NSA Warns Mobile Users of Potential Location Data Breaches

NSA Warns Mobile Users of Potential Location Data Breaches
Mobile Data Breaches

The National Security Agency (NSA) has issued a guidance to help mobile device users prevent the unintended exposure of location data to malicious actors.

NSA said in the cybersecurity guidance that while mobile devices are designed to store and share geolocation information, users must also consider certain features that covertly share personal data through wireless signals, Bluetooth and GPS.

According to the agency, it is possible to obtain real-time location data and user information without consent through cellular networks. Past location data can also be used to predict future user actions, while websites can utilize “browser fingerprints” to mine data.

NSA noted that users should also be wary of their data being obtained even while cellular services are turned off. In addition, nonmobile platforms such as internet of things devices, vehicular communications technology, “smart home” products, apps and social media websites are also vulnerable to location data breaches, the notice states.

“Mitigations reduce, but do not eliminate, location tracking risks in mobile devices,” NSA said. “Most users rely on features disabled by such mitigations, making such safeguards impractical. Users should be aware of these risks and take action based on their specific situation and risk tolerance.” 

NSA's recommended actions include disabling location services in mobile devices and using airplane mode when the device is not in use.

Check Also


FireEye to Provide Cybersecurity Defenses to Texas DIR; Pat Sheridan Quoted

FireEye, Inc. has announced that it will offer cyber security defenses to Texas public sector agencies, under Texas Department of Information Resources (DIR), the company reported on Thursday. Through the end of 2020, FireEye security products and Mandiant Solutions services will be available to all Texas agencies, county governments, cities and school districts through DIR’s Bulk Purchase Initiative for Endpoint Detection and Response (EDR) solutions.