A flaw to locate any mobile subscriber in the United States

-

Cascade revelations have shed light on the opaque business of geolocation data, which telecom operators pass on to third-party companies without the consent of users.

A new scandal is taking shape across the Atlantic around geolocation services. And it is likely to spread around the world. The story begins a week ago, when the New York Times reveals that a sheriff used the paid services of Securus Technologies to geo locate a dozen people via their mobile phone, and this without any judicial authorization. This geolocation is based on relay antennas with which smartphones are in permanent connection as soon as they are switched on.

The sheriff in question must now answer for his actions in a federal court. But this particular case highlights the dangers of this type of service for our private lives. In theory, Securus Technologies only offers its services to the police in the context of a judicial request. But obviously, access control is far from effective.

Piracy doubled with a huge loophole

A few days ago, Motherboard confirmed these fears by revealing that Securus Technologies' servers had been hacked and that the data of more than 2,800 users had been stolen, including their passwords. Apparently, these were stored encrypted, but through the MD5 algorithm, which is easy to break.

Security researcher Robert Xiao has now provided additional evidence. He analyzed the online demo service of LocationSmart, the company that indirectly provided the geolocation data to Securus Technologies. Their website allowed, in fact, to test their service. It was enough to enter his phone number, then an authentication code sent by SMS, to visualize in real time its own location.

Lax data management

But a bogus code error in the LocationSmart API could bypass this authentication. A priori, it was therefore possible to geolocate any subscriber in the United States, because LocationSmart interconnects with the four main operators in this country (AT & T, Verizon, Sprint, T-Mobile), as well as with an operator Regional (US Cellular). Other clients include Google, Genesys, Comtech and Neustar. Since then, this demo tool has been disconnected and the operator logos removed.

After these revelations in cascade, the spirits warm up. Senator Ron Wyden wonders about the risk of all these geolocation services, as their personal data management is obviously very lax and affects hundreds of millions of people. Interviewed by Brian Krebs, spokespersons Electronic Frontier Foundation and Center for Democracy & Technology advocate for stricter access rules to this type of information.

In Europe, the RGPD regulation should protect us

According to US law, call data can only be transmitted by operators with the consent of the subscriber or in the context of legal proceedings. The geolocation data collected from the relay antennas, on the other hand, would not be subject to any regulation. "Operators can do whatever they want with the data they get, including location-based data, as long as they're not linked to a call," said Albert Gidari, Lawyer and Executive Member of Standord Center. for Internet and Society in the columns of the New York Times.

In Europe, the situation should be different, in any case from May 25, date from which will apply the new regulations on the protection of personal data. This text clearly specifies geolocation data as personal data to be protected and whose exploitation is therefore subject to the consent of users.

paypal,facebook,yahoo,mail,google,maps,ebay,amazon,barcelone,realmadrid,netflix,craigslist,AliCarter,Liverpool,AlfieEvans,YankeesVsAngels,RonanFarrow,YeVsThePeople,MesotheliomaLawFirm,Donate,CarToCharity,California,Donate,Car,ForTaxCredit,DonateCarsInMa;Insurance,Loans,Mortgage,Attorney,Credit,Lawyer,Donate,Degree,Hosting,Claimcashfear,softwares,money,football,SPORTNEWS,cars,carrental,cellphone,phonenumber,forex,torrent,voip,net,adsence,tollsspeakers,tipsspeakers,iphonespeakers,phones,iphone4,facebook,youtube,twitter,livematch,newslive,watchmatchforfree,watchlaligaforfree,watchserieAliveonjsc+,softwares,football,SPORTNEWS,cars,carrental,cellphone,phonenumber,forex,torrent,voip,net,adsence,tollsspeakers,tipsspeakers,iphonespeakers,phones,iphone4,facebook,youtube,twitter,livematch,newslive,watch match for free,watch laliga for free,watch serie A live on jsc+,windows 7,windows 8

Commentaires

Enregistrer un commentaire

CALL US

Nom

E-mail *

Message *

Posts les plus consultés de ce blog

We tested the Nuraphone, the headset that fits your hearing

-
Image
The Nuraphone is an innovative model both for its sound customization system and the design of its headphones. Is it enough to make a difference? How to offer the best possible sound for headphones? The Australian company Nura have tackled this thorny problem and have designed a revolutionary model: the Nuraphone, sold about 400 euros. This helmet is distinguished by its design that combines the circum-auricular and the intra-auricular. The inside of the earpiece has a tip that is placed at the entrance of the ear canal to transmit the sound more directly than with conventional supra or circumauricular models. According to the manufacturer, the tip penetrates less into the duct than the in-ear headphones, which explains the unique size. We would have liked the choice between several sizes and people who do not like the headphones may not like this model either. Another potential problem often related to ear-phones, the restitution of the bass. To avoid this problem, Nura ...
Lire la suite

They turned Amazon Echo into an audio snitch

-
Image
Hackers have managed to create, in the smart enclosure, a seemingly innocuous application that continuously records conversations. With a microphone, smart speakers sometimes cause discomfort in some users who wonder if they do not record their words constantly. Checkmarx's hackers have just given some grit to this conspiracy theory as part of Amazon Echo. They developed a calculator in the form of a "skill", that is to say a voice application that extends the functionality of Amazon Echo. Just say "start calculator" to access and make calculations. Until then nothing abnormal. The problem is that the application continues to record the words of the user even if they are unrelated to the application. The speeches are then transformed into text and sent to the developer of the skill. To achieve this, hackers used a flaw in Amazon Echo's programming interface settings. Normally, a skill is supposed to turn off automatically after a certain time, when...
Lire la suite

Dolby Digital, Atmos or DTS ... what do these audio technologies hide?

-
Image
With the multiplication of audio formats, not easy to navigate to make the right choice. 01net.com explains the main ones to make sure you do not go wrong. Be immersed in a match and live the same atmosphere as the stadium? This is certainly what every football lover dreams about in front of his television. If the image participates more and more, including the broadcast of some matches in 4K, the audio is still the poor relation of sports retransmissions. However, we do not buy a TV only to watch football (well, normally). It is therefore good to know what the different formats used for cinema sound mean. Not always easy to cope with the acronyms and logos displayed on the data sheets of the devices or on the pockets of DVDs and Blu-ray discs. These are the latter that will usually give you the most systematic access to multichannel audio formats, with several voices in the front, rear and a subwoofer. Netflix also offers some compatible content, both movies and series. Two...
Lire la suite