Yesterday I recorded a podcast for The Malware Report with guest Ira Victor of Data Clone Labs Inc. Ira also co-hosts the radio show “The Cyber Jungle” which you can find at www.thecyberjungle.com. The podcast should be up in the next week or so.
During the show Ira mentioned the website http://www.PleaseRobMe.com. This site takes the tweets of users who post their current locations on Twitter. I have seen articles about this site at http://news.yahoo.com/s/time/20100218/us_time/08599196487300 and http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/02/17/MNMQ1C3A0V.DTL
Tweets are only one way for the bad guys to know you are not home and Google is trying to make it even easier for the crooks. The Google Buzz mobile application will broadcast your location if you install it with defaults. Buzz is a social networking application that all Gmail users were forced to have without their consent and it automatically made public their contact lists.
There are a variety of tools that allow you to broadcast your current location from your cell phone, but Buzz may be the most dangerous of them all. Currently Buzz is very buggy and you can no more assume that Google will prevent unwanted people from following you than you can assume that Google won’t share your private contacts with the world. The mobile Google Maps application has included the ability to broadcast your location for some time now.
As a general rule it is not a good idea to be broadcasting your location, but I can see times when it can be very handy. I would recommend that you check all application on your mobile devices that can broadcast your location and at least check to make sure that broadcasting is either disabled or limited to a select group of friends who you trust will not rob you or ignorantly tweet that you are not home.
There really ought to be a test a user has to pass to show they understand the risks before they can enable location broadcasting.
Director of Technical Education
Author ESET Research, ESET