FCC investigating reports website flaw exposed mobile phone locations

The Federal Communications Commission said it was referring reports that a website flaw could have allowed the location of mobile phone customers to be tracked to its enforcement bureau to investigate.  A security researcher said that California-based LocationSmart data could have been used to track AT&T, Verizon, Sprint, and T-Mobile US consumers without consent within a few hundred yards of their location. Sen Ron Wyden (D-OR) urged the FCC to investigate, saying on Twitter a “hacker could have used this site to know when you were in your house so they would know when to rob it. A predator could have tracked your child’s cell phone to know when they were alone.” 

Gigi Sohn, a former top aide at the Federal Communications Commission during the Obama administration, said user location data has been at high risk since 2017 That’s when Congress repealed FCC privacy rules barring mobile wireless carriers from sharing or selling it without customers’ express “opt-in” consent. “At a bare minimum, consumers should be able to choose whether a company like LocationSmart should have access to this data at all,” she said.