Location services: The security risks of oversharing
The vulnerability of Web applications and the sensitive nature of personal location information will prove a disasterous combination
Follow @infoworld
As soon as a new technology gets traction, smart criminals figure out a way to misapply it. And one of the hottest features in the mobile world, location awareness, is next in line for exploitation.
Services like Foursquare, Loopt, and Gowalla, which combine user-generated reviews with social networking, provide particularly attractive targets. The idea is to use your mobile device to let your followers know in real time what cool places you're patronizing and the excellent food you're eating. Stores and shop owners love it -- it's no-cost marketing in line with the current zeitgeist of user-driven info from people you trust.
[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
A new report from the company uTest points out the reliability and security/privacy concerns these applications raise. A contest involving 300 testers found close to 900 bugs in three leading location/check-in services. That's not surprising, given recent data on the Web application vulnerabilities.
In the report, 80 percent of the testers said that they were concerned about their privacy. They should be. As the recent iPad-related hack of AT&T shows, mobile devices are only as strong as their weakest link -- or their weakest partner's weakest link. The confluence of poorly protected Web apps and the goldmine of geolocation and personal information will be too rich to resist.
Here are some possible hacking or real-world crime scenarios in which data from Web-based platforms like Foursquare and Gowalla could play a part:
