Nike+ iPod Used For Surveillance

Thib writes "Researchers at the University of Washington have published a report detailing many easy and cheap ways the Nike+ iPod Sport Kit previously discussed on Slashdot can be used to track individuals, even when they are not carrying their iPod. They have even implemented a Google Maps application to display surveillance data in real time." From the article: "'Our research also shows that there exist simple cryptographic techniques that the Nike+iPod Sport Kit designers could have used to improve the privacy-preserving properties of the Nike+iPod kit,' the group reports. 'Our work underscores the need for a broad public discussion about and further research on the privacy-preserving properties of new wireless personal gadgets,' the group reports. 'We stress, however, that there is no evidence that Apple or Nike intended for these devices to be used in any malicious manner. Additionally, neither Apple nor Nike endorsed this study.'"

how is this different?

[idlake]

My cell phone and my laptop broadcast where I am and who I am all day long; what difference does it make if my shoes do the same thing?

Re:how is this different?

[vought]

My cell phone and my laptop broadcast where I am and who I am all day long; what difference does it make if my shoes do the same thing?


Agreed.

Much ado about barely anything. I met the product manager for the Nike+iPod kits. I can assure you that tracking people without their permission wasn't in the MRD.

So, based on the FA, you have to be within 30 feet of the person the "bug" is planted on. How is this so effing different than following someone around and watching what they do?

I'm a pretty big privacy advocate. I got ticked when the company who "wanted to hire me" made me take an invasive personality test [calipercorp.com] But this is a lot of heat and noise over nothing - an attention-seeking hyper concernicus group looking for attention.

Me three

[HTTP Error 403 403.9]

Attach a GPS tracker to her car, throw her rabbit in a pot of boiling water, go home and play some Xbox.

Re:

[irc.goatse.cx troll]

I didn't RTFA so I don't know how targeted this has to be, but it sounds similar to why RFID is scary -- Lets say you need to be within 30 feet to read this (assuming theres no tricks with aentennas to boost that). That means all you need to do is place/hide readers all around a big city downtown spaced 30 feet apart and you could track exactly where people go. If theres no identifiable data broadcasting from the device its just a matter of deduction after they visit multiple stores that you can get custome

Re:

[node 3]

Not saying anyone is doing that or plans to do that, but security is about preventing potential abuse. If you only care about stopping whats actually being abused you're on the wrong side of a vicious cat and mouse game and will NEVER be safe.

Not quite. Not just "potential", but also some degree of "reasonably likely". I find it extremely unlikely there will be a grid of Nike+ surveillance devices. Possible? Yes. Reasonably likely? Not at all.

On the other hand, I fully expect RFID scanners to be located at

Re:how is this different?

[Jahz]

Watch out for that guy jogging 50 feet behind you with a laptop satchel on his shoulder and a high-gain antennae in his hand!

sensor can detect the presence of a person. wow.

[iowannaski]

For about the price of a webcam, you can remotely violate only 1 person's privacy - and all you can do is detect their presence.

Groundbreaking stuff, really.

Next up on YRO: Intrepid humans use eyeballs to invade privacy from distances of up to 100M!

God. Dammit! This is a stupid story

[snowwrestler]

Researchers at the University of Washington have published a report detailing many easy and cheap ways the Nike+ iPod Sport Kit previously discussed on Slashdot can be used to track individuals, even when they are not carrying their iPod.

No, but they still have to have that particular pair of shoes on, and you have to be within 60 feet of them!

The amount of effort it would take to track someone via the transmitter in one of their (presumably many shoes) is ridiculous compared to the amount of effort involved in shall we say more traditional methods of stalking.

Sure, you could custom-hack a Linux "gumstick" computer to read the shoe tag and transmit it to a computer to see when your girlfriend is home. But really all you'd ever know for sure is when that particular shoe is at home. Maybe a better bet would be to just install a Web-enabled X10 cam with no hacking required. Or you could go really old-school-stalker and just drive by her damn house to see if the lights are on.

Sure I guess you could drive along behind some girl reading her electronic shoe tag from 60 feet away...on the other hand if you're within 60 feet you can probably SEE her with your own EYES.

I know iPods and security vulnerabilities are hot topics these days. That doesn't mean every story that crosses the two should get the breathless treatment. This is just blatant fear-mongering in an attempt to generate press. There isn't even any valuable information to be captured, like from an RFID credit card for example.

Re:

[toetagger1]

The amount of effort it would take to track someone via the transmitter in one of their (presumably many shoes) is ridiculous compared to the amount of effort involved in shall we say more traditional methods of stalking.

