Everyone Knows Where You Are
It seems like just another data breach story of corporate carelessness and individual incompetence until you read what kind of data was leaked. Then comes the surprise, followed by shock and outrage: Anyone on the Internet could track the location of any phone. Read on... |
There Oughta Be a Law...
Security guru Brian Krebs reported that LocationSmart, a U.S. firm, was caught by leaking the real-time locations of nearly every cellphone user in the world. Anyone on the Internet could track any phone served by AT&T, Verizon, T-mobile, or Sprint, pinpointing the target’s physical location and movements to within a few hundred feet.
The leak was in a page of LocationSmart’s Web site that gave prospective buyers or this data access to it for demonstration purposes. The demo page did not require a password or any other authentication process to ensure that “only” authorized sales prospects could access a phone's location, and only temporarily. If you knew the URL, you could get access. All a visitor had to do was enter a phone number and the location of that phone popped right up.
Krebs charitably described LocationSmart’s foulup as a “buggy component of its Web site,” But I can imagine the following conversation during the creation of that page. Programmer 1: “Shouldn’t we put some kind of password protection on that?” Programmer 2: “Why? It only reveals the location of one phone at a time. It’s not like someone could rip off our whole database.”
Someone totally missed the point. If you know my current location, you can do me physical harm. If you know my kids’ phone numbers, you can kidnap them. If you know anyone’s location history, there’s a good chance you can blackmail them, or build a criminal case, force a divorce settlement favorable to your client, or just send them a message that scares the bejeezus out of them. That’s what is worth the two minutes it would take a programmer to “put some kind of password protection on that thing.”
LocationSmart took that “buggy component” offline after Krebs contacted them, then promptly clammed up. Of the Big Four carriers, only T-mobile would admit to Krebs that it sells customers’ real-time location data to LocationSmart. But they all do it. Doing so is perfectly legal; you gave permission when you accepted your carrier’s terms of service. It’s right there on page 197, paragraph 16, subheading T.
Hold onto your indignation; it gets worse.
The phone companies provide this information under the rationale that it will be used by law enforcement to determine the whereabouts of a suspected criminal. But Krebs found that some of LocationSmart’s customers have been reselling the location data they buy to firms that resell it again. This is just like the identity theft business in which “used” data is sold for less than it costs, and gets cheaper each time it’s resold again. Actually, LocationSmart’s business is like ID theft in more ways than this. Nobody consciously gave consent to be tracked, let alone to have their location data sold or resold to a limitless number of entities. But it’s all perfectly legal.
But we're safe now, since LocationSmart has disabled that "buggy component" of their site, right? That's unlikely, because we don't know how many other companies besides LocationSmart are receiving real-time location data from the phone companies. We don't know how those companies protect that information, or with whom they may share it. Krebs says that to be certain that you are not being constantly tracked "the only thing you can do is remove the SIM card from your mobile device."
It gets even worse.
Predictably, at least one of LocationSmart’s customers put several databases of location histories on cloud storage servers without any password protection. For a while, anyone could download the location histories of 38,000 police officers; you can imagine what organized crime would pay and do with that sort of thing.
The Fourth Amendment to the U.S. Constitution states: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Police forces nationwide are tapping into commercial location history services in efforts to get around that pesky 4th Amendment warrant requirement. An outfit called Securus is selling to police the ability to look up the location history of any mobile device served by one of the four largest carriers. Of course, no police officer ever abused such privileges.
Only stern laws with heavy penalties can put an end to this invasion of our most important privacy right: the right to be secure in our persons, to be left alone physically. Without that right, all of the others are pointless.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 23 May 2018
| For Fun: Buy Bob a Snickers. |
 |
Prev Article: Are Premium Malware Suites Worth Their Price? |
The Top Twenty |
Next Article: Ready for a Digital Driver's License? |
 |
There's more reader feedback... See all 24 comments for this article.
Post your Comments, Questions or Suggestions
|
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Everyone Knows Where You Are (Posted: 23 May 2018)
Source: https://askbobrankin.com/everyone_knows_where_you_are.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Everyone Knows Where You Are"
(See all 24 comments for this article.)Posted by:
top squirrel
23 May 2018
I do not know how to remove a SIM card, nor whether its removal and reinstallation will be easy after you have learned how. (And whether it takes tools.)
But I do know how to remove and reinstall a battery. Can't one evade being tracked if the phone you may carry lacks a battery?
I have a cell phone only for emergencies and for things like meeting someone at an airport, or otherwise while traveling.
It's a flip phone. Cost me $12. All I need.
Somebody told me that only people who need a cerebral assist use a smart phone.
I heard you can tell if they need one by whether they jump up and down when they hear sentiments like the preceding.
Is it true?
