Geo-location is potentially major security risks

by Michael Smith (Veshengro)

If you value your privacy and your security (not just your online one) then do not use geo-tagging

According to IT security and compliance specialist Cryptzone geo-location tagging security issues are likely to be a major issue in 2012 – and that many users of smartphones are unaware of the potentially serious security consequences of their use of the technology.

Most smartphones now have native GPS/satnav features, the default setting for most pictures – and videos – taken with these devices is to embed the GPS co-ordinates along with the date and time that the image was taken. This can have serious security implication for the person, and his home.

It is saying to any criminal who might know where this person lives “hi, my home is empty... come and burglarize it.”

When smartphones upload these images to the Internet – to portals such Facebook or Flickr – there is a very strong chance that they will also upload the GPS data as well. This information could be subsequently misused by third parties, perhaps for stalking purposes, for general crime and even cybercrime.

Too many users of Facebook and other such portals put too much information on to those forums but with geo-location tagging a simple picture of one's home, one's place of work, etc., immediately makes it findable on any map and via a satnav.

Since most human activities online have some kind of a location aspect, this brings both opportunities and significant risks, especially when it comes to location tagging.

Many people are too careless already by putting way too much information into their profiles, whether on Facebook, LinkedIn, MySpace, or wherever, which is one of the main reason why each and every holiday season the warning is being issued to them not to post pictures, etc., from their vacation spots.

Add geo-location tagging into that equation, and even just having the geo-location tagging used, and you have the recipe for disaster, including serious crime.

Cybercriminals are now starting to crowdsource information that is available on the Internet – using open source software such as Maltego – and then tying in geo-location data from photos.

Then you also have sites such as Youhavedownloaded.com – an open source data site – that lists the IP addresses of around 20 per cent of files that have been shared across the Internet.

So far Suren Ter-Saakov – the Russian IT expert behind this portal – claims to have crowdsourced around 50 million unique IP addresses that have file-shared all manner of music, video and software files.

And when you start to tie all this information together – related photo information, the GPS coordinates of where an image or video was taken, and the IP addresses of users – you start to assemble a pastiche of the user. From this data, you then can begin to assemble a profile of the user and what their habits are.

This is why geo-location data is potentially so dangerous, as it can be used to bolster other information that is available on the Internet, and which can readily be assembled using software like Maltego.

From there it is then a relatively easy step to perform a highly targeted phishing or similar type of attack on the individual – using information about their location, their interests and other data derived from, say, their Facebook profile.

Geo-location and -tagging brings with it many new opportunities, but there are significant and serious dangers associated with this pool of information. And no matter how many times the experts say it, this type of information is not as anonymous as you might think.

So, what do you do?

  1. You turn off geo-location tagging, whether on your smartphone or your laptop/netbook and you also do the same on Facebook, etc., where this possibility exists.

  2. You check very carefully as to what you have on information in your profiles, whether on Facebook, Blogger, Twitter, LinkedIn, or what-have-you, and make sure that you have minimum information on there only, and have the security settings, even with the minimum information, set to the highest settings.

Only the other day I have seen someone on a forum where I am a member, and – theoretically it is a members only one with the entire site hidden – where people are often rather paranoid, posting their personal telephone numbers and such. This is highly dangerous.

So, let's be careful out there and let's be careful what we “share” online.

© 2011