Well, that's if you want to track someone with their Nike shoes. But what prevents you from taking the transmitter, slipping it into someone's backpack, and then track them? Similarly, you may not necessarily need to know where exactly the person currently is, but just want to know when t

Re:

[iowannaski]

Well, that's if you want to track someone with their Nike shoes. But what prevents you from taking the transmitter, slipping it into someone's backpack, and then track them?

Intelligence, hopefully. If I was going to slip something into someone's backpack for the purposes of tracking them - well, it wouldn't be one of these things.

Re:

[E8086]

Tagging someone with an RF device to cause trouble, reminds me of an olde HS prank.
Sometime when I was there in the late 90s they decided to RFID tags or whatever tye were called bacl then in the library books so no one would walk out with a book without checking it out, same as everyother library I've been to. Except the tags were just placed between the pages and could be easily removed and transfered. Combine that with freshmen having class in the library computer lab and being required to leave

Yes, there are lots of ways to track people

[snowwrestler]

I have no objection to an article detailing some of the tricks people can use to track other people. The over-hyped connection to Nike and Apple is the ridiculous part. It's not like the only place in the world to get an electronic transmitter or RFID is from this one particular product that just happens to marry two of the best-known brands in the world. And it's not like an electronic tag is the only way to figure out when someone is in their dorm room.

I bet Apple didn't bother encrypting the transmission because all it does is transmit an ID and data stream. The data is totally unimportant unless you happen to care about someone's training program. And here's the crucial part--the ID is also totally unimportant because when people go jogging, they almost always go jogging in a public place. And when you're jogging in public you're already broadcasting your ID at least 60 feet, via the light that is reflected off your recognizable face.

Re:

[cbiltcliffe]

And when you're jogging in public you're already broadcasting your ID at least 60 feet, via the light that is reflected off your recognizable face.

I jog in a balaclava, you insensitive clod!!

Re:

[jacksonj04]

There are cars which do that anyway. Take a look at the Toyota Prius [toyota.com] (Flash).

Re:

[LordKronos]

Well, that's if you want to track someone with their Nike shoes. But what prevents you from taking the transmitter, slipping it into someone's backpack, and then track them?

This is the problem I always have with these fear mongering stories. They start with some unfounded fear. Then, in an attempt to defend the fear mongering, someone make an illogical leap and then bases their defense from that unfounded position.

Someone slipping a transmitter into someone's backpack and tracking them? Well, that could be

Re:

[dosquatch]

on the other hand if you're within 60 feet you can probably SEE her with your own EYES.

You, sir, are making some seriously optimistic assumptions about my visual acuity.

No where did I leave my damned glasses?

Isn't this = to any frequency emitting device?

[plasmacutter]

I hate to burst the paranoia bubble.. but this can only be used if they turn it on to work out..

if any big brother organization wanted to track you they could triangulate your cell phone signal, use credit card records...

I honestly think it's a bit late and a bit hyppocritical to start complaining about an ipod interface.

Re:

[SCPRedMage]

if any big brother organization wanted to track you they could triangulate your cell phone signal, use credit card records...

Credit card records can only show that you've been in a specific store, but not you precise location; you could leave the store and they'd have no idea where you are until you made another purchase. On the other hand, most cell phones have GPS capabilities for 911 purposes, which could very easily be used to track on individual...

Re:

[ezzzD55J]

most cell phones have GPS capabilities for 911 purposes

Do they?

Re:

[The_mad_linguist]

Sort of. IIRC, it's based on nearby cell phone towers rather than satelites.

Re:

[BandwidthHog]

most cell phones have GPS capabilities for 911 purposes

Sort of. IIRC, it's based on nearby cell phone towers rather than satelites.

By that logic a fax machine is a web server, since somebody can call and request a page be sent to them.

Re:

[vought]

The location of the device is triangulated based on it's relation to nearby cells. That's how most cell phones can be located by law enforcement. Not nearly as precise as GPS.

welcome to 1984?

[zappepcs]

This is but one of many (100s or 1000s) ways in which people will be able to spy, track, and otherwise invade the (previously held) privacy of common citizens. The problem is not simply that there are groups and people more than willing to take advantage of such technologies to accomplish rather nefarious goals, but more importantly, most average citizens will not care, nor believe it possible. This is mostly due to a lack of understanding of the technologies and related enabling technologies. Worse, even u

News flash!

[rampant mac]

Warning: Information you never intended to share with others may be shared! Welcome to the 21st century! Thank goodness for the the GPL! Err, LGPL... BSD license!

I thought the sharing of information was good? Ixnay?

Heh...

