Electronic devices willingly share location data using a variety of technologies
NSA Warns of Location Data Exposure
The US National Security Agency (NSA) issued a warning about unknowingly sharing location to any service. Location can be tracked regardless of whether the device owner has given their permission or has knowledge of the tracking.
Use of any mobile device exposes the user’s real-time location information. Electronic devices willingly share their location using a variety of technologies with cellular providers every time they connect to a network. That means a cellular service provider, like Verizon or AT&T, can track a user as they travel. But so can anyone else close by with the ability to intercept radio signals.
Any connected device risks unknowingly and unwillingly giving away location data. Both desktop and mobile devices use Global Positioning System (GPS), cellular wireless data (WiFi) , and Bluetooth Connection information to calculate location data.
Advertisers routinely purchase information about mobile device users, including location information which gives them access to shopping habits and behaviors. Threat actors can also intercept this data with inexpensive equipment camped out to pick up signals from nearby mobile devices.
Apps, web browsers, and websites also access phone sensor data – without user permission – and web browser information to collect location data.
“Location data can be extremely valuable and must be protected. It can reveal details about the number of users in a location, user and supply movements, daily,“ says the NSA bulletin.
But computers and phones are not the only devices at risk. Any Internet of Things (IoT) device – fitness trackers, smartwatches, smart medical devices, and vehicle navigation apps, smart TVs, IoT light bulbs, thermostats, and home security – all run the risk of sharing information without the owner’s knowledge.
Even if GPS and cellular data is shut off, a mobile device’s position can be calculated using WiFi and or Bluetooth. Even is the device is not actively using cellular service, sniffers can be used to geolocate its position.
Disabling Bluetooth on a device to safeguard location may not be possible. This is so even if the device has a setting to shut off Bluetooth data. Furthermore, when Bluetooth is turned back on, stored position data may be transmitted.
Beware of Apps Giving Away Location Data
Beware of apps that share your location information. For example, many social media apps automatically tag your location whenever you post a photo, check in to a business or mention a public place. However, even if a photo is not tagged with location metadata, you may be unintentionally giving away your location with the contents of the image or video. When you post a vacation photo online you are letting the public, including criminals, know that you are not at home.
“Perhaps the most important thing to remember is that disabling location services on a mobile device does not turn off GPS and does not significantly reduce the risk of location exposure. Disabling location services only limits access to GPS and location data by apps. It does not prevent the operating system from using location data or communicating that data to the network.”
How to Safeguard Your Location
The NSA has a checklist on how to limit location data sharing from a device:
- Turn off location data on your mobile devices
- Disable radio signals – Bluetooth and WiFi – when they are not needed
- Avoid apps that rely on location data to work. For example, don’t leave a map application , like Google Maps, open at the time with your location data turned on.
- If a mobile app does not need your location to function, then don’t allow it to access your location. Shady apps frequently ask for access to contacts, messages, phone call data, and location information even when they’re not necessary for the app’s features.
This warning is intended mostly for national security and defense workers. However, sharing location data encroaches on user privacy and poses a security risk to anyone with sensitive information on their phone or computer.