Please note the "allow location Information Notification" for ESET smartphones.
This report re-edited the "security points that should be paid attention to in the setting of location information" published in the Cyber Security Intelligence Agency provided by Canon Marketing Japan.
Location information used by smartphones in various services. On the other hand, due to the abuse of this information, it is not only an invasion of privacy led by the specific nature of personal information, but also is in danger of being involved in dangerous crimes. In this article, the key points of protecting location information are explained, starting with the privacy-related risks related to location information.
Specific risks to personal information caused by all kinds of information in photos
In smart phones and network services, more and more people use location information. As a typical example, the map application not only displays the route to the destination based on the current location, but also tells us the recommended stores nearby. In addition, the charm and convenience of the service are also improving by combining location information such as travel book production services and games.
On the other hand, the danger of privacy invasion is also pointed out by processing location information in a way that users do not want. For example, posting pictures taken with a smartphone to social media is risky from the perspective of personal information protection. This is because, since the Exif information (or Exif tag) that automatically assigns the image contains the location and date and time of the photograph, it is possible to grasp the photographer's actions from an unspecified majority of people who read the contribution.
In recent social media and Frema apps, some of the location information is automatically deleted when uploaded. However, in order to protect privacy, it is not enough to rely solely on the functions of the application. In order to prevent harm, users need to confirm their own settings.
Even when there is no residual location information data in the Exif information, there are specific cases from the content taken in the photo to the personal information. In the case of shooting outdoor scenery, if two or more specialty restaurants, landmarks, historic sites and train vehicles are photographed, it is easy to guess where the photographer is. Furthermore, in places where the number of trams and buses is small, the shooting time can also be inferred by photographing these vehicles.
By improving the environment in which high-precision and large-capacity images can be easily shared, the convenience of users is reliably improved. On the other hand, in ways that have not been thought of so far, the user's personal information is being increased by specific circumstances.
Specifically, if it is a picture of your own home, there is a risk of using Google Maps to speculate about the location of your home, taking the buildings taken outside the window as a clue. If you look indoors, you may see emails and packages and read the addresses listed on the address. In addition, it can also lead to the specificity of personal information from things photographed on the subject's glasses or glass during selfies, address information posted on telephone poles, unique manholes only set in a specific area, and so on.
Many people share their photos with social media during travel. However, it should be recognized that such posts implicitly indicate that the user is not at home. In fact, there have been incidents in the past in which outsiders are identified and intruded into their homes through social media.
The location information of gadgets and IC cards is also targeted.
In recent years, gadgets for the active use of location information (small objects and accessories using digital technology) have been developed and used by more and more users. As a representative example, the smart tag of anti-loss tag can be given. An anti-loss label is a gadget that is carried as a keyring or affixed to an object in the shape of a sticker. In case it is suspected that the object is missing, you can issue an alarm through the application to get information about the current location, which is an advantage. As we all know, Apple's "AirTag" and "MAMORIO" for legal persons have been on sale since 2021.
However, it has also been pointed out that there is a privacy issue in preventing the loss of tags. Specifically, it is assumed that a third party mixes tags into the target luggage and misuses the tracking method. In the event of such damage, the exact address of your home may be known by malicious attackers.
Developers, led by Apple, have been beefing up security features, such as warning users when suspicious tags are detected. Measures to prevent hazards such as tracking are also being promoted.
Similarly, as an example of abusing gadgets containing location information and attempting to falsely use personal information, traffic IC cards such as Suica can also be cited. You can consider the method of giving the malicious user's own registration, issuance and recharge of the transportation system IC card to the target to read the action resume while recharging in the future.
People you meet on matching apps and social media may interact without knowing the other person's personal information in detail. If you can check the resume of the IC card, you can find out the frequent boarding stations and usage time, so you can also ambush each other for tracking. This means belongs to social engineering in a broad sense. Take advantage of human psychological loopholes and action mistakes, take a variety of means to collect information related to the goal.
Security measures to avoid privacy risks caused by location information
Personal location information is at risk of being targeted by malicious third parties. What security measures should users take to avoid this situation? The following five countermeasures are described in detail:
1) if you use a mobile application or network service that does not easily license the location information required by applications or smartphones, there are also a lot of sudden requests for access to location information. Because there is also something that collects information unnecessarily in the use of services, you want to avoid easily granting access. In smartphones, GPS functionality is limited in principle, only reliable applications are restricted, and enabled only during the use of that application.
2) pay close attention to the contribution content shared on online services and social media
As mentioned above, contributions on social media are accompanied by the risk of inadvertently disclosing a lot of personal information. When writing about weather, events, accidents and events in a particular area, you may guess the location. Keep in mind that there is a danger of determining the location of your home when you can identify photos of nearby scenery from home and submit contributions to nearby scenery.
When enjoying a social media post, be sure to confirm the public scope setting of the post. Try your best to limit the scope of disclosure only to acquaintances, and it is recommended that the old posts be kept private or deleted. For malicious users, the address and birthday can be determined based on the date and location information of the old post.
In addition, friends on social media asked for advice to admit only people they actually met. Even if contributions are limited to acquaintances, it makes no sense if there are malicious users who don't know each other.
3) the time limit for installing new applications is set as trusted developers
Although it is not limited to applications with location information, you need to confirm that it is a reliable application and developer when introducing a new application. Recently, there are also some dangerous applications called "tracking software". The tracking software has the functions of peeking calls, e-mails, photos, etc., and remotely operating smartphones. Even applications that do not have such a feature will add malicious features without their knowledge in future updates.
Many of these applications are suspicious enterprises of developers. When installing a new application, check the audit written to the application store, or check the developer's enterprise information.
4) organize applications regularly and delete unnecessary applications
Like tracking software, it is possible to unwittingly abuse personal information, so I hope applications that are no longer in use are used to being deleted over a period of time. Even if a useless application takes suspicious behavior for a period of time, it is not easy for users to perceive the change. Even if the application is not explicitly used, it is possible to set the access location information when the background starts.
In addition, tracking applications that abuse location information are sometimes installed when the user does not know it. In order to track behavior, there have been cases in the past in which lovers and acquaintances imported mobile phones without authorization during their absence. You want to organize your applications on a regular basis and limit your use to those you know.
5) install security software
In order to make safe and convenient use of location information, as mentioned above, appropriate countermeasures and attentive measures are needed. For users who feel uneasy about personal management alone, we would like to recommend the installation of security software.
For example, if an application such as ESET Mobile Security for Android smartphones is installed on a smartphone, an app that shows suspicious behavior will be detected and a warning will be issued as to whether it can be used. In addition, it also has functions such as protection from malware and advanced anti-theft, so it can improve the security of using mobile phone as a whole.
No matter what kind of security software is used, there is no complete thing, and it is the most important for the users' own security awareness. Not only location information, in order to protect their own important information, but also actively use tools that support security enhancement to raise awareness of privacy.