Security Review: Google Latitude

By elenau at 6:01 pm on March 13, 2009Comments Off on Security Review: Google Latitude

Google Latitude is yet another product available by the well established makers of the Gmail internet based mail system. Latitude is a web based service, running in sync with a client side application Google Gears, which allows Google to pinpoint your exact coordinates in the world and then in turn display them to their Google Maps for you to see. As is the case with many of Google’s applications, this application functions on many different platforms including Windows, Windows Mobile, Android, iPhone, etc.
Latitude is able to detect your location via any means possible. This includes GPS, Wi-Fi access points and even cell towers. It does this by simply triangulating your position with any of these three resources it can. Once your position has been located this information is uploaded on your latitude account by Google and available to all whom you’ve opted to share your location with. This can pose potential security threats.

Assets

This application gives access to friends and potential adversaries to learn the valuable personal information. The goal is to maintain this information private – protect from potential attackers, leakage, and inappropriate use.

  • Location. Leaking the information regarding someone’s location creates a huge personal security thread. One could see this way where the target is at a given time. A robber could check if the target is far away from where his car is parked to break in, for example.
  • Daily routine. By monitoring the person for a while, one can reconstruct his schedule, and know where the person is expected to be at different time, and what he does. From here we can see that attacker could manipulate this data and determine with a high degree of accuracy what you will be doing at different parts of the day and can setup events even as maniacal as a car theft or something even more extreme like a mugging or home robbery.
  • Destinations. It could be hard to keep in mind that your personal information is potentially on somebody’s screen at all times. There might be the destinations that one could prefer to keep secret, but it would be revealed without person even realizing it. If one was at some point at the dentist’s office for 30 minutes it can be deduced that you maybe there for a simple cleaning vs. if he spent a good 2-3 hours it may indicate some more major work. Other information that one might not like to share can be learned: shopping at the sex-shop, going out to a gay club, being at somebody’s house late at night, and so on.

Adversaries

The information can be used to confront one on his locations throughout the day. Using this method it would be very easy for a person to identify that their spouse has been cheating on them, or for a parent to know when their child has seemingly lied about where they intend to spend the night.

  • Friends/family. Friends, family and whoever else one might decide to give access to can see where he is at all times of the day. People might not realize sometimes, that even though they don’t mind allowing their friends to see their location, this could result in some other people also gaining access to information. For example, one gives access to his friend, but his friend has a roommate who he shares a computer with. Also the friend does not usually log off his account. This way, his roommate can see the information he was not supposed to have access to.If the roommate is also malicious it makes the situation even more unfortunate. Also, if a friend is not as friendly as it seems, he might decide to use the information regarding personal location against the account holder.
  • Stalkers. The application is an incredibly useful tool for stalkers, because this way they can learn where to find the person, and what the person does.
  • Thieves. The robbery can be planned out basing on the information learned from the Google Latitude. For example, people can make sure that nobody is home to break in.

Weaknesses

There are some many inherent by design flaws in this system. For starters users do not have to necessarily be entrusted with this information to get a hold of it.

  • Insiders to the company. People that have access to see other’s profile could use/leak the information even if against company’s policy.
  • Internet security. Weak passwords, cookies, etc. Even though one can chose not to give somebody access to use the application to identify the location of the person, this parameters can be changed without person even realizing it. Internet security is not perfect. People are often able to gain access of restricted web pages, and other information that is intended to be protected.
  • Invisibility. One person might not even be intending to use the application, and not want to share it with anybody at all. It’s enough for an attacker to know the username and password of the person, to unnoticeably set up the tool, and add himself/others to trusted circle. All the notifications about this set up could be deleted right away, and future notifications turned off. This way the owner of the account might not find out for a long time, that somebody is capable of tracking them down.
  • Awareness of potential consequences. Many times people are not even aware that they are giving out such sensitive information or have not thought through the consequences of it. Since they may not realize the impact of this information they might be more susceptible to sharing it with people that should not have these privileges. User awareness is a growing issue not only with features such as latitude but also with many different tools and online services that are used today.
  • Possibility of social attacks. There are some inherent by design flaws in this system. For starters users do not have to necessarily be entrusted with this information to get a hold of it. If there is a person you know who has access to the information it most likely wouldn’t take much to get your hands on it.

Defenses

  • Automatic log outs if the user has not been actively using the system for a certain time. In addition, automatic log outs if the application notices anything suspicious, such that somebody inquiring about a person too often. Also require a person an extra step to login to Google Latitude, to display the location to friends.
  • Increase of personal awareness. Such as application warning every time a new person is added in the trusted circle, and maybe an e-mail about this change. Turning off or disabling the service is foremost most effective way to defend yourself against potential malicious intentions. Limiting your trusted friends to a minimum and communicating to them clearly that they should not give anyone the information about you that you have shared with them.
  • Provide statistics. For self check, users could see statistics on how often other people look him up, for example. This way user could have a chance to identify or notice if anything suspicious was going on.
  • Advanced setting to dynamically disable the service, or not inform certain people if you enter a specified zone, which is set to private. For example, since you know that you have a sensitive routing in the morning you may opt to have the service be off, and turn on after you’ve returned to your save public locations, so that your friends have a way to easily find you, only when it does not disclose any private/secret information.

Evaluation and Conclusion

The risks although seem so minor really dependent on a case by case basis. It’s one thing for Joe the plumber to have Latitude running on their mobile phone or laptop vs. the Chief of Staff or better yet the President of the United States. In these situations their security is only as good as the security of the service itself. Since nothing is bullet proof it is possible for people to invade this private information and use it for their own private gain. As technology evolves more and more we will always continue to worry about its security and vulnerabilities.
Nonetheless, there will always be risks involved with the system no matter what you do to protect or for any precautions that you take, you most likely will slip up at one point. The service as a whole has good intentions to allow your friends and family to maintain awareness of your locations at all times for everyone’s convenience including your own. As opposed to sending messages or mail to 15 people every 30 minutes informing them of your location, those 15 people need only open a URL and look at a map. The real weakness of this system isn’t so much the system itself but the human element that interacts with the system.

Filed under: Privacy,Security ReviewsComments Off on Security Review: Google Latitude

Comments are closed.