The vulnerability was found in a website run by LocationSmart, a company that aggregates cellular location data so it can be used by third parties — such as app developers — to verify users’ locations or send location-based promotions.
LocationSmart has location data for all four of America’s largest wireless providers: AT&T, (ATT)Verizon (VZ), T-Mobile (TMUS) and Sprint (S).
The flaw was discovered by Robert Xiao, a security researcher at Carnegie Mellon University, and reported Thursday by KrebsOnSecurity.
KrebsOnSecurity, a popular cybersecurity blog run by Brian Krebs, said it “verified” the vulnerability could be exploited to reveal the location of “any” phone on the four major US cell phone networks as well as several other smaller providers.
Read More from CNN Here