[zigziggityzoo]

This just in! Cell phone users can be tracked using the GPS chip located inside the handset! They can also be tracked using the very signal they use to communicate! GASP!

Seriously. BFD.

Re:

[legirons]

"Seriously. BFD."

You said that when they started tracking people by cellphones too, that it was no worse than being able to follow people around.

You'll probably say the same thing when they put tagging collars on people. "they can track you anyway through your ipod, so what's new? BFD"

Original...

[jginspace]

From University of Washington [washington.edu]. And a good writeup from Wired [wired.com].

Sensationalist Headlines at CNN

[AslanTheMentat]

Geez... with the way this is being "headlined" on CNN's site, one has to wonder how much M$ had to shell out for this little op.ed.'ish piece to boost dismal Zune sales (kidding)...
I mean, really though: "iPod flaw helps stalkers track your every move", and "Tracked through your iPod - Some researchers say that your iPod could double as a tracking device."... Neither mention Nike's role in this issue, and both make it sound like an iPod is diddling your sister or something...

This also seems to imply someone wants to stalk your sweaty, running ass to begin with... I mean, seriously, if someone wanted to track you, there has to be a better way than sprinkling "Gumstix" PCs in the damn bushes to listen to your ugly ass sneakers.

Re:

[xjerky]

I agree. I happened to "fall for" CNN's headline and clicked the link. Then I find that this only is an issue with the use of the Nike device, which I never plan to own. CNN made it sound like any iPod is 'at risk', which is woefully misleading.

Little Brother is watching

[bigt_littleodd]

I will be all over this! Because there's nothing I want to do more than track my neighbor's jogging habits and then report them to DHS!

Next newsflash: Cell phone cameras allow people to be easily observed in public places!

out of proportion

[e**(i pi)-1]

I think that these concerns out of proportion. It is an interesting observation and probably quite a challenge to reverse engineer the devices, but compare it with the real issues we have today:
We live in a time, when every purchase at a grocery store is recorded due to "customer cards" when every credit card transaction is monitored, and cameras watch you almost constantly. Our phones are tapped, dozens of parameters recorded every time we travel. RFID's will soon be standard in all items purchased in st

This just in from Seattle...

[Divebus]

Wouldn't it be easier to just hide behind a tree? Just in time to try and pump some Zune sales. To get real about it, the "news" report from KING TV (http://www.king5.com/) in Seattle didn't say it was the iPod tracking you, and neither did the "researchers" but the morons at CNN did. What about the data squirting Zunes?

Pretty cool, actually

[Divebus]

That's a nifty little gizmo they've got there, but I can track iPods just as easily by looking for white earphones.

Neither Apple nor Nike endorsed this study.

[CODiNE]

Ahhhh, but the question is... "Who DID?"

Advertising potential

[Animats]

I'm waiting for the advertising sign in popular running areas:

Your 1km time today: 6:31
Last week: 6:28
You need Red Bull!

Re:

[John Hasler]

> Your 1km time today: 6:31
> Last week: 6:28
> You need Red Bull!

6:31 for a kilometer? You sure as hell need something.

Re:

[LordKronos]

The advertising potential I'm dreading is when we see Jack Bauer using these to track the terrorists next season on 24.

No surprise.

[MaWeiTao]

It's not like this is any surprise. The more integrated and sophisticated our devices are the easier it becomes to track and observe everything we do. It's not like there's some kind of ulterior motive to all this. It's just the consequence of all this connectivity.

If you're that paranoid and don't want to risk being tracked it's simple. Don't buy electronic devices, particularly those that transmit any kind of signal. Even then there are ways to observe people, but at least it's significantly more difficult.

The problem becomes when people are forced to carry devices that report some organization, be it the government or some corporation. We aren't there yet, but I wont be surprised if when it comes people either don't notice it happening or they openly embrace it.

Re:

[YrWrstNtmr]

The problem becomes when people are forced to carry devices that report some organization, be it the government or some corporation. We aren't there yet, but I wont be surprised if when it comes people either don't notice it happening or they openly embrace it.

Not there yet?

Company provided cellphone or pager.
GPS schoolbus/delivery driver/trucker.
RFID cards for building access.
Company car with OnStar.
The ever present cameras.

Now your shoes. When is it too much? I think 'too much' happened a while a

Re:

[pv2b]

I don't know how it works in the US, but in Sweden, pagers are most often actually receive-only devices. Every single time somebody in Sweden is paged, that page is sent to every single pager tower transmitter in the country, and broadcast out a few times.

The way the pager knows if it has missed any pages is because there's a rolling sequence number on the pages, and if one is missed, it knows a page has been missed.

This leads me to think that people who are paranoid of being tracked through cell phones sho

KING5 news report

[bird]

http://www.youtube.com/watch?v=wEgxjrLUK6A [youtube.com]

It has an off switch.

[sakusha]

The Nike+ sensor module has a little switch on the underside, you can switch it off if you don't want to broadcast the sensor data.

I personally only use my sensor on my running shoes, which I only wear while running. Good running shoes are too expensive to wear just walking around town, they wear out too quickly. So if anyone wants to track me while I run 5 one mile laps, in the exact same course, 4 times a week, hey, help yourself to my sensor data.

UW news release, inline video, and PDF of research

[kendor]

The University of Washington's news and information office put together a release that includes an embedded video and a PDF of the research paper: [washington.edu]http://uwnews.washington.edu/ni/article.asp?articl eID=28494 [washington.edu]

The inline video, made by the researchers, is well-crafted and rather entertaining.

Disclosure: I work on behalf of the UW and the technical side of its news operations.

IFO

[SeaFox]

Well I, for one, welcome our new fitness-minded overlords! They're stringent new regime of monitored exercise will reduce the proportion of obesity in the population and lower heart disease in this country.

The Multi-Talented Nike

[mqduck]

Nike [wikipedia.org] can also be used to help you beat up Persians [wikipedia.org].

You can track location using cellphone signals.

[kerouacsgp]

So what? Location tracking is already possible using cell phone signals. Is there more people on the street with Nike+ipod thingamagit strapped to their feet or are there more people having a cellphone? This is blown way out of poportion

Check out the video of the experiment...

[dark-br]

... here [washington.edu].

(ok... I'm evil to link a 200mb file... I know...)a

To complement the headwear...

[beelzeben]

1. Manufacture tin foil feet coverings 2. ??? 3. Profit!!!

Re:

[Jippy T Flounder]

??? = sell it to slashdotters.

nike+ ipod user here

[jwegy]

I use this almost every morning. As a matter of fact, I'm about to leave for a jog ( just in case you want to track me ).

All I can say about their finding is a big outstanding "DUHHH." The whole point of the device is to "track" you. It uses a proprietary 802.11 signal.

The instruction manual clearly states that you should remove the sensor from your shoe when the sensor is not in use. This is to help on the battery life of the sensor since it can not be replaced. Doing this would prevent the "Tracking

Re:

[frdmfghtr]

All I can say about their finding is a big outstanding "DUHHH." The whole point of the device is to "track" you. It uses a proprietary 802.11 signal.

A thought just came to me (and it's offtopic but an interesting thought)...

If the device can be tracked on any 802.11 wireless network (I watched the CNN video on the story, where the device was tracked on the U. of Washington campus via the Wi-Fi network), it's logical to assume that the device uses a Wi-Fi link to talk to the transceiver on the iPod.

Does t

Re:

[frdmfghtr]

Aww crap, never mind...I re-watched the video and it used a distributed set of custom sensors. not the campus Wi-Fi network. So disregard my previous comment.

A key point though is that while the CNN video title is "Tracked through your iPod", it is NOT the iPod being tracked or doing the tracking; no iPod is necessary for this to work.

Not entirely lame...

[rthille]

Think about when most stores' entry/exit points have RFID readers to control 'lossage'.
Think about the pervasive networking and the lack of security on those networks.
Think about being able to track anyone with any RFID tag on their clothes.

Now I've been thinking about one of the Nike+ iPod devices, but I don't wear my running shoes all the time, they're too expensive to wear out like that.

Nike+Apple didn't pay for this FUD?

[DECS]

I find it hard to believe that Nike+Apple didn't pay for this research.

Shoe tracking surveillance is a serious threat to runners everywhere. The spooks will know how many times your shoes hit the ground without actaully having to run around behind you counting. Clearly, this is an attempt by Apple and Nike to track perhaps thousands of individuals who are a) athletes b) unaware that Nike+ is a wireless system and c) concerned that other people will have access to the information they upload to the web.

What's next from Apple, a way to publically advertise personal details through web pages (say, iWeb)? How many people will unwittingly publish their social security number, mother's maden name, and perhaps their secret affinity for a specific type of cheese, creating clear and obvious vulnerabilities from the phishing scammers and spooks out to poison them. THE WEB IS PUBLICLY AVAILABLE PEOPLE!!!

Don't say you haven't been warned. When the machines rise, the first to go will be hot chicks wearing tight Nike clothes and cheese eaters. Oh the humanity.

iPod vs Zune: Microsoft's Slippery Astroturf [roughlydrafted.com]
Bill Gates for President? No Thanks. [roughlydrafted.com]