Pixel Envy

Written by Nick Heer.

Hacker Breaches Now-Ironically-Named Securus, a Company That Provides Cellphone Location Monitoring Software

Hey, remember Securus, the company I told you about last week that provides software that can monitor the location of most cellphones in the United States with only a phone number?

Joseph Cox, Vice:

A hacker has broken into the servers of Securus, a company that allows law enforcement to easily track nearly any phone across the country, and which a US Senator has exhorted federal authorities to investigate. The hacker has provided some of the stolen data to Motherboard, including usernames and poorly secured passwords for thousands of Securus’ law enforcement customers.

Although it’s not clear how many of these customers are using Securus’s phone geolocation service, the news still signals the incredibly lax security of a company that is granting law enforcement exceptional power to surveil individuals.

Cox reports that users’ passwords were hashed using MD5 which, as of a decade ago, was considered by the U.S. Office of Cybersecurity and Communications to be “cryptographically broken and unsuitable for further use”. I disagree with the notion that a private company can offer this sort of software with little legal oversight or scrutiny, but even if you think that’s totally okay, surely tracking the live location of hundreds of millions of people should be guarded with more than an email address and a badly-encrypted password.