As devices become more connected to the Internet, so their ability to connect to social networks has increased. While location-based technology provides trend-setting social media services, the potential for its misuse potentially outweighs its usefulness.
This is the view of Stefan Tanase, senior security researcher at Kaspersky Lab's EEMEA global research and analysis team, who adds that location-based technology is the 'next big thing', creating a series of hot topics on a public timeline in the user's own city and area.
“The technology is in place, but the business or social use is still in the nascent stage of its development,” says Con Mallon, EMEA director for consumer product marketing at Symantec. He adds: “Social apps have picked up on it pretty fast, but we are still waiting to better understand the utility of geo-aware apps.”
Always watching
“I think this is an interesting area and we will have to see if privacy law is amended to take into account these geo-aware applications,” says Mallon.
He adds there is a very real threat to privacy. “People can always determine where you are. Now that can be a good thing if that's what you want, but not if you're not fully aware that it's happening, or if you have no control over who can see where you are.
“The obvious threat is that it allows criminal activity, as people can see whether you are at home or not and attempt a burglary. It also opens up the possibility of being able to stalk someone electronically.”
Tanase says this can also create an online threat. “Criminals usually seek personal data for identity theft. Providing location-based information gives them additional information to further recreate your persona.
“Before the advent of Web 2.0, criminals had a far more difficult time collecting information for their targeted attacks,” he says, adding that criminals were more reliant on social engineering to get personal information.
“But with social networks we see the trend of criminals being able to access publicly available information from the Internet - which gives them an edge.”
He adds that geo-location technologies are being used to fool people into accessing Web pages infected with malicious code. Criminals can use information from an IP address to locate where a user is, and tailor false articles based on their location to drive them through to sites where malicious code exploits vulnerabilities in their browser, he explains.
“Twitter and Facebook are usually more active and more open,” says Tanase, adding that there is a quick turnover of information with these regularly used sites. He explains that location information is always fresh. “This provides an opportunity for criminals to know where you are and act appropriately.”
Online awareness
“I think that people need to think carefully before they sign up for social apps that have geo-aware capabilities,” says Mallon.
Tanase agrees. “From a security point of view, these sites should not be enabled by default - otherwise you are exposed by default.” He adds there needs to be a level of user awareness when using these systems.
“Cyber criminals have their eyes on social networks that are open and have large user bases,” says Tanase. “The massive growth of these networks provides a wealth of targeting information, which is a goldmine for advertising networks.”
However, sites like 'please rob me' were designed to create awareness on the issue of posting location-based information on the Web. The site uses publically available information that has been posted on the Twitter social networking site, with the tagline: “everyone can get this information”.
The site highlights the fact that sharing one's location on the Internet provides a mechanism for criminals to focus on the location a user is not at: home.
The Web site uses information from Twitter based on the details people have provided about their location from Foursquare, Brightkite and other location-based services.
“I wouldn't specifically recommend creating Web sites that combine this type of information,” says Tanase. He likens it to the black hat approach, where information is released without the authorisation of the users.
“We need to continually analyse the way in which we create awareness, and not foster awareness through information sources that can immediately be used for wrong doing,” he concludes.
Share