For information, LocatiSmart is a company that collects mobile customer locati data from leading carriers, including Veriz, AT & T, Sprint and T-Mobile in the US, and then sells them to others. companies for various reass. including compliance, cybersecurity and proximity marketing.
Until the vulnerability was discovered, LocatiSmart offered a test page allowing anye to enter their phe number, cfirm the request by SMS or phe, and view their approximate locati in real time.
The problem, as Xiao discovered, was that the web page had a bug that allowed anye with the technical skills to bypass the phe number verificati process and see the real-time locati of any subscriber to most major carriers in the US, in additi to Bell, Rogers and Telus in Canada.
In a blog post, Xiao explains that the bug is essentially to request locati data in JS format, instead of the default XML format:
If you make the same request with requesttype = locreq.js, you get the full data locati without csent. That's the heart of the bug. Essentially, this requires locati data in JS format, instead of the default XML format ….
