July 2016: Location Services: Can I Be Tracked Even if I Turn It Off?

Have you ever wondered how your phone always seems to know where you are to give you up-to-date weather forecasts for your location? How social media knows which pictures are from your vacation and not from your house? All of this information is gathered from location data gathered by your phone. This information, while helpful, can pose a potential threat to your information's security.

Location services utilize a number of different services on your mobile device to determine its location. These services can include which cell towers you are near, the GPS receiver in your mobile device, and sometimes even Wi-Fi and Bluetooth. One of the dangers with location services is that services like cellular data, Wi-Fi and Bluetooth provide information to their various receivers that uniquely identifies your mobile device. Many other dangers arise from your device's utilization of your location data. For example, almost all modern devices tag the pictures they take with Exchangeable Image File Format (EXIF) data. EXIF data includes the brand and type of camera used to take the picture, the date and time the picture was taken, and may also potentially contain the GPS coordinates where the picture was taken. This information is embedded in the picture, and may be available to anyone who has access to the file. EXIF data embedded in your weekly Instagram post of Sunday brunch could help someone determine your pattern of activity for Sundays.

Knowing your preferred brunch location can pose a larger danger to your information's security than may be immediately obvious. One of the less publicized ways of gathering information from a mobile device is possible if your location is known. To understand this type of information gathering technique, you first need to have a basic understanding of how cellular networks operate. To get phone calls, texts and emails, your phone is constantly talking to a cell tower. It is also constantly searching for the tower that will provide it the best signal and automatically routes its communication to the best tower in range. However, in addition to getting your phone calls from the cell tower, mobile devices also receive instructions from the tower. These instructions can be anything from "relay your call history" to "update to a different version of operating system." It is possible for someone with malicious intent to create a fake "cell tower" that they control that offers the best service in the area. Once their cell tower is offering the best service, mobile devices will automatically connect to it, allowing the attacker to gather the same information and issue the same commands as an official cell tower could.

The best way to avoid this type of attempt is to limit the amount of your location data that is publically available. If your Sunday brunch pattern is not available for someone to see, it is much more difficult to have a fake tower in place at the right time. 

In addition to limiting access to your location information, there are several other indicators of fake cell tower interference:

  • Your phone suddenly switches from 4G/LTE to 3G or even 2G in an area that has always offered good service.
  • Your battery is draining much faster than usual but you're not doing anything out of the ordinary.
  • You are in an area that normally has good service, but your service suddenly degrades and you can't place phone calls.

This post came in two parts! For more information about cellular location data, please read Part One and Part Two of the full Inspired eLearning Post