Posted by:
cal67
23 May 2018
Freedom? Privacy? Bah, humbug. We (worldwide) have been sold out by government because they make more money from corporations than individuals. Any "improvements" or "gains" in either freedom or privacy will be fake, short term, and designed to placate the masses so they will swallow the next sound bite and vote for more corruption.
Posted by:
James
23 May 2018
Once you connect to the internet, you're for the ride of your life. Again, there is no security on the internet that will keep you safe from prying eyes. Everybody is selling to everybody else; and then you have disgruntled employees passing out their company's password (s) to friends and the like; and folks abroad and down below selling all sorts of cracking tools for "US dollars"; and so it goes
Posted by:
john
23 May 2018
Google, Facebook, Microsoft, are all doing the same
Posted by:
Wheawilld
23 May 2018
The second an individual turned on his first phone he choose to give up his privacy for convenience.. The solution of course is to not carry a cell phone. Somehow I survived the first fifty years of my life without one, and I can't honestly say the last 20 years have been better in ways and things that really matter because I have one.
Posted by:
Heikkila
23 May 2018
John, the point is that your paranoia of G, F & M is irrelevant. At least they are somewhat transparent, unlike ever so many mom and pop sites who do far worse with far less security.
Posted by:
Richard Alan Dengrove
23 May 2018
You're very right, Bob: we have lost our privacy. I suspect, though, it wasn't in the computer era but by the '50s. It's a big problem. Unfortunately, despite justifiable hand wringing, I doubt we will ever get it back. We will get more hypocrisy, though, from the people at the top.
Posted by:
Richard Alan Dengrove
23 May 2018
You're very right, Bob: we have lost our privacy. I suspect, though, it wasn't in the computer era but by the '50s. It's a big problem. Unfortunately, despite justifiable hand wringing, I doubt we will ever get it back. We will get more hypocrisy, though, from the people at the top.
Posted by:
Rand
23 May 2018
Does not surprise me. The government, police and politicians see us as a bunch of jerks. By the way, this is a great site EXCEPT for the stupid ads.
Posted by:
Bill
23 May 2018
it's finally 1984, but it's not the government (well OK it is the government too) it's Google and Facebook that own you; and it's just as scary as it sounds.
Posted by:
Robinoz
23 May 2018
I guess all that is left is to remain irrelevant ie, be a person whom authorities aren't interested in so they will focus on someone else.
Any idea that we have privacy, despite the many privacy laws, is probably a pipe dream.
Posted by:
Judyth
23 May 2018
In one of life's ironies, the ads that show up for me on web pages - including this one - are those offering to tell me the location of any cellphone whose number I'd type in. I wonder whether it's mere coincidence that my cellular provider is not one that sells my location (I'm not in the US) and many people would respond to that offer by checking their own number.
Needless to say, I'm not tempted to try it!
Posted by:
J
23 May 2018
So, not only is Big Brother watching, now his shifty-eyed cousin is, too. This is available, but yet we can't locate missing people? Seems like that would be the only good thing about this technology.
Posted by:
NB
23 May 2018
Does "airplane mode" prevent your phone from reporting your location?
Posted by:
Buffet
24 May 2018
Simply turn Location Services to OFF.
(It will keep prompting you to turn it back on. Ignore it.)
Posted by:
Jack
24 May 2018
Some phone manufacturer should come up with a SIM card disabling feature that would not require physically removing the SIM card. That would preclude location access without passing any laws or depending on mobile carriers to protect your privacy. A simple switch on the phone would solve the problem, at least when the SIM is turned off. Cell phone manufacturers, come to the rescue!
Posted by:
norm
24 May 2018
I am horrified even though I dont live in the usaI only bought a mobile phone for conveniance I think that now I will stop carrying it
Does this also apply to Australia
Posted by:
Tom Willhoite
24 May 2018
I have long suspected this. Bob, I suggest you take this on as a campaign. Get in front of representatives and act as our spokesperson. You would surely become a national figure. If nothing else, the experience would give you fodder for many new articles.
Thanks for your insight.
Posted by:
Unitary
26 May 2018
Correction:
"...caught by leaking the real-time locations of nearly every cellphone user in the world. Anyone on the Internet could track any phone served by AT&T, Verizon, T-mobile, or Sprint..."
The U.S. is NOT the WORLD!
The clients of AT&T, Verizon, T-mobile, and Sprint constitute only a few percents of the world's cellphone users.
Posted by:
RandiO
27 May 2018
I love the oft-used canned statement by people who say "I don't do anything illegal, so I don't care about my privacy!" Many of these people are the same types who are willing to give up their privacy for the sake of convenience! Then, there are those writers who work under the "Do as I say, not as I do" M.O.
Even if US was to construct a GDPR-type 'digital bill of rights'; our lack of privacy would not change one 'bit'.