WASHINGTON (Reuters) – The US Federal Communications Commission announced Friday that a website error has resulted in the location of mobile phone customers being investigated by their law enforcement agency.
A security researcher said earlier this week data from LocationSmart, a California-based tech company, could have been used to call AT & T Inc. ( TN ), Verizon Communications Inc. ( VZ.N ), Sprint Corp. ( SN ) and T-Mobile US ( TMUS.O ) mobile consumers within a few hundred meters of their location and without their consent.
Senator Ron Wyden, an Oregon Democrat, had asked the FCC on Friday to investigate this by saying on Twitter that a "hacker could have used this site to know when you were in your home Predator would have been able to track your child's cell phone to know when they were alone. "
He later praised the FCC's decision, Reuters reported.
"I urge the FCC to expand the scope of this investigation and further investigate third-party practice of buying real-time location data about Americans," Wyden said.
Robert Xiao, a researcher at Carnegie Mellon University, said an error in a LocationSmart demo tool could have been used to track anyone.
LocationSmart spokeswoman Brenda Schafer said on Friday that the vulnerability had been fixed and the demo disabled. "
Prior to Xiao's efforts to track down to two dozen users, Schafer said the company believes that no one else has exploited the vulnerability.
The company is committed to "continuously improving its privacy and security practices," she said.
Last week, the New York Times reported that the former Sheriff of Mississippi County, Missouri, used Securus Technologies [CASHAL.UL] to prosecute mobile phones – including other police officers – without a court order, indicting him.
Several published reports indicate that Securus receives its information through a LocationSmart facilitator.
Verizon spokesman Rich Young said Friday that the company had "taken steps to ensure that Securus can no longer access location information through Verizon wireless customers." He added that the company had "initiated a review of this entire matter".
AT & T spokesman Mike Balmoris said that the company "does not allow clearance of location information without the customer's consent or a request from law enforcement agencies". If we learn that a supplier is not complying with our policies, we will take appropriate action. "
Sprint said it is conducting an internal review of the problem, and T-Mobile US has not responded promptly.
Securus later said Friday that access to data from location-based services was initially disabled Beware and in the face of ongoing discussions with partners.
The company also said it has "no direct business relationship with LocationSmart," adding that it is ready to work with law enforcement agencies and providers to restore the service as soon as possible.
Last week, Wyden said Securus, a major provider of preschool telephone services, acquires information about the location of freight forwarders and information "via a self-service web portal for nothing more than the legal equivalent of a small pledge"
Wyden wrote to all four major US carriers and said that the practice "exposes millions of Americans to potential abuse and uncontrolled government surveillance".
Reporting by David Shepardson; Arrangement of Chizu Nomiyama and G Crosse