location data – Cybersecurity Watch

Subaru Security Flaws Exposed Its System for Tracking Millions of Cars

Jan 24 2025

Security researchers discovered vulnerabilities in Subaru’s Starlink service that allowed them to track the locations of millions of cars, gaining access to up to a year's worth of detailed location data, including sensitive personal visits. Sam Curry and Shubham Shah demonstrated flaws that let them hijack car controls and access location histories by exploiting administrative weaknesses in Subaru's system. Though Subaru has since fixed the vulnerabilities, concerns remain about privacy regarding employee access to location data. Similar vulnerabilities have affected multiple automakers, highlighting broader issues in the automotive industry regarding data privacy and security.

https://www.wired.com/story/subaru-location-tracking-vulnerabilities/

AI Tool GeoSpy Analyzes Images and Identifies Locations in Seconds

location data

Jan 22 2025

GeoSpy, an AI tool by Graylark Technologies for law enforcement, analyzes photos to determine locations in seconds, revealing significant privacy risks. While originally intended for official use, public access led to misuse, including stalking. The tool requires no training, enabling any user to locate individuals via social media images despite stripped metadata. Concerns arise over potential abuse and the security of private data involved. GeoSpy's public access has now been restricted following reports of such misuse.

https://www.malwarebytes.com/blog/news/2025/01/ai-tool-geospy-analyzes-images-and-identifies-locations-in-seconds

A Breach of Gravy Analytics’ Huge Trove of Location Data Threatens the Privacy of Millions

breach, location data

Jan 14 2025

Gravy Analytics suffered a data breach, exposing millions' location data from various smartphone apps. The hacker leaked samples on a cybercrime forum, revealing over 30 million location points, which can track users' movements and even identify vulnerable individuals, such as those in LGBTQ+ communities. Unacast, Gravy's parent company, reported the breach to data authorities after discovering unauthorized access to its cloud data. Gravy Analytics' website is down as investigations continue, raising significant privacy concerns amid existing FTC bans on their data practices.

https://techcrunch.com/2025/01/13/gravy-analytics-data-broker-breach-trove-of-location-data-threatens-privacy-millions/

Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location

location data

Jan 13 2025

Thousands of popular apps, including Candy Crush and Tinder, may have been hacked to harvest users' location data, implicating rogue advertising industry members. This data, linked to apps from Gravy Analytics, shows extensive breaches through real-time bidding (RTB), allowing data brokers to access sensitive information without user or developer knowledge. The dataset reveals millions of device locations from various apps, including fitness and religious apps, raising privacy concerns and highlighting that many developers might remain unaware of such data exploitation.

https://www.wired.com/story/gravy-location-data-app-leak-rtb/