NSA Warns of Security Threats From Mobile Location Data and IoT Devices

The latest NSA report sheds light on how mobile device and IoT owners can mitigate the risks associated with sharing sensitive location data stored on their devices.

Mobile devices such as smartphones and tablets have become indispensable in our daily lives, and while many of them provide users with a wide range of benefits, downsides also exist.

Since mobile devices store and share geolocation data, any location exposure could pose a security threat to users if accessed by unauthorized parties. The NSA also notes that disabling location services on a device does not turn off GPS.

“Disabling location services only limits access to GPS and location data by apps. It does not prevent the operating system from using location data or communicating that data to the network,” the agency said.

However, the risks of being tracked through this type of information are not limited to cellphones.

“Anything that sends and receives wireless signals has location risks similar to mobile devices,” the NAS warns. “This includes, but is not limited to, fitness trackers, smartwatches, smart medical devices, Internet of Things (IoT) devices, and built-in vehicle communications.”

Quite often, household smart devices such as thermostats, lights and home security setups contain wireless capabilities that most users are unfamiliar with. “Such IoT devices can be difficult to secure, most have no way to turn off wireless features, and little, if any, security built in,” the report said.

“These security and privacy issues could result in these devices collecting and exposing sensitive location information about all devices that have come into range of the IoT devices. Geolocation information contained in data automatically synced to cloud accounts could also present a risk of location data exposure if the accounts or the servers where the accounts are located are compromised.”

The NSA has also issued some mitigations steps for users with location concerns:

• Disabling location services on the device
• Disabling radios when not in use and making sure that BT and WI-FI are disabled
• Setting privacy settings on apps such as maps, compasses, traffic apps, fitness apps, apps for finding local restaurants, and shopping apps to ensure they are not using or sharing location data
• Turning off settings such as Find My Device that allows devices to be tracked
• Using a VPN
• If possible, minimizing data with location information stored in the cloud