Streaming List of GPS Locations Exposed From Saudi Telecom Provider

STCS, the leading telecom provider in Saudi Arabia has been found to have exposed a list of GPS Locations. The telecom runs a server containing hundreds of thousands of constantly updated GPS locations before Motherboard contacted the organization about the issue.

It is not clear what the GPS locations referred to, but they pointed to locations spread throughout Saudi Arabia and were seemingly sourced from a variety of brands of GPS trackers, according to data in the exposed server. The data was not supposed to be public, judging by STCS' reaction of fixing the server exposure once aware of the issue.

The IP address of the exposed server which contained an instance of Kibana, a piece of software for sorting and visualizing data was sent to the motherboard from an unknown source.The data included a rolling list of regularly updated entries, with the date and time, latitude and longitude coordinates, and the brand of the GPS tracker. The last 15 minutes of rolling data had over 140,000 entries.

STCS offers clients multiple different products, such as those in big data, cybersecurity, and the internet of things, according to its website.

"The server was used for testing some internal services," Khalid Alotaibi, a security architect with STCS, wrote in an email after Motherboard reached out to the company. "We assure you that we fixed the issue and will make sure that it will not occur again the future."Alotaibi did not respond to a follow-up question asking what the GPS locations referred to.