NSA shared tips on Limiting Location Data Exposure

Image by Fry1989 from Wikimedia Commons

Today, The U.S. National Security Agency (NSA) has published guidance on how to expose as little location information as possible while using Mobile, Social media, Mobile apps and IoT devices. NSA explains that protecting your Geo-location data can be the difference between being tracked wherever you go or knowing that your location can't be used to monitor your movements and daily routine.

NSA also explains that Location data can be extremely valuable and must be protected. It can reveal details about the number of users in a location, daily routines, user and supply movements, and can expose otherwise unknown associations between users and locations. Agency also added that while the guidance in this document may be useful to a wide range of users, it is intended primarily for NSS/DoD system users.

Risks from Location Exposure

Devices like tablets and smartphones use a combination of methods to determine a user's location including Global Positioning System (GPS) and wireless signals such as wireless Wi-Fi, bluetooth, and Cellular network.
Disabling these radios can reduce the exposed location data by blocking devices from sharing real-time Geo-location info with cellular providers or rogue bases stations when powered on or during use.
This can also prevent attackers from determining your device's location with the help of wireless sniffers which calculate it based on signal strength.
Embedded devices like IoT also add to the location data exposure risks since they can store location information about other devices in their range, information that can later be exposed when viewed and accessed by unauthorized third-parties.
Using applications with permissions to use your location also increases the risk of exposing your Geo-location data, just as photos with embedded location data shared on social media.
Applications, even when installed using the approved app store, may collect, aggregate, and transmit info that exposes a user’s location.
Geo-location information contained in data automatically synced to cloud accounts could also present a risk of location data exposure if the accounts or the servers where the accounts are located are compromised.
Websites use browser fingerprinting to harvest location info, and Wi-Fi access points and Bluetooth sensors can reveal location information.

Mitigation to limit Location Exposure

The NSA shared a number of measures that should lower the risk of exposing one's location while using mobile devices and applications depending on the risk level of exposing their location that users are comfortable with. NSA explains that the most important thing to remember is that disabling location services on a mobile device does not turn off GPS, and does not significantly reduce the risk of location exposure. Disabling location services only limits access to GPS and location data by applications. It does not prevent the OS from using location data or communicating that data to the network.

The NSA says that those who want to prevent location data collection from their devices can follow these mitigation measures to limit their exposure:

Disable location services settings from the device.
Disable radios when they are not actively in use: disable Bluetooth and turn off Wi-Fi if you are not using it. Use Airplane Mode when your mobile device is not in use. Ensure Bluetooth and Wi-Fi are disabled when Airplane Mode is engaged.
Applications should be given as few permissions as possible.
Turn off settings (typically known as Find My Device settings) that allow a lost, stolen, or misplaced device to be tracked.
Minimize web-browsing on any computing devices connected to internet as much as possible, and set browser privacy/permission location settings to not allow location data usage.
Use Virtual Private Network (VPN) to help obscure location.
Minimize the amount of data with location info that is stored in the cloud, if possible.

U.S. Military and Intelligence Community staff taking part in critical missions that require going the extra mile to hide their location can take these additional measures:

Determine a non-sensitive location where computing devices with wireless capabilities can be secured prior to the start of any activities. They also ensures that the mission site cannot be predicted from this location.
Leave all devices with any wireless capabilities (including personal devices like mobile phone) at this non-sensitive location. Turning off your device may not be sufficient if a device has been compromised.
They use vehicles without built-in wireless communication capabilities for mission transportation, or turn off the capabilities, if possible.

Does this article being helpful to you? Let us know your thoughts in the comments section and share it with us on Facebook, Twitter, or our LinkedIn Group.


Previous Post Next Post