Could location based Apps put your physical security at risk?
When Cyber Threats Turn Physical
What if your next carpooling ride-share wasn’t just a random passenger? What if that person already knew exactly where you’d be and at what time?
Today, people all over the world are using ride-sharing services like Uber and Lyft that make commuting a breeze, they use Apps to track their performance when they go running or a bike ride. Whether you use it as a means of transportation to the office each morning or for a night on the town, most of us opt for one of these apps over hailing a taxi.
But would we continue to trust these apps with this information if we knew that something as sensitive as our physical location could be compromised?
For some users, this is already the case.
4iQ’s monitors thousands of dark web sites, hacktivism forums, and black markets daily for stolen credentials and leaked personal information. We recently discovered accidental exposures from ride-share services in Mexico and India, leaving sensitive user data exposed in the deep and dark web, which is now most likely in the hands of cybercriminals. The company in India had customers download their contacts from their phones, adding more than 852,000 contacts with information exposed.
We have reached out to the affected companies letting them know they have a vulnerability.
This type of exposure represents a real shift from a cyberattack that presents an identity threat to a physical one. The idea that someone knows when you’re home or away is bad enough. But what if someone could use the information to share your next ride? The risks of abduction, kidnapping and ransom are frightening. In fact, the U.S. Department of State recently issued a warning to U.S. citizens about the risk of traveling to certain parts of Mexico due to the dangerous activities of criminal organizations in those areas.
Hackers who have access to this information can use it to track a user’s location in real-time, and look at trends in daily destinations to predict future trips. Having one’s travel habits in the hands of cybercriminals is extremely dangerous. And as more and more individuals start to use these applications, breaches like this represent a security risk we need to take extreme efforts to prevent.