{"id":629,"date":"2009-02-04T15:04:53","date_gmt":"2009-02-04T23:04:53","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=629"},"modified":"2009-02-04T15:06:01","modified_gmt":"2009-02-04T23:06:01","slug":"security-review-google-latitude-tracking-friends-on-google-maps","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/02\/04\/security-review-google-latitude-tracking-friends-on-google-maps\/","title":{"rendered":"Security Review: Google Latitude, tracking friends on Google Maps"},"content":{"rendered":"<p><span> A recent article on slashdot purports that Google will soon release new software, dubbed &#8216;Latitude&#8217; enabling users to broadcast their geographic location via Google Maps.\u00a0 This information can be gathered either from mobile phones, via GPS or local cell phone towers, or from laptop computers, via WIFI access points.\u00a0 Once the data is uploaded, users can decide with whom to share their location, and to those lucky few their location is shown as an icon with their chosen picture on top of a Google Map display.\u00a0 The initial release will support Blackberry, Android, and Windows Mobile phones, with likely updates to include iPhones and iPod touches.<\/span><\/p>\n<p><span><span> <\/span>Google has long had the ability to locate its users, a function predominantly featured on the iPhone.\u00a0 What distinguishes &#8216;Latitude&#8217;, however, is the ability to take this information and share it with others.\u00a0 Location data will thus have to be stored on Google&#8217;s servers, in order for others to access that information and display it on their screens.\u00a0\u00a0 Obviously this generates numerable privacy concerns, however Google attempts to address these by claiming the feature will be limited in that it will only display information to other people the user chooses, and that it can be easily disabled at any time.\u00a0 Google also claims that the company will not collect a large database of geographic information, and the only location data stored on the servers will be the most recent location uploaded.<\/span><br \/>\n<!--more--><br \/>\nAsset\/Security Goal<\/p>\n<ul>\n<li>The system must ensure that a users privacy is not violated by disseminating their location data to unintended parties.\u00a0 Wherever the geographic data is stored it must be protected such that only those with allowed access can read it.\u00a0 Google staff should also be restricted from this information.<\/li>\n<li>Another asset of the system is the actual location data itself, and its accuracy.\u00a0 Given that this location data is valuable to users, the system must also ensure that it cannot be corrupted, or altered by malicious users.<\/li>\n<\/ul>\n<p>Adversaries<\/p>\n<ul>\n<li>The most obvious adversary to this system is a dark and mysterious stranger, whom the user does not want to share information with, yet somehow comes the entity still gains access to it.\u00a0 This party could then use this information to cause direct harm to the user.<\/li>\n<li>Another less obvious adversary is Google themselves, or a similar company with the ability to mine this information.\u00a0 This party could create a large database of a persons geographic locations over time and sell this information to the highest bidder.<\/li>\n<\/ul>\n<p>Weaknesses<\/p>\n<ul>\n<li>A malicious user could use the system to look up geographic data for another user, and then proceed to locate the user and cause physical harm to that person.\u00a0 Notice that this attack could happen by&#8221;friends&#8221; who have free access to each others data, or by a dark and scary &#8220;hacker&#8221; who infiltrates the system and looks up data it has no right to.<\/li>\n<li>Another weakness could be if a company farms this information, and creates a database of users and their movement patterns.\u00a0 This company could then sell this data, to either the dark and scary malicious user previously described, or to an even darker and scarier advertising company.<\/li>\n<\/ul>\n<p>Defenses<\/p>\n<ul>\n<li>Obviously Google should do its best to encrypt the data, and store it in as secure locations as possible to prevent data leakage.\u00a0 Furthermore, to reduce the potential damage of an information leak, Google could store less precise locations, so a malicious user could not pinpoint exactly where a potential victim is at any time.<\/li>\n<li>Google should delete old location data as soon as new data is received, making it less likely for large records to leak to other parties.\u00a0 This does not prevent trusted parties, friends one willingly shares information with, from creating their own databases.\u00a0 To reduce these risks a user should be careful whom they share data with.<\/li>\n<\/ul>\n<p>Social networking sites have proven that people are willing share large volumes of personal information at great risk to their personal privacy.\u00a0 Google could work day and night to make &#8216;Latitude&#8217; as secure as possible from random attackers attempting to steal private information, but this would do nothing to protect careless users who share information with too many.\u00a0 Ultimately users probably face the greatest risk from the friends they choose to share location data with, rather than unknown strangers.\u00a0 Users should also mind their privacy from Google itself.\u00a0 I believe that ultimately this technology will follow the facebook model, and be stored in large databases and used for advertising purposes; the data is simply far too valuable to let slip away.\u00a0 If this tool becomes popular, I expect to see slowly more and more features be added, and consequently more and more opportunities for users to relinquish their privacy.<\/p>\n<p>Link: http:\/\/www.foxnews.com\/story\/0,2933,487629,00.html<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A recent article on slashdot purports that Google will soon release new software, dubbed &#8216;Latitude&#8217; enabling users to broadcast their geographic location via Google Maps.\u00a0 This information can be gathered either from mobile phones, via GPS or local cell phone &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2009\/02\/04\/security-review-google-latitude-tracking-friends-on-google-maps\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":86,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,9,5],"tags":[113,175,176],"class_list":["post-629","post","type-post","status-publish","format-standard","hentry","category-physicalsecurity","category-privacy","category-security-reviews","tag-google","tag-latitude","tag-maps"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/629","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/86"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=629"}],"version-history":[{"count":4,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/629\/revisions"}],"predecessor-version":[{"id":632,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/629\/revisions\/632"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=629"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=629"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}