Nike+ iPod Used For Surveillance

Thib writes "Researchers at the University of Washington have published a report detailing many easy and cheap ways the Nike+ iPod Sport Kit previously discussed on Slashdot can be used to track individuals, even when they are not carrying their iPod. They have even implemented a Google Maps application to display surveillance data in real time." From the article: "'Our research also shows that there exist simple cryptographic techniques that the Nike+iPod Sport Kit designers could have used to improve the privacy-preserving properties of the Nike+iPod kit,' the group reports. 'Our work underscores the need for a broad public discussion about and further research on the privacy-preserving properties of new wireless personal gadgets,' the group reports. 'We stress, however, that there is no evidence that Apple or Nike intended for these devices to be used in any malicious manner. Additionally, neither Apple nor Nike endorsed this study.'"

how is this different?

My cell phone and my laptop broadcast where I am and who I am all day long; what difference does it make if my shoes do the same thing?

Re:how is this different?

My cell phone and my laptop broadcast where I am and who I am all day long; what difference does it make if my shoes do the same thing?


Agreed.

Much ado about barely anything. I met the product manager for the Nike+iPod kits. I can assure you that tracking people without their permission wasn't in the MRD.

So, based on the FA, you have to be within 30 feet of the person the "bug" is planted on. How is this so effing different than following someone around and watching what they do?

I'm a pretty big privacy advocate. I got ticked when the company who "wanted to hire me" made me take an invasive personality test [calipercorp.com] But this is a lot of heat and noise over nothing - an attention-seeking hyper concernicus group looking for attention.

Re:how is this different?

Watch out for that guy jogging 50 feet behind you with a laptop satchel on his shoulder and a high-gain antennae in his hand!

sensor can detect the presence of a person. wow.

For about the price of a webcam, you can remotely violate only 1 person's privacy - and all you can do is detect their presence.

Groundbreaking stuff, really.

Next up on YRO: Intrepid humans use eyeballs to invade privacy from distances of up to 100M!

God. Dammit! This is a stupid story

Researchers at the University of Washington have published a report detailing many easy and cheap ways the Nike+ iPod Sport Kit previously discussed on Slashdot can be used to track individuals, even when they are not carrying their iPod.

No, but they still have to have that particular pair of shoes on, and you have to be within 60 feet of them!

The amount of effort it would take to track someone via the transmitter in one of their (presumably many shoes) is ridiculous compared to the amount of effort involved in shall we say more traditional methods of stalking.

Sure, you could custom-hack a Linux "gumstick" computer to read the shoe tag and transmit it to a computer to see when your girlfriend is home. But really all you'd ever know for sure is when that particular shoe is at home. Maybe a better bet would be to just install a Web-enabled X10 cam with no hacking required. Or you could go really old-school-stalker and just drive by her damn house to see if the lights are on.

Sure I guess you could drive along behind some girl reading her electronic shoe tag from 60 feet away...on the other hand if you're within 60 feet you can probably SEE her with your own EYES.

I know iPods and security vulnerabilities are hot topics these days. That doesn't mean every story that crosses the two should get the breathless treatment. This is just blatant fear-mongering in an attempt to generate press. There isn't even any valuable information to be captured, like from an RFID credit card for example.

Yes, there are lots of ways to track people

I have no objection to an article detailing some of the tricks people can use to track other people. The over-hyped connection to Nike and Apple is the ridiculous part. It's not like the only place in the world to get an electronic transmitter or RFID is from this one particular product that just happens to marry two of the best-known brands in the world. And it's not like an electronic tag is the only way to figure out when someone is in their dorm room.

I bet Apple didn't bother encrypting the transmission because all it does is transmit an ID and data stream. The data is totally unimportant unless you happen to care about someone's training program. And here's the crucial part--the ID is also totally unimportant because when people go jogging, they almost always go jogging in a public place. And when you're jogging in public you're already broadcasting your ID at least 60 feet, via the light that is reflected off your recognizable face.

Isn't this = to any frequency emitting device?

I hate to burst the paranoia bubble.. but this can only be used if they turn it on to work out..

if any big brother organization wanted to track you they could triangulate your cell phone signal, use credit card records...

