Featured Post

Welcome to the Forensic Multimedia Analysis blog (formerly the Forensic Photoshop blog). With the latest developments in the analysis of m...

Tuesday, March 13, 2012

Is a badge on Foursquare worth your life?

This just in from the US Army: "There are a number of location-based social media applications and platforms, including Foursquare, Gowalla, SCVNGR, Shopkick, Loopt and Whrrl, currently on the market. They use GPS features, typically in the user's phone, to publish the person's location and offer rewards in the form of discounts, badges or points to encourage frequent check-ins.

Security risks for the military:

A deployed service member's situational awareness includes the world of social media. If a Soldier uploads a photo taken on his or her smartphone to Facebook, they could broadcast the exact location of their unit, said Steve Warren, deputy G2 for the Maneuver Center of Excellence, or MCoE.

"Today, in pretty much every single smartphone, there is built-in GPS," Warren said. "For every picture you take with that phone, it will automatically embed the latitude and longitude within the photograph."

Someone with the right software and the wrong motivation could download the photo and extract the coordinates from the metadata.

Warren cited a real-world example from 2007. When a new fleet of helicopters arrived with an aviation unit at a base in Iraq, some Soldiers took pictures on the flightline, he said. From the photos that were uploaded to the Internet, the enemy was able to determine the exact location of the helicopters inside the compound and conduct a mortar attack, destroying four of the AH-64 Apaches.

Staff Sgt. Dale Sweetnam, of the Online and Social Media Division, said geotagging is of particular concern for deployed Soldiers and those in transit to a mission.

"Ideally, Soldiers should always be aware of the dangers associated with geotagging regardless of where they are," he explained.

General hazards for family members:

While especially relevant for those in the military, cautions about geotagging extend to anyone who uses that feature.

Facebook is in the process of rolling out Timeline, a new layout that includes a map tab of all the locations a user has tagged.

"Timeline presents some unique security challenges for users who tag location to posts," Sweetnam said.

"Some of those individuals have hundreds of 'friends' they may never have actually met in person, he explained. "By looking at someone's map tab on Facebook, you can see everywhere they've tagged a location. You can see the restaurants they frequent, the gym they go to everyday, even the street they live on if they're tagging photos of their home. Honestly, it's pretty scary how much an acquaintance that becomes a Facebook 'friend' can find out about your routines and habits if you're always tagging location to your posts."

Most of the applications let people limit who can see their check-ins to friends or friends of friends.

"A good rule of thumb when using location-based social networking applications is do not become friends with someone if you haven't met them in person," Sweetnam said. "Make sure you're careful about who you let into your social media circle."

Even if there is nothing classified about an individual's location, a series of locations posted online over the course of a month can create a pattern that criminals can use.

"We live in a different world now," Warren said.

"If someone were going to get a hold of your phone, they could figure out a lot about who you are. It's like a beacon that's always out there communicating with towers and plotting your moves on a computer somewhere. Literally, if you don't turn off that feature on your phone people are going to be able to recreate your whole day."

Ways to stay safe:

"In operations security, we talk about the adversary," said Kent Grosshans, MCoE OPSEC officer. "The adversary could be a hacker, could be terrorists, could be criminals; someone who has an intent to cause harm. The adversary picks up on pieces of information to put the whole puzzle together."

Grosshans suggests disabling the geotagging feature on your phone and checking your security settings to see who you're sharing check-ins with.

"If your husband's deployed and you go ahead and start posting all these pictures that are geotagged, now not only does an individual know your husband's deployed and he's not at home, but they know where your house is," he said.

Ultimately, it's about weighing the risks.

"Do you really want everyone to know the exact location of your home or your children's school?" Sweetnam said. "Before adding a location to a photo, Soldiers really need to step back and ask themselves, 'Who really needs to know this location information?'"

Grosshans said it's as important to Soldiers as to family members.

"Be conscious of what information you're putting out there," he said. "Don't share information with strangers. Once it's out there, it's out there. There's no pulling it back."

Enjoy.

No comments: