The most alarming data brokering issue yet happened last week & you likely didn't know how vulnerable you and your family were
Bottom Line: If you use a mobile device you're well aware of the "location enabling" that takes place on devices. Simply, if you want info from an app that's based on what's around you, you're asked to agree to enable location services to obtain it. But did you ever think of how that process happens (for a third-party app to know exactly where you are to provide that information)? Enter our ole' friend data brokering. While your "native apps" (those that come on the device) might be able to use direct location information directly from your device, many services and most third-party apps need an extra step to obtain and interpret information for your devices. One of the leaders in that kind of data collecting and brokering is LocationSmart.
Like most data brokers, you probably didn't know they existed, but they certainly know about you. Their job is to take location service information and perpetuate it to third parties to provide the location enabling services you've asked to enable. That's all good for a user perspective generally but think of the implications if something goes wrong. Last Thursday it did...big time.
LocationSmart has location-based data in real-time from users all four of the major mobile service providers (AT&T, Sprint, T-Mobile and Verizon). Something occurred last week that created a vulnerability with user data that allowed any hacker who was inclined to watch users based on the location of their mobile devices in real-time. You can see how bad this had/has the potential to be in the wrong hands. It's unclear if the information fell into the wrong hands as the flaw was discovered by a security researcher from Carnegie Mellon, not the company. Brian Krebs of KrebsOnSecurity made this statement: Anyone with a modicum of knowledge about how Web sites work could abuse the LocationSmart demo site to figure out how to conduct mobile number location lookups at will, all without ever having to supply a password or other credentials,"
Yikes. Doesn't exactly inspire confidence does it? LocationSmart said they've since fixed the vulnerability. But here's the cautionary tale of something that you probably didn't know existed that potentially put you and your family, your home, in harm's way. That to me is the real story of the Facebook Cambridge scandal and this one. What data brokering is, how pervasive it is and how easy it is for something to really go wrong. The issue here is far more troubling than the others however. Are we going to stop using location services? As long as the answer is no, then the potential for problems like this one can exist.