PITTSBURGH, PENNSYLVANIA — A company that collects real-time location data of millions of cell phone users throughout North America had a bug on its website that let anyone see where a person was located without having to obtain consent. <br /><br />LocationSmart is a data aggregator and says it has "direct connections" to cell carriers to obtain location information from nearby cell towers, according to ZDNet.<br />The website has a trial-page that allows interested customers to test the accuracy of the system. <br /><br />The page requires explicit consent from the user before location data can be collected by sending a one-time text message. <br /><br />However, a bug on the website discovered by Carnegie Mellon University researcher Robert Xiao, allowed anyone to track someone's location without their consent. <br />Xiao told ZDNet, a simple bug allowed a person to skip the consent section and jump straight to the location. <br /><br />In a statement from spokesperson Brenda Schafer, LocationSmart "confirmed that the vulnerability was not exploited prior to May 16, and did not result in any customer information being obtained without their permission."<br />Xiao said the bug may have exposed almost every cell phone user in North America, around 200 million customers, ZDNet reported.
