iPod add-on 'fails' privacy test
The unique ID of each sensor was easy to track
Joggers using the iPod Sport kit to keep fit are putting their personal privacy at risk, warn scientists.
The academics showed how easy it was to track those using the combination of music player and running shoe sensor.
In the worst scenario suggested by the scientists, stalkers could use the tracking data to "engineer" encounters with victims.
The researchers said gadget makers should do more to protect privacy and stop hardware being abused in this way.
Hi-tech steps
The Nike iPod Sport kit uses radio to link a sensor in a runner's shoe to another gadget that clips on to an iPod Nano.
The clip-on gadget analyses the data gathered by the sensor and gives runners information about how far they have travelled and the calories they have burned as they exercise.
A team of computer science researchers from the University of Washington has scrutinised the runner's aid and found that it "fails to offer even the most basic level of user privacy".
The investigation, led by graduate student Scott Saponas, found it easy to eavesdrop on the unique identifier (UID) the sensor uses to ensure it talks to the right receiver.
"When someone is engaged in a workout with a sensor using a receiver attached to an iPod, a second receiver can detect the sensor transmitting its UID," the researchers report.
...will these new gadgets erode our privacy even further?
Prof Tadayoshi Kohno
Once activated the sensor broadcasts continuously and nothing is done to encrypt the signal to hide it from eavesdroppers the scientists found.
The unique identifier could be tracked up to 20 metres away outdoors and at speeds up to 30 mph.
University of Washington Professor Tadayoshi Kohno, who was part of the research team, said the project was undertaken to get a better understanding of trends in the technologies being sold to consumers.
"Are new devices still being introduced that do not address the full range of privacy issues, even if it is technically possible to address many of those issues?" he asked.
To show how the data transmitted by the sensor could be abused, the team created their own receiver from cheap and easily obtainable parts that logged when a target sensor was nearby. This used wi-fi to pass on the information to a central database that plotted the location on Google Maps.
By concealing a few of the small custom-made receivers in select locations, the researchers showed how it would be possible to track someone's movements.
Researchers fear the running sensor could be abused
Another hardware prototype used by the team turned a Windows XP laptop into a logging station when the gadget was plugged into a free USB port.
The team speculated that stalkers, thieves and others could use their own receivers to monitor a target. Surveys suggest that most people who use the iPod Sport kit turn the sensor on, slip it in their running shoe and never turn it off.
Prof Kohno said: "Our study shows is that new devices are still coming out that do not address the full range of privacy issues."
The researchers said they did not want to suggest that Apple or Nike intended that their devices would be used maliciously.
"But," said Prof Kohno, "this situation begs the broader question: as manufacturers continue to introduce other new, sophisticated technological personal gadgets, will these new gadgets erode our privacy even further?
"More importantly," he said, "what can we do about that?"
To make the technology more secure the researchers suggest binding each sensor to a specific receiver so the datastream cannot be tapped. This data traffic could also be encrypted to reduce the chance that it could be used for malicious purposes.
The unique ID of each sensor was easy to track
Joggers using the iPod Sport kit to keep fit are putting their personal privacy at risk, warn scientists.
The academics showed how easy it was to track those using the combination of music player and running shoe sensor.
In the worst scenario suggested by the scientists, stalkers could use the tracking data to "engineer" encounters with victims.
The researchers said gadget makers should do more to protect privacy and stop hardware being abused in this way.
Hi-tech steps
The Nike iPod Sport kit uses radio to link a sensor in a runner's shoe to another gadget that clips on to an iPod Nano.
The clip-on gadget analyses the data gathered by the sensor and gives runners information about how far they have travelled and the calories they have burned as they exercise.
A team of computer science researchers from the University of Washington has scrutinised the runner's aid and found that it "fails to offer even the most basic level of user privacy".
The investigation, led by graduate student Scott Saponas, found it easy to eavesdrop on the unique identifier (UID) the sensor uses to ensure it talks to the right receiver.
"When someone is engaged in a workout with a sensor using a receiver attached to an iPod, a second receiver can detect the sensor transmitting its UID," the researchers report.
...will these new gadgets erode our privacy even further?
Prof Tadayoshi Kohno
Once activated the sensor broadcasts continuously and nothing is done to encrypt the signal to hide it from eavesdroppers the scientists found.
The unique identifier could be tracked up to 20 metres away outdoors and at speeds up to 30 mph.
University of Washington Professor Tadayoshi Kohno, who was part of the research team, said the project was undertaken to get a better understanding of trends in the technologies being sold to consumers.
"Are new devices still being introduced that do not address the full range of privacy issues, even if it is technically possible to address many of those issues?" he asked.
To show how the data transmitted by the sensor could be abused, the team created their own receiver from cheap and easily obtainable parts that logged when a target sensor was nearby. This used wi-fi to pass on the information to a central database that plotted the location on Google Maps.
By concealing a few of the small custom-made receivers in select locations, the researchers showed how it would be possible to track someone's movements.
Researchers fear the running sensor could be abused
Another hardware prototype used by the team turned a Windows XP laptop into a logging station when the gadget was plugged into a free USB port.
The team speculated that stalkers, thieves and others could use their own receivers to monitor a target. Surveys suggest that most people who use the iPod Sport kit turn the sensor on, slip it in their running shoe and never turn it off.
Prof Kohno said: "Our study shows is that new devices are still coming out that do not address the full range of privacy issues."
The researchers said they did not want to suggest that Apple or Nike intended that their devices would be used maliciously.
"But," said Prof Kohno, "this situation begs the broader question: as manufacturers continue to introduce other new, sophisticated technological personal gadgets, will these new gadgets erode our privacy even further?
"More importantly," he said, "what can we do about that?"
To make the technology more secure the researchers suggest binding each sensor to a specific receiver so the datastream cannot be tapped. This data traffic could also be encrypted to reduce the chance that it could be used for malicious purposes.