(Phone Carriers) Selling Customer Location Data
Bug bounty hunters were able to figure out some of the services available through major telecom companies, that includes T-Mobile, AT&T, and Sprint, according to Motherboard.
A researcher reportedly paid around $300 to a bounty hunter who was then able to geolocate a phone down to a location in a very specific neighborhood only blocks away from the actual location of the targeted phone.
According to a blog post from Motherboard’s Joseph Cox, “These Surveillance capabilities are available to individuals and businesses and sometimes sold through word of mouth.”
“At least one company, called Microbilt, is selling phone Geo-location services with little oversight to a spread of different private industries, ranging from car salesmen and property managers to bail bondsmen and bounty hunters, according to sources familiar with the company’s products and company documents obtained by Motherboard,” Cox wrote.
In addition to telecom selling selling the phone location data to company, the researchers said that if these data got in wrong hands, could cause a major problem.
“Your mobile phone is constantly communicating with nearby cell phone towers, so your telecom provider knows where to route calls and texts. From this, telecom companies also work out the phone’s approximate location based on its proximity to those towers,” Cox said.
As we now rely on the connected devices, our data is everywhere to access and which becomes accessible to parties that are unknown to us, and of course we may not have even given any rights to those third parties to access and gain unauthorized access to our confidential data.
“With each data transaction, the potential for the new party to either leak data, fall victim to compromise, or further share the data means that very quickly there’s no control or governance,” said Ben Johnson, co-founder and CTO, Obsidian Security.
“Sadly, most of us assume not only that what we deliberately put on the Internet will fall into unauthorized hands but that data generated by our devices, services and even our human networks will be utilized in various ways we haven’t authorized. Every copy of data is a liability, and until those who collect or generate this data have better guiding principles and scrutiny, we must assume that our data and data about us is everywhere.”