The National Security Agency (NSA) has advised those involved in sensitive lines of work, as well as the privacy-conscious, to deactivate many common smartphone features to prevent leaking insights from their location data.
Equipment such as wireless sniffers can be used to track your location data through any combination of GPS and wireless signals such as Wi-Fi and Bluetooth, even if mobile phone service is deactivated, the NSA has claimed.
Even if all wireless radios are disabled on your smartphone, various sensors on your device provide sufficient data to calculate location, while Bluetooth settings in some devices mean it can never truly be disabled, betraying your data.
The risk extends beyond smartphones, to Internet of Things (IoT) devices and fitness trackers as well as smart medical devices and built-in vehicle communications. Apps and social media services, meanwhile, may collect and aggregate data that exposes a user’s information. Many of these request permission for location and other resources that are not needed for their functioning.
“Location data can be extremely valuable and must be protected. It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations,” the advisory said.
“Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Most users rely on features disabled by such mitigations, making such safeguards impractical. Users should be aware of these risks and take action based on their specific situation and risk tolerance.”
RELATED RESOURCE
Staying ahead of the game in the world of data
Create successful marketing campaigns by understanding your customers better
The organisation, speaking to the sensitive nature of the work done by US security officials and others in sensitive roles, added that users should apply mitigations to the greatest possible extent.
Those concerned about compromising their location data should disable location services as well as Bluetooth and Wi-Fi when these services aren’t needed. Airplane mode should also be enabled when devices aren’t in use.
In addition, apps should be given as few permissions as possible, including setting privacy settings to ensure apps are not using or sharing location data. Users should also avoid using apps related to location if possible since these inherently expose user location data.
Among other changes, advertising permissions should also be disabled to the greatest possible extent and the advertising ID should be reset on a regular basis, weekly at a minimum. This is in addition to using a virtual private network (VPN), turning off features that allow you to track a lost or stolen device, and minimise web browsing.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Hackers are lying low in networks to wage critical infrastructure attacks - here’s how they do itNews Hackers are researching key IT workers in their bid to gain access to vital systems
-
ASUS, Cisco, Netgear devices exploited in ongoing Chinese hacking campaignNews Critical national infrastructure is the target of sustained attempts from state-sponsored hackers, according to Five Eyes advisories
-
US reveals bespoke tool that took down Russian malware operationNews Snake had been used to steal NATO countries’ data for 20 years
-
Move away from memory-unsafe languages like C and C++, NSA urgesNews The US agency advises organisations to begin using languages like Rust, Java, and Swift
-
US gov issues fresh warning over Russian threat to critical infrastructureNews The FBI, NSA and CISA have urged network defenders to be on "heightened alert" for Russian cyber attacks
-
NSA hands serious flaw to Microsoft rather than use itNews Patch Windows 10 now, as the NSA has spotted a bug impacting security certificates
-
100GB of secret NSA data found on unsecured AWS S3 bucketNews The data related to a failed NSA cloud collaboration project
-
Kaspersky claims pirated Office software was behind NSA exploit leak
News The company has released the early results of its investigation into the 2014 incident
