Experts at security testing specialist NGS Secure, a NCC Group company, have warned users of location-based social networking applications such as Foursquare, and the recently launched Facebook Places, that fraudsters can use their location updates to engineer theft.
Foursquare is a mobile application that allows users to alert fellow networked participants of their location and gain rewards for reviewing businesses that they visit. In response to the success of Foursquare – which has gained approximately three million users since its launch in March 2009, and has attracted celebrity users such as Arnold Schwarznegger and Demi Moore – Facebook launched its Places application in the UK on 17 September. Places allows users to share where they are, what they are doing and who they are with, with their Facebook friends.
While many experts believe that the technology will see slow rates of adoption in the UK due to privacy concerns, security experts at NGS Secure have moved to highlight the security threats inherent in the location-based social media model.
Paul Vlissidis, technical director at NGS Secure, said: “This latest movement in social media presents very obvious security risks that chart the further convergence of logical and physical security. We have already seen victims claim that burglaries occurred through them announcing holiday plans on Facebook. Now users are actually telling their network exactly where they are on a regular basis – a dream come true for opportunist criminals.
“It is well known that cyber criminals garner various pieces of contact information, including addresses of individuals, through social networking accounts and other websites. Via dummy accounts, these criminals can befriend individuals on location-based social media networks and target their home or property for theft when a user ‘checks in’ to the social network.
The largest players in social location, Facebook and Foursquare, require users to explicitly request to ‘check in’ at their locations. However, some iPhone apps developed for Foursquare, such as Checkmate and Future Checkin, track users’ positions constantly.
Vlissidis continued: “Many smaller iPhone apps continuously track users’ location without requesting permission on each occasion. In turn, by allowing background location tracking and subsequently forgetting that it is in use or misunderstanding permission settings, users could be unwittingly publishing their location information constantly, potentially allow people to track their movements throughout the day.
“This could have implications in the workplace, particularly for individuals that are found to be not where they say they are during working hours.”
Vlissidis also warned that as location tracking arrives on existing social networks, as it has with Facebook, users will find it increasingly difficult to track who has access to their location updates. He commented: “It will become increasingly difficult for users to gauge who has access to their location information without deleting long-term accounts and creating new profiles. For example, most Facebook users have hundreds of friends, many of which they may never have met.”
“We advise all users of location-based social media to only connect with individuals that they know and trust. Ideally, they should be able to check that it is the individual that they believe it to be via telephone or email. In addition, as with all social media, users should ensure that they opt for the highest-level privacy settings to avoid falling victim to fraud.”