Location tracking: Risks from location data

24. April, 2023

Not only mobile phones, apps and GPS trackers use GPS services. Wireless networks and a variety of online services also collect location data. Even a click on a link can reveal a user’s location.

In the simplest case, location data is used for personalised advertising or location-specific services. However, the historical analysis of data and current behaviour sometimes harbours personal or sensitive information. These can unintentionally provide deep insights into private lives or business processes and can create a very accurate picture of a person in the long term. Because even anonymised movement profiles make it possible to identify individual persons, location data is usually counted as personal data. [1]

Where and how GPS data is collected

Besides the first suspect – smartphones and tablets – many other devices and institutions can collect and share location data, for example to enrich other data with it. Even anonymised, these records could have adverse consequences: in 2017, for example, user data from fitness trackers also revealed information about the locations and occupation of military bases and spy outposts around the world. [2]

Devices and services that collect location data:

  • Wearables such as fitness trackers, bike computers and smartwatches (even without direct internet access)
  • Navigation systems in vehicles from bicycles to aeroplanes
  • Cameras and on-board computers in vehicles that can collect movement profiles and user information
  • IoT devices such as surveillance cameras, solar inverters or smart home devices and access systems
  • Infrastructure facilities such as mobile telephony, traffic monitoring and WLAN networks
  • Services that actively or passively request, collect and centrally process information about the environment of the end device

All these devices and services offer a multitude of possibilities to combine different data and create frighteningly accurate movement and behaviour profiles from it. [3]

What are the risks of collecting location data for private individuals?

Even individual data records can reveal exactly when you leave your home and what your working hours and leisure activities are like. Regular whereabouts can also provide information on shopping preferences, marital status, or other interests.

In the wrong hands, this can have negative consequences, for example, for credit approval, job selection or even for insurance premiums or other risk surcharges.

What are the dangers of location tracking for businesses?

Location data reveals a great deal about internal processes: through movement and frequency, for example, customer movements, order situations and locations can be determined. Supply chains and partner structures can also be traced based on movement patterns. It is also conceivable to draw conclusions about business secrets or development plans.

Furthermore, the location data of individual persons or devices can enable or facilitate targeted cyber-attacks.

Prevent location tracking

It is usually difficult to completely prevent the tracking of location data if devices or services with corresponding functions are used. However, with a few simple steps, the exposure of data can be significantly limited.

  • Disable location features on your device or restrict apps’ access to your location data to the moment of use.
  • Check the privacy policies of apps or devices before purchasing or using them. Pay particular attention to how they collect, store and share your location data. Some apps that have been criticised in the past for privacy issues include Facebook, Tiktok, WhatsApp and Zoom.
  • Do not use public Wi-Fi networks or unsecured connections when performing sensitive activities, such as online banking or sending sensitive emails.
  • Use a VPN connection to disguise your location data and other data and better protect your privacy.
  • Delete your location data regularly and disable location tracking of apps or devices when not needed.
  • Avoid sharing location data on social media or public online platforms.

These points represent only a compact excerpt of the most important points for protecting their privacy. We recommend keeping up to date with the latest data protection practices and threats on a regular basis to be able to take appropriate action.

Actively raising awareness and sensitising others is the first step to protecting sensitive data. Pay attention to which services request location data and whether it is necessary for service delivery. If your company collects location data itself or analyses it, be sure to observe the principle of data economy and take correspondingly high security measures to protect against data loss and misuse.

Sources:
[1] https://www.datenschutz.org/standortdaten/ (German)
[2] https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases
[3] https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF

Red Teams, Blue Teams, Purple Teaming

Living Off the Land attacks

MSSP of the Year 2024

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download