iPod as tracking devices, easy as a walk in the park
- — 07 December, 2006 08:35
Next time you strap on your Nikes and plug in your iPod for a casual jog around the block, it might be a good idea to don a tin-foil cap too, as newly discovered security flaws in the Nike + iPod Sport Kit can expose the device to home-made tracking devices.
Researchers at the University of Washington have discovered security flaws in the RFID powered Nike + iPod combo that can potentially allow stalkers, thieves and even corporations to track your movements with a cheaply constructed receiver.
The Nike + iPod Sports Kit works by placing a small RFID transmitter in the sole of specially-designed Nike shoes. As a user jogs or walks, the transmitter communicates real-time updates about the speed and length of work-outs by broadcasting the information to a small receiver plugged into an accompanied iPod.
According to the report, titled Devices That Tell On You: The Nike+ iPod Sport Kit, the vulnerability of the device stems from the RFID sensor in the Nike shoes, which constantly transmits its unique signal, thanks to its on-board power source, regardless whether the user has the iPod accessory turned on or not.
"The wireless capabilities in this new gadget can negatively impact a consumer's personal privacy and safety," read the report. "Someone could use the sensor's broadcast messages to track which locations you visit, and when you visit them."
The report stated that a potential stalker within 20 metres of a user with the Nike + iPod kit could track individuals with a simple home-made surveillance device.
Putting their theory to the test, the researchers designed a number of surveillance tools to track users with the Nike sensor. From a simple Wi-Fi capable notebook, to a tiny $100 Linux-based gumstix computer, the researchers showed tracking a user with the Nike + iPod device was easier than a run in the park.
The report provides a number of examples that would-be trackers could employ to snare users for nefarious uses, including thieves using the vulnerability to scout several houses at once to determine when Nike-wearing owners were at home or not. By overlaying the collected surveillance data over Google Maps in real-time, they also showed how corporations could use the technology to track consumer behaviour.
Despite the examples, how much of a threat this presents remains to be seen, especially considering the close proximity (20 metres, or in other words within eyesight) with which the potential tracker must be for the home-made surveillance device to function.
Regardless of the practical methods for use of the Nike + iPod scenario, issues of user privacy remain. The research paper offers a simple solution; design RFID sensors that speak to only one reader as well as more thorough accountability from manufacturers to avoid unwittingly building surveillance capacity into their devices.