By now we’ve all had to pretty much accept that our interests and habits are being mined for advertisers. Your phone knows where you go and what apps you use. The reason we get free services like Facebook and Twitter is that our information is sold to advertisers, and they tag that information to you with a phone’s Mobile Advertising ID, or MAID. The information attached to a MAID can be bought by an advertiser for about a grand.
This means if someone wants to perform an extremely targeted social engineering attack on somebody, they can get all they need to know about a person for about $1000. Hackers could send you information based on where you are, where you’ve been, your religious and political leanings, even your health and dating habits. Hackers could even find out with pretty scary accuracy exactly where you are.
“What’s the big deal?” you may ask. “So a hacker knows I like to where I am and what I do. What can they do with that?”
As mentioned previously, a hacker could use that information to tailor a social engineering attack for a specific target. They can serve up ads that you’re more likely to click on, which could compromise a device or load malware on it. They can create better phishing attacks to get more information from you, such as passwords for your bank account or other sensitive access. Think of all the ways advertisers might use that information, add nefarious motives and imagination, and that’s what hackers can do.
How can you stop it? You can turn off any location services on your phone and you can not use any apps that talk about using your data in their terms of service. Both of those, however, are very hard to do in this day and age.