Feeds

Ratings volunteers to be spied on by mobiles

Blowers to rat out guineapigs 24-7

Top three mobile application threats

You know how you can volunteer to be a TV ratings guinea pig? And then they - Nielsen or whoever - attach kit to your telly so that they can tell everything you and all your thousands of fellow guineapigs watch, and so the ratings get compiled.

Well, that system is flawed. It can't measure the telly you watch at the pub, the radio you hear at work etc etc. It doesn't usually know if you're actually there; the box could be blaring away to an empty room. It is often confused by PVRs or other timeshifting tech.

Now, however, a Californian company called IMMI (Integrated Media Measurement Inc.) has decided to change all that. Most people are now aware that mobile phones can be used to locate their users; and the reasonably well-informed are aware that they can also be used as remote bugging devices, even when apparently switched off. (Some people have a struggle believing this; but it's not exactly aliens-at-Roswell stuff. This is a small computer with a microphone and a data radio. Who says the display has to light up for it to be working? Seriously: your phone can be used as a bug, though the necessary skills aren't common outside government agencies. Yet.)

When you become an IMMI ratings person, the company gives you a mobile phone with special software in it. Every thirty seconds or so, the phone - without intervention from you - records a ten-second audio clip. Sending that off to IMMI via GPRS, EDGE, UMTS or whatever would be a tad expensive - not to mention having fearful privacy implications - so the phone processor boils the clip down to a 1.5kB "fingerprint." Every quarter-hour or so the phone datalinks to the IMMI servers and sends off all the fingerprints, time-slugged.

Meanwhile, the IMMI servers are doing this with all the broadcast media the company is interested in. When your fingerprints come in, they are compared with the server data, and matches are recorded. The servers can look back a couple of weeks into the past, too, so TiVo or whatever isn't an issue.

Voila! IMMI knows what you watch and listen to, while saving bandwidth and dumping what it considers "noise" - your conversations and so on. Or so they say, anyway.

Amanda Welsh, IMMI's COO, was keen to emphasise that their phones are not bugs as such. She told MIT Tech Review:

"If you're carrying our phone and you're planning a bank robbery while listening to a radio, all we know is what radio station you're listening to."

IMMI is adamant that the "fingerprints" can't be turned back into useful audio.

Similarly, though the company admits it would like to use GPS or mobile-network location tech to know where its guineapigs are when they hear things, it currently doesn't. Rather, you plug in a Bluetooth beacon in your home, and the phone knows if you're in or out; but, for now, that's all.

"Although he would like to use GPS, [IMMI CTO] Al Alcorn says that it's currently cost prohibitive to buy this information from the cell-phone companies, which control it," according to Tech Review.

Presumably what's meant by this is that IMMI can't afford mobile-mast location data; obviously cell networks have diddly to do with GPS satnav as such. Handsets with actual GPS receivers - which could send the location data to IMMI - are still rather expensive at the moment; often need cell-tower data to help them out; and they don't like it inside buildings, either.

A cell phone is well adapted to IMMI's needs anyway. On top of that, the company reckon the fact that it's useful to the guineapig will mean it stays within reach.

"The question is, 'If you forgot to take [the tracking device] with you when you went to work, would you go back and get it?'" according to Alcorn.

"If it was your cell phone, you would. If it was just a passive brick that didn't do anything [else], you wouldn't."

Clever stuff. But there still seem to be some gaps. Phones get left around the house, not necessarily within earshot (mike-shot?) of what their users are listening to.

And several possibilities for abuse spring to mind. If this audio fingerprinting is as good and reliable as its cracked up to be, it surely wouldn't be hard to make up some unique, task-specific fingerprints and so monitor an IMMI subject using the company data.

For instance, you could perhaps fingerprint the automated announcements on the London Underground trains, and thus know wherever your target went on the Tube. Or you might record a person of interest saying a commonly-used phrase such as "Hello darling," and thus, perhaps, be tipped off whenever someone met up with their illicit lover.

And so on. If one weary Vulture can think of that much in five minutes on a Monday morning, it seems fair to say that the thing's riddled with loopholes. Still, you can't expect to be a guineapig and not suffer some horrible invasive experiments.

The Tech Review piece is here

Combat fraud and increase customer satisfaction

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T dangles gigabit broadband plans over 100 US cities
So soon after a mulled Google Fiber expansion, fancy that
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
Turnbull gave NBN Co NO RULES to plan blackspot upgrades
NBN Co faces huge future Telstra bills and reduces fibre footprint
NBN Co plans fibre-to-the-basement blitz to beat cherry-pickers
Heading off at the pass operation given same priority as blackspot fixing
NBN Co in 'broadband kit we tested worked' STUNNER
Announcement of VDSL trial is not proof of concept for fibre-to-the-node
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.