reader feedback 29
Securus applied sciences—the company that offers a geolocation provider used for cellular phone tracking with the aid of law enforcement agencies—has been hacked, exposing the usernames and weakly blanketed passwords of thousands of customers. The adult claiming to be liable for the breach supplied one of the data to Motherboard’s Joseph Cox, together with an evidence of the way it become obtained. Securus has now not proven the breach.
Securus, which presents telephone services for prisons, began providing place-based tracking to aid prisons tune the place inmates’ calls had been definitely going to. This allowed prisons to “geofence” areas “linked to illegal recreation,” as a redacted Securus brochure posted online through the electronic Frontier basis suggests. however that same service can also be used to reveal the place of mobile phones on a map. The carrier, known as GeoLoc, “offers the approximate region of the cellular equipment being referred to as at each the starting and the end of the call,” the Securus advertising and marketing fabric states.
but the statistics Securus uses for GeoLoc can even be used for different functions—including tracking the location of well-nigh any cellular phone. an internet-based software from Securus, called Securus call Platform, allows law enforcement officers to log in from a browser and run searches for cellular devices with out requiring an outbound call.
As Ars stated on can also 12, Securus’ area carrier extracts information from other facts-brokerage services and location-services providers that purchase machine-area facts from mobile providers. These services obtain the information generally for “wealthy communications services”—vicinity-based mostly promoting capabilities, which enable marketers to ship presents and coupons by means of SMS and MMS texts, cellular internet adverts, and other applications to valued clientele when they’re near a selected retailer. region counsel may also be received by means of the mobilephone tower the equipment is related to or by the use of Assisted GPS—the know-how used through 911 systems to find cellular callers.
in response to Motherboard, the individual who breached Securus’ network supplied a number of data as proof, including a spreadsheet with tips from a database named “police.” That file contained greater than 2,800 usernames, email addresses, and get in touch with numbers, as well as hashed account passwords. Some of these passwords looked as if it would were already cracked, Cox observed, while the the rest have been MD5 hashes of passwords—notwithstanding Cox wrote that it wasn’t clear even if the passwords that were in plain text had been cracked or in the event that they had been in plain text to start with. The MD5 hashing algorithm has long been effortless to crack.
on the grounds that the application is internet primarily based and the website allows for “anyplace, anytime entry to all device controls” for the Securus call device, the usernames and passwords might conceivably be used to benefit access to now not simply machine place facts but prisoner cell information and different delicate data. A outdated breach at Securus mentioned by way of The Intercept exposed data on 70 million recorded prisoner cellphone calls, together with calls between prisoners and their attorneys.