Phone Carriers Selling Customer Location Data

Written by

Bounty hunters are able to leverage a somewhat dubious skeptical service available through major telecom companies, including T-Mobile, AT&T, and Sprint, according to Motherboard.

A researcher reportedly paid $300 to a bounty hunter who was then able to geolocate a phone down to a location in a specific neighborhood only blocks away from the actual location of the targeted phone. According to a blog post from Motherboard’s Joseph Cox, these surveillance capabilities are available to individuals and businesses and sometimes sold through word of mouth.

“At least one company, called Microbilt, is selling phone geolocation services with little oversight to a spread of different private industries, ranging from car salesmen and property managers to bail bondsmen and bounty hunters, according to sources familiar with the company’s products and company documents obtained by Motherboard,” Cox wrote.

In addition to telecoms selling cell phone location data to company, the researcher said that there is a trickle down effect with the information, which could land in the wrong hands.

“Your mobile phone is constantly communicating with nearby cell phone towers, so your telecom provider knows where to route calls and texts. From this, telecom companies also work out the phone’s approximate location based on its proximity to those towers,” Cox said.

As we rely more on connected devices, our data is everywhere and becoming accessible to parties often unknown to us, and we may not have given consent for our data to be shared. “With each data transaction, the potential for the new party to either leak data, fall victim to compromise, or further share the data means that very quickly there's no control or governance,” said Ben Johnson, co-founder and CTO, Obsidian Security.

“Sadly, most of us assume not only that what we deliberately put on the Internet will fall into unauthorized hands but that data generated by our devices, services and even our human networks will be utilized in various ways we haven't authorized. Every copy of data is a liability, and until those who collect or generate this data have better guiding principles and scrutiny, we must assume that our data and data about us is everywhere.”

What’s hot on Infosecurity Magazine?