social network

The bug of the location service disclosed the data of millions of Americans

One of the students at the University of Carnegie discovered a dangerous vulnerability in the LocationSmart geolocation service. Robert Hao managed to find a way to get information about the actual location of millions of Americans. All you need is to know the phone number.

Service LocationSmart allows you to find out exactly where the user of the cellular network is located. To receive information, you must enter a phone number. The smartphone will receive a one-time password for verification. Then you can see the real location on the map.

Hao found that the official page of the service contains a critical bug. When sending a request in JSON text format, based on JavaScript, you can get a location without specifying an SMS.

It turns out that anyone can find out exactly where the subscriber of one of the American operators is located: Verizon, AT & T, Sprint, T-Mobile, simply specifying his phone number.

The information about the detected vulnerability has already been transferred to the Federal Communications Commission.

Alas, only one developer error can cost that anyone can know exactly where you are. And it applies to almost any service. MR ]

Back to top button