Securus can no longer request information on the company’s wireless customers and that it was reviewing its relationship with LocationSmart.

T-Mobile did not immediately respond to a request for comment.

Gigi Sohn, a former top aide at the Federal Communications Commission during the Obama administration, said user location data has been at high risk since last year. That’s when Congress repealed FCC privacy rules barring mobile wireless carriers from sharing or selling it without customers’ express “opt-in” consent.

“At a bare minimum, consumers should be able to choose whether a company like LocationSmart should have access to this data at all,” she said.


Filed Under: Devices

 

Next Article

← Previous Article
Next Article →

Related Articles Read More >

High-directivity couplers optimized for 225 – 750 MHz applications
Integrated into IoT devices, iSIM poised to make inroads
Triple-radio and multiprotocol MCUs add application processors
5G vectors
How RedCap fits into 5G and IoT

Featured Contributions

  • Overcome Open RAN test and certification challenges
  • Wireless engineers need AI to build networks
  • Why AI chips need PCIe 7.0 IP interconnects
  • circuit board timing How timing and synchronization improve 5G spectrum efficiency
  • Wi-Fi 7 and 5G for FWA need testing
More Featured Contributions

EE TECH TOOLBOX

“ee
Tech Toolbox: 5G Technology
This Tech Toolbox covers the basics of 5G technology plus a story about how engineers designed and built a prototype DSL router mostly from old cellphone parts. Download this first 5G/wired/wireless communications Tech Toolbox to learn more!

EE LEARNING CENTER

EE Learning Center
“5g
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, tools and strategies for EE professionals.

Engineering Training Days

engineering
“bills
5G Technology World
  • Enews Signup
  • EE World Online
  • DesignFast
  • EDABoard Forums
  • Electro-Tech-Online Forums
  • Microcontroller Tips
  • Analogic Tips
  • Connector Tips
  • Engineer’s Garage
  • EV Engineering
  • Power Electronic Tips
  • Sensor Tips
  • Test and Measurement Tips
  • About Us
  • Contact Us
  • Advertise

Copyright © 2025 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy

Search 5G Technology World