NSA Issues Security Guidelines on Mobile Location Data
The National Security Agency (NSA) has warned the public about mobile location data and other inter-connected devices, saying that it could pose a security threat for users if it were to be accessed by adversaries.
The NSA released the guidance as a warning for the Defense Department staff and other agencies with access to sensitive federal systems.
The NSA noted that it could be "useful to a wide range of users," and not just government agencies.
The NSA said through their guidance that using a mobile device, even just powering it on, exposes users' location data.
"Mobile devices inherently trust cellular networks and providers, and the cellular provider receives real-time location information for a mobile device every time it connects to the network," NSA was quoted in a report.
This means a provider can keep track of users nationwide. However, this could prove useful in some scenarios.
These scenarios include 911 calls, which can be used to save lives. However, government personnel with location sensitivities might have risks.
The NSA said that if an adversary can influence or control the provider, mobile location data might be compromised.
The security agency also said that even if the GPS or cellular data are switched off, mobile location data could be tracked, indicating that location could be tracked through WiFi and Bluetooth connections.
Websites and apps can also access or guess the location of the users.
On the other hand, the NSA also said that inter-connected devices could also be used to collect and expose sensitive location data of any mobile device they are hooked up.
These inter-connected devices are fitness trackers, smartwatches, medical devices, and household smart devices.
The NSA added that apps and social media accounts could be risky when it comes to privacy location data. The agency said that pictures posted on social media platforms have hidden metadata, including locations.
The NSA recommended that individuals disable location services settings on internet-connected devices to limit potential security breaches.
The security agency said to use the airplane mode when mobile devices are not in use and ensure that apps are not permitted to track the user's mobile location data.
"While it may not always be possible to completely prevent the exposure of location information, it is possible -through careful configuration and use - to reduce the amount of location data shared," the NSA wrote.
The NSA said that awareness is the first step.
NSA Guidance
The NSA guidance was a response to an occurrence that happened two years ago. It was when the Defense Department prohibited the use of fitness trackers, smartphones, and other devices with geolocation services for all deployed staff.
In a 2018 report, Pentagon said that it was reviewing policies on inter-connected devices after it was revealed that Strava, a fitness tracking app, maps people's exercise habits, could have shown the locations of U.S. security forces.
Pentagon spokesman Col. Rob Manning said before that this is a way to make sure they are not giving the enemy an unfair advantage, as well as not showcasing the exact location of the troops worldwide.
Check these out:
Instacart Customers Data Sold on Dark Web, Report Says