This post was originally published on September 2, 2020.
You couldn’t make this up if you tried.
The National Security Agency (NSA)—yes, the same organization that started a massive illegal surveillance operation on U.S. residents since at least 2001—has issued a set of guidelines to educate the public on the dangers of in-built location tracking in mobile phones and ways to mitigate them.
Lest we forget, it was the NSA that intercepted Americans’ phone calls and internet communications for years. In 2017, the NSA collected data from over 534 million phone calls and text messages, and it’s widely acknowledged that the agency was able to directly access the data of tech companies like Facebook and Google under the PRISM program.
Now, however, the NSA wants you to guard your personal details.
[Get the latest privacy news. Sign up for the ExpressVPN blog newsletter.]
The risks are out there, says the NSA
The NSA’s document “Limiting Location Data Exposure” states that “location data can be extremely valuable and must be protected.” It goes on to say that merely powering on a mobile device will expose location data; that’s because SIM cards will aim to connect to a network at all times, and providers are able to aggregate real-time location information if they so wish.
Malicious hackers can also set up rogue base stations that imitate legitimate cellular networks. Devices in the area may confuse it for a trusted network and attempt to connect to it, giving the perpetrators unfettered access to your data, states the NSA.
Oh, the irony.
The list of possible risks goes on. The NSA adds that anything that sends and receives wireless signals has location tracking risks similar to those in mobile devices. These include fitness trackers, smart watches, smart medical devices, Internet of Things (IoT) devices, and built-in vehicle communications such as Android Auto and Apple CarPlay. Wi-Fi enabled smart devices such as home security cameras and lightbulbs can also fall under this category.
Here’s how the NSA thinks you should protect yourself
In its advisory to the public, the NSA says you should do the following things:
- Disable location services on your devices
- Turn off Wi-Fi when not in use
- Put the device in airplane mode when not in use
- Give apps the minimum amount of permissions they need to function
- Don’t use apps that rely on location services
- Toggle privacy settings to limit ad tracking
- Turn off Find My Device settings
- Use a VPN
This is good advice, but also check out our suggestions.
Comments
Twenty years ago I was a security consultant; hospitals and govt entities were our major clients. Our clients would call in one of the big consultancies like Arthur Andersen, who in turn would call in my firm, to do security audits, etc. Because of the time length I feel it’s ok to share the following. The big firms that called us in ignored most of our recommendations because they felt it would make them look bad to the clients. This included not changing default application passwords, and other equally serious matters. Once, a year later, I checked and the default password had not been changed. To insure my firm would be called in for future work by the big name firms, I was told to let the matter rest.
CTO’s need to know that this happens. Not just with hospitals who handle patient records but even more serious situations. They need to tell their Arthur Andersen, E&Y etc site manager that they demand full and complete reports of vulnerabilities. If I were still in that business I’d definitely recommend ExpressVPN, especially if it can be integrated with a RADIUS/Keyfob or Biometric system.
You hear about these big breaches. I can almost guarantee you that the weakness was known about before the breach, but for one reason or another it wasn’t fixed. The IT staff didn’t want to be embarrassed, no fast track change management system for handling security patch installation into production existed, etc. Note that people using cloud based apps does not address this matter. It’s a common saying that the human element is the weak link when it comes to security. This is true, but truth of this statement is much more profound than people know.
hola
Hola! ¿Cómo estás?
YouTube in China can not upgrade to the full screen… what a stupid idea to let me look about 40 seconds an not let me see what i want!! It is such a stupid country behavior of Google