FCC is currently investigating LocationSmart Over User Data Leak

A preliminary investigation has been started by the Federal Communications Commission to take an action on LocationSmart. The company that is based in California found itself in a trouble after leaking location permissions of mobile phone users. The LocationSmart identifies the location of the mobile phone users who are using AT&T, Sprint, T-Mobile and Verizon. The company is claiming that it provides the location under legitimate and authorized law but Krebs said that the demo tool on the LocationSmart can be used to look-up anyone and track them in real time.

“I can confirm the matter has been referred to the Enforcement Bureau,” wrote FCC spokesman Neil Grace in a Friday afternoon email to Ars. The company haven’t responded to any direct questions but it did release a statement stating that the company strives to bring the secure operational efficiency to its customers. “LocationSmart is extending its efforts to verify that not a single subscriber’s area was accessed without their permission and that no other vulnerabilities exist,” Brenda Schafer, a company spokeswoman wrote in an email. “LocationSmart is assigned to continuous improvement of its data privacy and security measures and is incorporating what it has learned from this incident into that process.”

The New York Times said that the location aggregating industry has functioned with no regulation and has been an oversight by the government. Senator Ron Wyden said that these location aggregation based companies must be regulated by law enforcement agencies. He also said that he was pleased that FCC has opened an investigation into the reported data leak. The negligent attitude while handling the private user data must be stopped by the companies. He also called on the FCC Chairman Ajit Pai, who served as an attorney for Securus in 2012, to recuse himself from any related investigation.

“Chairman Pai’s past work for Securus makes it untenable for Mr Pai to lead this investigation,” he said.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil