Trending Tech: EchoSEC

10 September 2013 by Emma Blunt

If you could see inside company buildings, neighbours’ houses and secure locations like government buildings, would you? Here, we look into the technology and security risks of applications that make this snooping scenario a reality.

Typing a postcode into the search bar of the online application echoSEC, brings up the location on a digital map; nothing out of the ordinary here. However, when we highlight a square of the area, around a building, for example, social media posts and images taken and published in that location start popping up beneath the map! It’s an interesting technology, using geo-mapping technology to aggregate social media feeds. However, in the hands of malicious users, it opens up a number of security issues, which are worth being aware of.

To get an idea of how echoSEC might be used negatively, just put yourself in the shoes of a criminal. Valuable information can be gained from an image, especially if it is accompanied by a caption or a tagged location that gives away further detail. As we search locations, we discover an image of a living room where a party was taking place. Astonishingly, the location is tagged as the first line of the owner’s address! We also managed to get a good glimpse inside company buildings, seeing their products and equipment up close. Some employees also inadvertently give away sensitive information, leaving their security pass lying visible in the shot!

So, how could this information be exploited?

There are several ways that this information could be used for gain:

• Competitor Intelligence: seeing inside a rival company’s building enables competitors to see who is working there and search for background information, to view products and equipment and occasionally, when employees are careless, to come across sensitive data. If an employee posts an undesirable photo of them behaving in a manner that misrepresents the company, this can also cause brand damage.
• Social Engineering Attacks: A thief, conman or malicious organisation can gain a lot of information from pictures and infer even more. Connecting the dots is easy online with the abundance of social networking sites and search engines. If you post pictures from your house at certain times and not at others, for example, they can guess when you’re in or out. This is obviously a risk!
• Spear Phishing: If criminals can get enough personal information about you then they can always falsify a document pertaining to be from a reputable organisation such as a bank, in order to extract important details.
• Stalking: This sounds a bit sinister but it is very easy to use this application to see inside peoples’ houses, find further images of them and learn a lot about them, from the area they live in to their relationship status, likes & dislikes, associates and place of work.

Social media is a great phenomenon but it does give away a lot of information, especially with applications like echoSEC available to use. Applications like these aren’t all bad and they do have positive uses but if you are worried then turn off the location on your smartphone and don’t give away more information than you need to online.