FACULTY OF COMPUTER AND MATHEMATICAL SCIENCES

DIPLOMA IN MATHEMATICAL SCIENCES

EVALUATIVE COMMENTARY (ELC 231)

BEWARE OF FIND-MY-PHONE, WI-FI, AND BLUETOOTH, NSA TELLS

MOBILE USERS.

MEMBERS (CS143) :

NO. NAME ID NO.

1. MIRA 2019******
2. NUR 2019******

LECTURER:
AWATIF

DUE DATE:
19 JANUARY 2021
The article argues that we have to beware of our location data leaks. The article was
published on Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users | Ars
Technica by Dan Goodin. The author’s tone is concerned about our privacy and location data
by the applications whenever we do not use the mobile phone.

Firstly, the author has stated in the article regarding the issue is to be cautious whenever the
cellular services are turned off, because the tracking still happens. Since the third parties
connected to the internet, can find out someone's information by simply opening Wi-Fi and
Bluetooth. There is a company that can track or sell the customer’s location that is named
LocationSmart, which has been collected by the main cellular carrier cell tower for $300.

Secondly, we should not follow the recommendations as something close to absolute

protection even though the recommendations are a “good start”. Recommendations
sometimes provide functionality and security for users, but as long as the phone is connected
to cell towers, it still can hack and reveal our location. Especially for the first-time users will
allow the app to receive location data that is recommended by the applications which access
will happen.

Lastly, we must be alerted to the leakage of location data through Internet-of-things devices
and wearable devices such as fitness devices and car navigation systems. Also, sharing
location on social media should be limited as it is effective in ensuring personal safety.
Especially for military personnel and contractors, who will have a high risk if they indicate
their location.

However, this article stated that the geolocation functions are important for mobile
communications and enabled by design. But also admit that the protections are not realistic
for most users. Since there are only a few items that involve fine-grained positions to function
at all such as mapping, location monitoring for lost or stolen phones, instantly linking to Wi-
Fi networks, and fitness trackers and applications.

In our opinion, we fully agree with the author. Although some applications have a lot of
advantages, they do have disadvantages. If we are not careful, we will be in a high-risk
situation. For instance, the criminal will be able to track us any time and use the opportunity
to do something such as steal, kidnap, or rob without us realizing it. Therefore, we need to
follow what has been suggested from the article to reduce the risk.

In conclusion, as we all know, now all the things are sophisticated, and many people are
smart in doing something evil with ease such as hacking about our location data or privacy.
So, we as netizens need to be careful in the use of mobile phones and only use when needed
to avoid any unwanted things. Thus, we believe that this article can provide lessons and
information to those who are not aware of the dangers if they do not turn off the services and
can help to prevent any risk.
Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users.

And don't forget to limit ad tracking. Advisory contains a host of recommendations.

Dan Goodin - 8/5/2020, 5:09 AM

The National Security Agency is recommending that some government workers and people
generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever
those services are not needed, as well as limit location data usage by apps.

“Location data can be extremely valuable and must be protected,” an advisory published on
Tuesday stated. “It can reveal details about the number of users in a location, user and supply
movements, daily routines (user and organizational), and can expose otherwise unknown
associations between users and locations.”

NSA officials acknowledged that geolocation functions are enabled by design and are
essential to mobile communications. The officials also admit that the recommended
safeguards are impractical for most users. Mapping, location tracking of lost or stolen phones,
automatically connecting to Wi-Fi networks, and fitness trackers and apps are just a few of
the things that require fine-grained locations to work at all.

The cost of convenience.

But these features come at a cost. Adversaries may be able to tap into location data that app
developers, advertising services, and other third parties receive from apps and then store in
massive databases. Adversaries may also subscribe to services such as those offered by
Securus and LocationSmart, two services that The New York Times and KrebsOnSecurity
documented, respectively. Both companies either tracked or sold locations of customers
collected by the cell towers of major cellular carriers.

Not only did LocationSmart leak this data to anyone who knew a simple trick for exploiting a
common class of website bug, but a Vice reporter was able to obtain the real-time location of
a phone by paying $300 to a different service. The New York Times also published this
sobering feature outlining services that use mobile location data to track the histories of
millions of people over extended periods.

The advisory also warns that tracking often happens even when cellular service is turned off,
since both Wi-Fi and Bluetooth can also track locations and beam them to third parties
connected to the Internet or with a sensor that’s within radio range.

Mobile phone use means being tracked.

Patrick Wardle, a macOS and iOS security expert and a former hacker for the NSA, said the
recommendations are a “great start” but that people who follow the recommendations
shouldn’t consider them anything close to absolute protection.

“As long as your phone is connecting to cell towers, which it has to in order to use the cell
network... AFAIK that’s going to reveal your location,” Wardle, who is a security researcher
at the macOS and iOS enterprise management firm Jamf, told me. “It, as always, is a tradeoff
between functionality/usability and security, but basically if you use a phone, assume that
you can be tracked.”

He said that recent versions of iOS make it easy to follow many of the recommendations. The
first time users open an app, they get a prompt asking if they want the app to receive location
data. If the user says yes, the access can only happen when the app is open. That prevents
apps from collecting data in the background over extended periods of time. iOS also does a
good job of randomizing MAC addresses that, when static, provide a unique identifier for
each device.

More recent versions of Android also allow the same location permissions and, when running
on specific hardware (which usually come at a premium cost), also randomize MAC
addresses.

Both OSes require users to manually turn off ad personalization and reset advertising IDs. In
iOS, people can do this in Settings > Privacy > Advertising. The slider for Limit Ad Tracking
should be turned on. Just below the slider is the Reset Advertising Identifier. Press it and
choose Reset Identifier. While in the Privacy section, users should review which apps have
access to location data. Make sure as few apps as possible have access.

Change some settings.

In Android 10, users can limit ad tracking and reset advertising IDs by going to Settings >
Privacy and clicking Ads. Both the Reset Advertising ID and Opt Out of Ads personalization
are there. To review which apps have access to location data, go to Settings > Apps &
notifications > Advanced > Permission Manager > Location. Android allows apps to collect
data continuously or only when in use. Allow only apps that truly require location data to
have access, and then try to limit that access to only when in use.

Tuesday’s advisory also recommends people limit sharing location information in social
media and remote metadata showing sensitive locations before posting pictures. The NSA
also warns about location data being leaked by car navigation systems, wearable devices such
as fitness devices, and Internet-of-things devices.

The advice is aimed primarily at military personnel and contractors whose location data may
compromise operations or put them at personal risk. But the information can be useful to
others, as long as they consider their threat model and weigh the acceptable risks versus the
benefits of various settings.