STCS, a Saudi telecommunications company, operated a server that contained thousands of constantly updated GPS locations before Motherboard contacted the organization about the problem.
It is not known what the GPS locations meant, however, they indicated places in Saudi Arabia and allegedly arrived here from various brands of GPS trackers, according to the knowledge of the exposed server. Knowledge was not meant to be public, judging by the reaction of the STCS to correct the server’s exposure once aware of the problem.
“STCS: the leading telecommunications and IT provider in Saudi Arabia,” says the STCS website.
A source that did not supply its call sent motherboard the IP of the exposed server. It contained an instance of Kibana, a knowledge classification and visualization software. The knowledge included an uninterrupted list of updated entries, with date and time, latitude and longitude coordinates, and gps tracker mark. The last 15 minutes of slippery knowledge had more than 140,000 entries.
Do you know any other knowledge exposures? We’d like to hear from you. Using a non-professional phone or computer, you can safely tap Joseph Cox on Signal on ’44 20 8133 5190, Wickr on josephcox, OTR chat on [email protected] or send an email to [email protected].
Motherboard drew a snapshot of knowledge on a map and discovered that the vast majority of places were in Saudi Arabia, adding a handful in China and off the coast of West Africa. The motherboard publishes the map because we know precisely what GPS locations are, so we know how delicate knowledge is.
STCS offers its consumers several other products, such as big data, cybersecurity and the Internet of Things, according to its website.
“The server used to verify some internal services,” Said Khalid Alotaibi, security architect at STCS, in an email after Motherboard contacted the company. “We guarantee that we have solved the challenge and will make sure it doesn’t happen again in the future.”
Alotaibi did not answer a follow-up question what GPS locations meant.
Subscribe to our cybersecurity podcast, CYBER.