On Location-Based Services Security

Monday, April 09, 2012

Robert Siciliano

37d5f81e2277051bc17116221040d51c

Location-based services utilize geo-location information to publish your whereabouts. In some cases, these services can also provide discounts or freebies as a reward for “checking in” at participating businesses and gathering “points.”

These services can also be used to share photos and other media in real-time with your friends and followers.

Geo-location or geo-tagging can be used on PCs, but is primarily applicable to mobile phones. The geo-location software usually obtains its data from your device’s Internet protocol (IP) address or your global positioning System (GPS) longitude and latitude.

Many of today’s social networking sites are now incorporating location-based services that allow users to broadcast their locations via smartphone.

Carnegie Mellon University has identified more than 80 location-sharing services that either lack privacy policies or collect and save user data for an indefinite period of time.

Some companies have even adopted the technology, which they’ve dubbed “GPS dating,” to connect singles with other local singles anywhere, any time. These dating services make it easy to find other users by providing photos and personal descriptions.

This technology is immensely useful to predators, thieves, and other criminals, since it makes it so simple to determine where you are, and where you are not. They can access a full profile of your itinerary, all day, every day. Someone who is paying unwanted attention to you can see your exact address each time you “check in.”

One of the most extreme examples of the dangers posed by GPS-locators is the issue of domestic abuse victims who seek safety at a shelter; volunteers have adopted a policy of removing batteries from women’s phones as soon as they arrive, so that abusers cannot track their victims to the shelter.

Thieves use geo-location to determine whether you are home or not, and then use that data to plan a burglary.

Stalkers who use the phone’s GPS are usually close to the victim—a family member or ex-boyfriend or girlfriend, for example—and use their personal access to manually turn on GPS tracking.

To protect yourself from broadcasting your location, you should:

Turn off your location services on your mobile phone or only leave it enabled for applications like maps. Most geo-location services are turned on by default.

Be careful on what images and information you are sharing on social networks and when. For example, it’s best to wait until you are home to upload those vacation photos.

Make sure you check your privacy settings on your social networking sites that you’re sharing information on to make sure you are only sharing information with your friends and not everyone.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing GPS Dating Security on Good Morning America. (Disclosures)

Possibly Related Articles:
8100
Privacy Risk Management Social Networking Security Awareness Social Media Mobile Devices geo-location Location-based Services Data Collection
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.