A bug reveals the real-time location of millions of phones - CYDIAPLUS.com


Post Top Ad

Post Top Ad

Saturday, 19 May 2018

A bug reveals the real-time location of millions of phones

Robert Xiao, a computer science student at Carnegie Mellon, has discovered in the last few hours a flaw that exposes a website and its millions of users .

And it is that this vulnerability found in LocationSmart allows locating in real time millions of phones , as long as you know how to do it. Fortunately - for us - it has only affected the United States.

What is LocationSmart? A service that allows you to locate phones in real time, something like "Find my iPhone". For a while, this website had a trial period in which you simply had to enter your phone number, confirm your identity via SMS and from that moment you could see where your phone was at all times.

According to Xiao, the problem is a bug in the web that would allow anyone with sufficient knowledge to skip the number verification and see in real time the situation of other customers of the service. The technical details about the bug are explained by Robert Xiao on his website .

Once this vulnerability was found, Xiao alerted the relevant authorities and Brian Krebs, who has published the story on his website, Krebs Security .

In Xiao's words, he has been able to find the longitude and latitude of 5 different people who had subscribed to the service with amazing accuracy and in a matter of seconds , and that LocationSmart employs Google Street maps.

    I discovered this vulnerability almost by accident and it has not been difficult to access. It's something that anyone could do with minimal effort and the result is that I can track a lot of people.

It is unknown if this vulnerability exists since the free trial period was launched or if it has always been vulnerable, but according to Krebs, it dates from at least January of last year .

The LocationSmart CEO has explained for Macrumors :

    We obtain the data legitimately and for authorized purposes, we take the privacy seriously and we will analyze what is happening.

At the moment, LocationSmart has withdrawn this free trial service and it is unknown if it will return or not, and if the problem has been corrected, although we imagine that the firm will be working to solve it as soon as possible. The FCC is also investigating the event . 


  1. Нi thегe! I could hаѵe sworn Ӏ've visited tһіs website before but after browsing throuɡh
    some of the articles I realized іt's new tߋ me. Anyhow, I'm certainly deoighted
    I discovered it and I'll be bookmarking it and checking ƅack frequently!

  2. Thanks fοr finaslly writing about >"A bug reveals the real-time location of millions of phones" <Liked it!


Post Top Ad