I honestly think it's a bit late and a bit hyppocritical to start complaining about an ipod interface.

welcome to 1984?

This is but one of many (100s or 1000s) ways in which people will be able to spy, track, and otherwise invade the (previously held) privacy of common citizens. The problem is not simply that there are groups and people more than willing to take advantage of such technologies to accomplish rather nefarious goals, but more importantly, most average citizens will not care, nor believe it possible. This is mostly due to a lack of understanding of the technologies and related enabling technologies. Worse, even understanding or knowledge is available, the "it won't affect me" syndrome will continue to make it a growing threat.

There really don't need to be large groups of 'men in black' if most of the populace simply hands over their rights and privacy.

Those who don't know what tor is should. There are methods for remaining rather anonymous in the world at large. This story is simply the warning sign to let you (yes you, joe public) know that if big brother is not already spying, he will be soon. The patriot act and the DMCA have enabled the nefarious among us to do so. .... Whether a gun is used for bad things or not, when you purchase one, you must be aware that it can be. Unfortunately, buying gadgets is a process that is not even touched by such training or awareness... sad sad sad

News flash!

Warning: Information you never intended to share with others may be shared! Welcome to the 21st century! Thank goodness for the the GPL! Err, LGPL... BSD license!

I thought the sharing of information was good? Ixnay?

Heh...

This just in! Cell phone users can be tracked using the GPS chip located inside the handset! They can also be tracked using the very signal they use to communicate! GASP!

Seriously. BFD.

Original...

From University of Washington [washington.edu]. And a good writeup from Wired [wired.com].

Sensationalist Headlines at CNN

Geez... with the way this is being "headlined" on CNN's site, one has to wonder how much M$ had to shell out for this little op.ed.'ish piece to boost dismal Zune sales (kidding)...
I mean, really though: "iPod flaw helps stalkers track your every move", and "Tracked through your iPod - Some researchers say that your iPod could double as a tracking device."... Neither mention Nike's role in this issue, and both make it sound like an iPod is diddling your sister or something...

This also seems to imply someone wants to stalk your sweaty, running ass to begin with... I mean, seriously, if someone wanted to track you, there has to be a better way than sprinkling "Gumstix" PCs in the damn bushes to listen to your ugly ass sneakers.

Little Brother is watching

I will be all over this! Because there's nothing I want to do more than track my neighbor's jogging habits and then report them to DHS!

Next newsflash: Cell phone cameras allow people to be easily observed in public places!

out of proportion

I think that these concerns out of proportion. It is an interesting observation and probably quite a challenge to reverse engineer the devices, but compare it with the real issues we have today:
We live in a time, when every purchase at a grocery store is recorded due to "customer cards" when every credit card transaction is monitored, and cameras watch you almost constantly. Our phones are tapped, dozens of parameters recorded every time we travel. RFID's will soon be standard in all items purchased in stores. Passports will have RFIDs. Cellular phones, wireless computers and even PDA's allow tracking already now.
An observer does not get a lot of data from this jogging device. And who would build an entire tracking system with many stations just listening to Ipods? These stations would need to be hidden, batteries replaced, monitored etc. And what for? To stalk up some jogger? How many joggers have these gadgets?
It would be easier to build a network of small cameras which watch a person. Even easier is shadowing by a single person, who follows the person.
Finally, the distance in which the devices can be read is 60 feet. With a bit of shielding, the distance could be reduced to maybe 20 feet which would make an even tighter network of receivers necessary.

This just in from Seattle...

Wouldn't it be easier to just hide behind a tree? Just in time to try and pump some Zune sales. To get real about it, the "news" report from KING TV (http://www.king5.com/) in Seattle didn't say it was the iPod tracking you, and neither did the "researchers" but the morons at CNN did. What about the data squirting Zunes?

Pretty cool, actually

That's a nifty little gizmo they've got there, but I can track iPods just as easily by looking for white earphones.

Neither Apple nor Nike endorsed this study.

Ahhhh, but the question is... "Who DID?"

Advertising potential

I'm waiting for the advertising sign in popular running areas:

Your 1km time today: 6:31
Last week: 6:28
You need Red Bull!

No surprise.

It's not like this is any surprise. The more integrated and sophisticated our devices are the easier it becomes to track and observe everything we do. It's not like there's some kind of ulterior motive to all this. It's just the consequence of all this connectivity.

If you're that paranoid and don't want to risk being tracked it's simple. Don't buy electronic devices, particularly those that transmit any kind of signal. Even then there are ways to observe people, but at least it's significantly more difficult.

The problem becomes when people are forced to carry devices that report some organization, be it the government or some corporation. We aren't there yet, but I wont be surprised if when it comes people either don't notice it happening or they openly embrace it.

KING5 news report

http://www.youtube.com/watch?v=wEgxjrLUK6A [youtube.com]

It has an off switch.

The Nike+ sensor module has a little switch on the underside, you can switch it off if you don't want to broadcast the sensor data.

I personally only use my sensor on my running shoes, which I only wear while running. Good running shoes are too expensive to wear just walking around town, they wear out too quickly. So if anyone wants to track me while I run 5 one mile laps, in the exact same course, 4 times a week, hey, help yourself to my sensor data.

UW news release, inline video, and PDF of research

The University of Washington's news and information office put together a release that includes an embedded video and a PDF of the research paper: [washington.edu]http://uwnews.washington.edu/ni/article.asp?articl eID=28494 [washington.edu]

The inline video, made by the researchers, is well-crafted and rather entertaining.

Disclosure: I work on behalf of the UW and the technical side of its news operations.

IFO

Well I, for one, welcome our new fitness-minded overlords! They're stringent new regime of monitored exercise will reduce the proportion of obesity in the population and lower heart disease in this country.

The Multi-Talented Nike

Nike [wikipedia.org] can also be used to help you beat up Persians [wikipedia.org].

You can track location using cellphone signals.

So what? Location tracking is already possible using cell phone signals. Is there more people on the street with Nike+ipod thingamagit strapped to their feet or are there more people having a cellphone? This is blown way out of poportion

Check out the video of the experiment...

... here [washington.edu].

(ok... I'm evil to link a 200mb file... I know...)a

To complement the headwear...

1. Manufacture tin foil feet coverings 2. ??? 3. Profit!!!

nike+ ipod user here

I use this almost every morning. As a matter of fact, I'm about to leave for a jog ( just in case you want to track me ).

All I can say about their finding is a big outstanding "DUHHH." The whole point of the device is to "track" you. It uses a proprietary 802.11 signal.

The instruction manual clearly states that you should remove the sensor from your shoe when the sensor is not in use. This is to help on the battery life of the sensor since it can not be replaced. Doing this would prevent the "Tracking." Luckily for me, and I suspect MANY others, I have one pair of shoes dedicated for jogging ( with the sensor ). How much privacy can I expect when out jogging in a public area ?

Not entirely lame...

Think about when most stores' entry/exit points have RFID readers to control 'lossage'.
Think about the pervasive networking and the lack of security on those networks.
Think about being able to track anyone with any RFID tag on their clothes.

Now I've been thinking about one of the Nike+ iPod devices, but I don't wear my running shoes all the time, they're too expensive to wear out like that.

Nike+Apple didn't pay for this FUD?

I find it hard to believe that Nike+Apple didn't pay for this research.

Shoe tracking surveillance is a serious threat to runners everywhere. The spooks will know how many times your shoes hit the ground without actaully having to run around behind you counting. Clearly, this is an attempt by Apple and Nike to track perhaps thousands of individuals who are a) athletes b) unaware that Nike+ is a wireless system and c) concerned that other people will have access to the information they upload to the web.

What's next from Apple, a way to publically advertise personal details through web pages (say, iWeb)? How many people will unwittingly publish their social security number, mother's maden name, and perhaps their secret affinity for a specific type of cheese, creating clear and obvious vulnerabilities from the phishing scammers and spooks out to poison them. THE WEB IS PUBLICLY AVAILABLE PEOPLE!!!

Don't say you haven't been warned. When the machines rise, the first to go will be hot chicks wearing tight Nike clothes and cheese eaters. Oh the humanity.

iPod vs Zune: Microsoft's Slippery Astroturf [roughlydrafted.com]
Bill Gates for President? No Thanks. [roughlydrafted.com]