Print

The U.S. National Security Agency (NSA) today has published guidance on how to expose as little location information as possible while using mobile and IoT devices, social media, and mobile apps. As the agency explains, protecting your geolocation data can be the difference between being tracked wherever you go or knowing that your location can't be used to monitor your movements and daily routine. "Location data can be extremely valuable and must be protected," the NSA explains [PDF]. "It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations." However, as the NSA adds, "[w]hile the guidance in this document may be useful to a wide range of users, it is intended primarily for NSS/DoD system users." Devices like smartphones and tablets use a combination of methods to determine a user's location including Global Positioning System (GPS) and wireless signals such as wireless Wi-Fi, cellular, and Bluetooth. Disabling these radios can drastically reduce the exposed location data by blocking devices from sharing real-time geolocation information with cellular providers or rogue bases stations when powered on or during use. This can also prevent threat actors from determining your device's location with the help of wireless sniffers which calculate it based on signal strength. However, even if disabled, when some device radios are re-enabled they may still transmit saved location information. IoT devices also add to the location data exposure risks since they can store location information about other devices in their range, info that can later be exposed when accessed and viewed by unauthorized third-parties. Using apps with permissions to use your location also increases the risk of exposing your geolocation data, just as photos with embedded location data shared on social media. "Apps, even when installed using the approved app store, may collect, aggregate, and transmit information that exposes a user’s location," the NSA adds. Depending on the risk level of exposing their location that users are comfortable with, the NSA shared a number of measures that should lower the risk of exposing one's location while using mobile devices and apps. However, "[p]erhaps the most important thing to remember is that disabling location services on a mobile device does not turn off GPS, and does not significantly reduce the risk of location exposure," the NSA explains. "Disabling location services only limits access to GPS and location data by apps. It does not prevent the operating system from using location data or communicating that data to the network." The NSA says that those who want to prevent location data collection from their devices can take these mitigation measures to limit their exposure For more complete details visit OUR FORUM.