We’ve seen a number of high-profile examples of how manufacturers track devices in recent months.
When Russian soldiers stole $5 million worth of Ukrainian agricultural equipment from Melitopol, they transported everything to Chechnya, only to realise they couldn’t turn anything on. American manufacturer, John Deere, had tracked the equipment via GPS and issued a remote shut down order.
There’s also the case of the Ukrainian man who observed Russian troop movements after soldiers stole his Apple AirPods and he used the “find my” option to track the thieves.
These are fascinating examples of what remote tracking can do. But there’s a darker side, too, to tracking. How do you know what data your tech is collecting and sending about you (and to whom)?
This is a subject that Laimonas Krivickas, Director of Zenitech in Lithuania, spoke about with cybersecurity expert, Dr T Bakšys, for a series of media articles in Lithuania.
Tracking
All mobile devices can be tracked via GPS and mobile signal when you make calls, as they ping local comms towers. The only way to prevent your device sending out information about its location is if it is in flight mode, or has no mobile connection. ‘Find My’ technology uses Bluetooth technology and GPS signals to send location information to nearby devices, which is then transmitted to servers so you can track a missing device.
There are some things you can do, though, to protect yourself if you don’t want your data or location to be tracked.
How can users protect themselves?
- Pay attention to your device manufacturer’s reputation. How does it deal with cyber and information security issues? Is there anything it has done in the past to causes concern? Apple, for example, has put data protection measures in place to ensure malicious actors don’t exploit its ‘find my’ service.
- Keep your devices updated. Always install the latest updates and follow the manufacturer’s recommendations.
- Where is your data being sent and processed? Does your data stay in Europe (which is covered by GDPR) or another area with strict data protection laws? There have been instances where data has been sent to third-parties outside of GDPR countries, even when the user is within a GDPR area. Always check the manufacturer and country of origin of the app and the terms of use before installing it.
The cybersecurity threat
It can be difficult to spot when your data is used against you; for example if it is sent to a third party, or even used to control an application and allow its use for malicious activity.
When Russia launched a cyberattack an hour before it invaded Ukraine, including on wind turbines, it impacted multiple countries.
Dr T Bakšys, a cyber security expert in Lithuania, says the greatest risks are posed by un-updated equipment management systems, unchanged factory login passwords, poorly managed remote login policies, and possible large-scale disinformation attacks. All these are things that can be addressed.
This is reflected in what we’re seeing at Zenitech, as organisations are paying increased attention to the security of their infrastructure resources, getting additional system monitoring in place and adding more attack detection elements.
We’re also seeing more inquiries about secure telework solutions like (video teleconferencing platforms, VPN and user management), security of cloud services (WAF, Multi-Cloud, High Availability, etc.), and complex system security audit services.
For full coverage of this story, read it in the original Lithuanian here
