Chinese Social Media Giant Xiaohongshu Eyes Hong Kong IPO at Over $70 Billion Valuation 
Meta Seeks Legal Shield From Child-Harm Lawsuits Amid KOSA Talks 
Anthropic AI Model Uncovers Vulnerabilities in Classified U.S. Government Systems During Security Test 
Qualcomm Nears $4 Billion Acquisition of AI Chip Startup Modular 
Trump Says Anthropic No Longer Seen as National Security Threat 
SK Hynix Moves Closer to New York ADR Listing Amid AI Chip Boom 
Apple Signals Product Price Hikes Amid Rising Memory Chip Costs 
SpaceX Stock Slides After IPO Rally as Valuation Concerns Grow 
Google’s Open-Source AI Data Center Cooling Design Raises Commoditization Concerns 
Trump’s Quantum Push Lifts IBM Stock as CEO Arvind Krishna Receives White House Praise 
Google Gemini Co-Lead Noam Shazeer Leaves for OpenAI Amid AI Talent Race 
Cerebras Revenue Forecast Tops Expectations, but Margin Concerns Weigh on Stock 
How AI prompting turned writerly description into an everyday skill 
Samsung Electronics Stock Surges on Report of Massive $59 Billion Share Buyback Plan 
The California-based company LocationSmart has been in several headlines lately as reports claim they were involved in a massive selling of sensitive data that potentially exposed real-time location data of mobile users in the United States.
Now, LocationSmart is subjected to aonther unflattering report as KrebsOnSecurity revealed that the company's widely available tool had a bug that possibly leaked sensitive and private location data.
Anyone who knows how to exploit the said bug reportedly had the ability to track a mobile device in real-time even without entering any log-in details or without having to go through a verification process.
Meanwhile, KrebsOnSecurity has informed LocationSmart of the glitch and the latter has since shut down their bugged online service on Thursday, May 17. It is believed that the bug posed a threat to anyone in the United States using the services of major carriers including AT&T, Sprint, T-Mobile, and Verizon.
Security researcher Robert Xiao also helped explain how easy it was to manipulate the bug through LocationSmart’s free demo tool, which the company has been offering as a trial product to its potential customers.
A user can track his own device by entering in the demo tool their name, mobile number, and email address. LocationSmart’s tool, then, forwards a message to the device that contains a request to send data to a cellular tower close to the device. Once permission is granted, the tool collects “approximate longitude and latitude” then maps out the device’s location through Google Street View services.
However, Xiao further explained that the bug in LocationSmart’s demo tool might have allowed someone to bypass the necessary verification process to avoid unauthorized collection of data.
Meanwhile, to test whether the demo tool’s glitch was indeed working, KrebsOnSecurity and Xiao tested it with “five different trusted sources” who gave permission to participate in the experiment. The report further said that Xiao’s methods worked “within a few seconds” and have accurately located all five sources.
