Surveillance
Last updated
Last updated
There is a new term coined by the University of Washington called ADINT which shows how anyone can track what apps an employee uses and where they have been—for just $1,000—and can be used for social engineering attacks.
A team of computer science engineers at UW learned that obtaining an employee's smartphone’s mobile advertising identification, known as a MAID, would open the door to all the information advertisers use to serve promotional materials. The study is titled "Using Ad Targeting for Surveillance on a Budget."
The attacks could use data like an employee's personal interests, dating habits, religion, health conditions, political status, the apps they use and possibly, even more.
It’s also disturbingly easy for the bad guys to learn a user's MAID. They can simply gain access to a Wi-Fi router or eavesdrop on an unsecure Wi-Fi network.
MAID lets advertising companies and others with your MAID track your movements. Once the MAID is obtained, criminal hackers would offer the user malicious ads based on their location, compromising the mobile device.
Using 10 Android phones, the UW team created a banner ad and purchased specific criteria to sell it against, such as in what apps the ads appear.
This kind of advertising is often how free apps make a profit. Some services urge users to provide location data they can then sell to advertisers. Snapchat’s privacy policy, for example, says your location is used for “ad targeting and measurement, including through the use of your precise location data.”
Importantly, the target does not have to click on or engage with the ad -- the purchaser can see where ads are being served and use that information to track the target through space. In the team's experiments, they were able to pinpoint a person's location within about 8 meters, just over 20 feet.
Bad guys can use your smartphone to target you and find out where you physically are. Here are three steps you can take to protect yourself:
Do not grant location access to any apps unless 100% necessary.
Try keeping your mobile data safe by browsing only on protected Wi-Fi networks to limit the amount of confidential data you release.
Do not click on any ad banners that are being displayed on your phone. It is very hard to know if these banners are malicious or not.