Feeds

Nike + iPod poses threat to personal security

Could aid stalking and burglary

Securing Web Applications Made Simple and Scalable

One of this year's must-have gadgets for music-crazy runners is a security nightmare that could help someone track your movements with relative ease, according to researchers at the University of Washington.

The Nike + iPod device transmits data from a gizmo in a runner's shoe to an iPod, where software crunches the numbers to come up with information such as how far someone has run, and how fast, in real time. But the researchers have found that it could well be broadcasting that data to others too.

"A bad person could use this information to compromise your personal privacy and safety. We describe specific example scenarios, like stalking, in our paper," said a statement from researchers Scott Saponas, Jonathan Lester, Carl Hartung and Tadayoshi Kohno of the Department of Computer Science and Engineering at the University of Washington.

The gadget in the runner's shoe contains a radio frequency identification (RFID) chip which sends the data to a receiver connected to the iPod. The information itself is encrypted, but enough information is broadcast to a range of up to 60 feet to pose a security risk.

"When you walk or run the Nike + iPod sensor in your shoe will transmit messages using a wireless radio," said the researchers. "These messages contain a unique identifier that can be detected from 60 feet away. This information is potentially private because it can reveal where you are, even when you'd prefer for a bad person to not know your location."

They found that small computer equipment could be used to read the unique identifier. Some of this was small enough to hide in the user's environment. Placed on that person's front door or in bushes beside the entrance the machine could be used to read and record every time the shoe gadget passed it by.

That could allow a person using the tracking equipment to log when the user was home and when he was out of the house. This could be vital information for burglars.

If a person built a network of these sensors they could map the movements of a person or any number of people through a whole area, and could plot that movement on online mapping services such as Google Maps.

The researchers said that building a surveillance network would be "neither hard nor expensive". "Our prototype shows that a bad person could build a full-featured, WiFi-enabled Nike + iPod surveillance device for under $250," they said.

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Application security programs and practises

More from The Register

next story
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
For Lenovo US, 8-inch Windows tablets are DEAD – long live 8-inch Windows tablets
Reports it's killing off smaller slabs are greatly exaggerated
Microsoft unsheathes cheap Android-killer: Behold, the Lumia 530
Say it with us: I'm King of the Landfill-ill-ill-ill
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Seventh-gen SPARC silicon will accelerate Oracle databases
Uncle Larry's mutually-optimised stack to become clearer in August
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.