viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users
Technology

Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users

04/08/2020

Photograph of a map app on a smartphone.

The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed, as well as limit location data usage by apps.

“Location data can be extremely valuable and must be protected,” an advisory published on Tuesday stated. “It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.”

NSA officials acknowledged that geolocation functions are enabled by design and are essential to mobile communications. The officials also admit that the recommended safeguards are impractical for most users. Mapping, location tracking of lost or stolen phones, automatically connecting to Wi-Fi networks, and fitness trackers and apps are just a few of the things that require fine-grained locations to work at all.

The cost of convenience

But these features come at a cost. Adversaries may be able to tap into location data that app developers, advertising services, and other third parties receive from apps and then store in massive databases. Adversaries may also subscribe to services such as those offered by Securus and LocationSmart, two services that The New York Times and KrebsOnSecurity documented, respectively. Both companies either tracked or sold locations of customers collected by the cell towers of major cellular carriers.

Not only did LocationSmart leak this data to anyone who knew a simple trick for exploiting a common class of website bug, but a Vice reporter was able to obtain the real-time location of a phone by paying $300 to a different service. The New York Times also published this sobering feature outlining services that use mobile location data to track the histories of millions of people over extended periods.

The advisory also warns that tracking often happens even when cellular service is turned off, since both Wi-Fi and Bluetooth can also track locations and beam them to third parties connected to the Internet or with a sensor that’s within radio range.

To prevent these types of privacy invasions, the NSA recommends the following:

  • Disable location services settings on the device.
  • Disable radios when they are not actively in use: disable BT and turn off Wi-Fi if these capabilities are not needed. Use Airplane Mode when the device is not in use. Ensure BT and Wi-Fi are disabled when Airplane Mode is engaged.
  • Apps should be given as few permissions as possible:
    • Set privacy settings to ensure apps are not using or sharing location data.
    • Avoid using apps related to location if possible, since these apps inherently expose user location data. If used, location privacy/permission settings for such apps should be set to either not allow location data usage or, at most, allow location data usage only while using the app. Examples of apps that relate to location are maps, compasses, traffic apps, fitness apps, apps for finding local restaurants, and shopping apps.
  • Disable advertising permissions to the greatest extent possible:
    • Set privacy settings to limit ad tracking, noting that these restrictions are at the vendor’s discretion.
    • Reset the advertising ID for the device on a regular basis. At a minimum, this should be on a weekly basis.
  • Turn off settings (typically known as FindMy or Find My Device settings) that allow a lost, stolen, or misplaced device to be tracked.
  • Minimize Web browsing on the device as much as possible, and set browser privacy/permission location settings to not allow location data usage.
  • Use an anonymizing Virtual Private Network (VPN) to help obscure location.
  • Minimize the amount of data with location information that is stored in the cloud, if possible.

If it is critical that location is not revealed for a particular mission, consider the following recommendations:

  • Determine a non-sensitive location where devices with wireless capabilities can be secured prior to the start of any activities. Ensure that the mission site cannot be predicted from this location.
  • Leave all devices with any wireless capabilities (including personal devices) at this non-sensitive location. Turning off the device may not be sufficient if a device has been compromised.
  • For mission transportation, use vehicles without built-in wireless communication capabilities, or turn off the capabilities, if possible.

Mobile phone use means being tracked

Patrick Wardle, a macOS and iOS security expert and a former hacker for the NSA, said the recommendations are a “great start” but that people who follow the recommendations shouldn’t consider them anything close to absolute protection.

“As long as your phone is connecting to cell towers, which it has to in order to use the cell network… AFAIK that’s going to reveal your location,” Wardle, who is a security researcher at the macOS and iOS enterprise management firm Jamf, told me. “It, as always, is a tradeoff between functionality/usability and security, but basically if you use a phone, assume that you can be tracked.”

He said that recent versions of iOS make it easy to follow many of the recommendations. The first time users open an app, they get a prompt asking if they want the app to receive location data. If the user says yes, the access can only happen when the app is open. That prevents apps from collecting data in the background over extended periods of time. iOS also does a good job of randomizing MAC addresses that, when static, provide a unique identifier for each device.

More recent versions of Android also allow the same location permissions and, when running on specific hardware (which usually come at a premium cost), also randomize MAC addresses.

Both OSes require users to manually turn off ad personalization and reset advertising IDs. In iOS, people can do this in Settings > Privacy > Advertising. The slider for Limit Ad Tracking should be turned on. Just below the slider is the Reset Advertising Identifier. Press it and choose Reset Identifier. While in the Privacy section, users should review which apps have access to location data. Make sure as few apps as possible have access.

Change some settings

In Android 10, users can limit ad tracking and reset advertising IDs by going to Settings > Privacy and clicking Ads. Both the Reset Advertising ID and Opt Out of Ads personalization are there. To review which apps have access to location data, go to Settings > Apps & notifications > Advanced > Permission Manager > Location. Android allows apps to collect data continuously or only when in use. Allow only apps that truly require location data to have access, and then try to limit that access to only when in use.

Tuesday’s advisory also recommends people limit sharing location information in social media and remote metadata showing sensitive locations before posting pictures. The NSA also warns about location data being leaked by car navigation systems, wearable devices such as fitness devices, and Internet-of-things devices.

The advice is aimed primarily at military personnel and contractors whose location data may compromise operations or put them at personal risk. But the information can be useful to others, as long as they consider their threat model and weigh the acceptable risks versus the benefits of various settings.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

Rookie coding mistake prior to Gab hack came from site’s CTO
Gab.com Over the weekend, word emerged that a hacker breached …

Rookie coding mistake prior to Gab hack came from site’s CTO

PerceptiLabs’ drag-and-drop interface makes ML modeling easier and faster
One of machine learning’s promises is to help humans do …

PerceptiLabs’ drag-and-drop interface makes ML modeling easier and faster

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Withings raises $60 million to develop connected health services for companies
    Withings raises $60 million to develop connected …
    28/07/2020
  • PlayStation 5: Mark Cerny’s deep dive into SSD memory
    PlayStation 5: Mark Cerny’s deep dive into …
    19/03/2020
  • 2020 will be a big year for online childcare — here are 7 startups to watch
    Original Content podcast: Netflix’s ‘6 Underground’ is …
    12/01/2020
  • Microsoft reports $38 billion in Q4 2020 revenue: Azure up 47%, Surface up 28%, and LinkedIn up 10%
    Microsoft reports $38 billion in Q4 2020 …
    22/07/2020
  • Uber begins mapping Washington D.C. for self-driving vehicles
    Coronavirus fears halt autonomous vehicle testing for …
    17/03/2020

Popular Posts

  • US government strikes back at Kremlin for SolarWinds hack campaign
    US government strikes back at Kremlin for …
    15/04/2021 0
  • Top 10 Places Creepier Than Stephen King’s …
    17/03/2021 0
  • Top 10 Things You Should Know About …
    17/03/2021 0
  • I was a teenage Twitter hacker. Graham Ivan Clark gets 3-year sentence
    I was a teenage Twitter hacker. Graham …
    17/03/2021 0
  • DDoSers are abusing Microsoft RDP to make attacks more powerful
    ~4,300 publicly reachable servers are posing a …
    18/03/2021 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2021 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh