Commenting on the ICO’s call for a rethink on location privacy, geo-location tagging security issues are likely to be a major issue in 2012 – and that many users of smartphones are unaware of the potentially serious security consequences of their use of the technology.
Now that most smartphones have native GPS/satnav features, the default setting for most pictures – and videos – taken with these devices is to embed the GPS co-ordinates along with the date and time that the image was taken.
And when smartphones upload these images to the Internet – to portals such Facebook or Flickr – there’s a strong chance they will also upload the GPS data as well. This information could be subsequently misused by third parties, perhaps for stalking purposes, or even cybercrime.
As Jonathan Bamford, the ICO’s head of strategic liaison said at a conference earlier this month, since most human activities online have a location aspect, this brings both opportunities and significant risks.
Cybercriminals are now starting to crowdsource information that is available on the Internet – using open source software such as Maltego – and then tying in geo-location data from photos.
Then, he says, you also have sites such as Youhavedownloaded.com – an open source data site that lists the IP addresses of around 20 per cent of files that have been shared across the Internet.
So far, Suren Ter-Saakov – the Russian IT expert behind the portal – claims to have crowdsourced around 50 million unique IP addresses that have file-shared all manner of music, video and software files.
And when you start to tie all this information together – related photo information, the GPS coordinates of where an image or video was taken, and the IP addresses of users – you start to assemble a pastiche of the user.
From this data, you then can begin to assemble a profile of the user and what their habits are. This is why geo-location data is potentially so dangerous, as it can be used to bolster other information that is available on the Internet, and which can readily be assembled using software like Maltego.
From there it’s a relatively easy step to perform a highly targeted phishing or similar type of attack on the individual – using information about their location, their interests and other data derived from, say, their Facebook profile.
As the ICO’s Jonathan Bamford says, geo-location brings with it many new opportunities, but there are – as we can confirm – significant dangers associated with this pool of information. And no matter how many times the experts say it, this type of information is not as anonymous as you might think.