fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

NSA Offers Advice On How To Reduce Location Tracking Risks

NSA Offers Advice On How To Reduce Location Tracking Risks

NSA offers advice on how to reduce location tracking risks

The U.S. National Security Agency (NSA) today has published guidance on how to expose as little location information as possible while using mobile and IoT devices, social media, and mobile apps.

As the agency explains, protecting your geolocation data can be the difference between being tracked wherever you go or knowing that your location can’t be used to monitor your movements and daily routine.

“Location data can be extremely valuable and must be protected,” the NSA explains [PDF]. “It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.”

However, as the NSA adds, “[w]hile the guidance in this document may be useful to a wide range of users, it is intended primarily for NSS/DoD system users.”

Also read: Completed DPIA Example: 7 Simple Helpful Steps To Create

Location exposure risks

Devices like smartphones and tablets use a combination of methods to determine a user’s location including Global Positioning System (GPS) and wireless signals such as wireless Wi-Fi, cellular, and Bluetooth.

Disabling these radios can drastically reduce the exposed location data by blocking devices from sharing real-time geolocation information with cellular providers or rogue bases stations when powered on or during use.

This can also prevent threat actors from determining your device’s location with the help of wireless sniffers which calculate it based on signal strength.

However, even if disabled, when some device radios are re-enabled they may still transmit saved location information.

IoT devices also add to the location data exposure risks since they can store location information about other devices in their range, info that can later be exposed when accessed and viewed by unauthorized third-parties.

Using apps with permissions to use your location also increases the risk of exposing your geolocation data, just as photos with embedded location data shared on social media.

“Apps, even when installed using the approved app store, may collect, aggregate, and transmit information that exposes a user’s location,” the NSA adds.

“Geolocation information contained in data automatically synced to cloud accounts could also present a risk of location data exposure if the accounts or the servers where the accounts are located are compromised.

“Other examples of risk exist: websites use browser fingerprinting to harvest location information, and Wi-Fi access points and Bluetooth sensors can reveal location information.”

Mitigation measures to limit location exposure

Depending on the risk level of exposing their location that users are comfortable with, the NSA shared a number of measures that should lower the risk of exposing one’s location while using mobile devices and apps.

However, “[p]erhaps the most important thing to remember is that disabling location services on a mobile device does not turn off GPS, and does not significantly reduce the risk of location exposure,” the NSA explains.

“Disabling location services only limits access to GPS and location data by apps. It does not prevent the operating system from using location data or communicating that data to the network.”

The NSA says that those who want to prevent location data collection from their devices can take these mitigation measures to limit their exposure:• Disable location services settings on the device.
• Disable radios when they are not actively in use: disable BT and turn off Wi-Fi if these capabilities are not needed. Use Airplane Mode when the device is not in use. Ensure BT and Wi-Fi are disabled when Airplane Mode is engaged.
• Apps should be given as few permissions as possible.
• Disable advertising permissions to the greatest extent possible.
• Turn off settings (typically known as FindMy or Find My Device settings) that allow a lost, stolen, or misplaced device to be tracked.
• Minimize web-browsing on the device as much as possible, and set browser privacy/permission location settings to not allow location data usage.
• Use an anonymizing Virtual Private Network (VPN) to help obscure location.
• Minimize the amount of data with location information that is stored in the cloud, if possible.

U.S. Military and Intelligence Community staff taking part in critical missions that require going the extra mile to hide their location can take these additional measures:• Determine a non-sensitive location where devices with wireless capabilities can be secured prior to the start of any activities. Ensure that the mission site cannot be predicted from this location.
• Leave all devices with any wireless capabilities (including personal devices) at this non-sensitive location. Turning off the device may not be sufficient if a device has been compromised.
• For mission transportation, use vehicles without built-in wireless communication capabilities, or turn off the capabilities, if possible.

Last month, the security agency also published guidance on how to secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks.

Also read: Privacy policy template important tips for your business

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us