Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sniffing and Tracking Wearable Tech and Smartphones

Posted by samzenpus on from the all-the-better-to-follow-you-with dept.

An anonymous reader writes: Senior researcher Scott Lester at Context Information Security has shown how someone can easily monitor and record Bluetooth Low Energy signals transmitted by many mobile phones, fitness monitors, and iBeacons. The findings have raised concerns about the privacy and confidentiality wearable devices may provide. “Many people wearing fitness devices don’t realize that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device,” said Scott says. “Using cheap hardware or a smartphone, it could be possible to identify and locate a particular device – that may belong to a celebrity, politician or senior business executive – within 100 meters in the open air. This information could be used for social engineering as part of a planned cyber attack or for physical crime by knowing peoples’ movements.” The researchers have even developed an Android app that scans, detects and logs wearable devices.

11 of 56 comments (clear)

  1. Sniffing wearable tech by rossdee · · Score: 2

    whatever turns you on I suppose

    1. Re:Sniffing wearable tech by Culture20 · · Score: 2

      "By the way, try washing your wrist sometime." --Leela's wrist thingamajig

  2. Really? by Frosty+Piss · · Score: 2

    The findings have raised concerns about the privacy and confidentiality wearable devices may provide.

    Who ever suggested that there was any "privacy and confidentiality" of wearable devices that use Bluetooth? Who would even think such a thing? We're not talking about encrypted communications devices here...

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Really? by TWX · · Score: 3, Interesting

      I'm guessing that most people think that they're secure in their privacy unless they're forced into a confrontation that proves they aren't. Look at all of the corporate officers that get busted with e-mail and text messages that document their white-collar crimes. Those people are supposed to be pretty smart and even they still don't understand how the technology or the law actually work.

      --
      Do not look into laser with remaining eye.
    2. Re:Really? by AmiMoJo · · Score: 2

      Who would even think such a thing?

      Ordinary people assume that when something is "connected" to their phone, it is connected in the same way that a cable connects things or they are connected to secure wifi with a password. The fact that you usually need to use a PIN number to pair Bluetooth devices further adds to to illusion that it is secure, because PINs are for security.

      Engineers have to accept responsibility here. We have to make things secure by default, and respect privacy. Users don't appreciate the somewhat subtle differences between types of security, or that because one type of Bluetooth is fairly secure it doesn't mean that another type is also going to be secure, or even that there is more than one type.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. Kinda neat for sign-in sign-out systems by Brulath · · Score: 5, Interesting

    Broader privacy implications aside, it's actually kind of neat to be wearing a device which can identify when you're in a particular space and how long for. We have a volunteer tech group working on projects at our local museum and one of the guys implemented a fitbit scanner to identify when people were present and how long for (which is useful, as bureaucracy dictates we sign in/out for fire and visitor-tracking reasons). Every few minutes it broadcasts a request for fitbits, and all those within range respond. They return a mac which can be linked back to a fitbit account, if the user has authorised us to access it, which makes it a bit easier to identify the person who owns the fitbit. We could probably replace it with another sign in system, but passive is kind of neat when you want it.

    I assume resolving the identifying problem wouldn't be as easy as using a random mac?

  4. Big Deal by PopeRatzo · · Score: 2

    "Sniffing and tracking"? My seven year old beagle does those things and has much longer battery life.

    Call me when you're bluetooth device can fetch a tennis ball.

    --
    You are welcome on my lawn.
    1. Re:Big Deal by fuzzyfuzzyfungus · · Score: 2

      Unfortunately, despite not being iBeagle, you will find your beagle's battery...difficult to user service...when depleted. Also problematic to restore from backup.

  5. Wrong!! by ultranerdz · · Score: 3, Informative

    Bluetooth 4.1 adds Randomised private resolvable addresses. This allows only bonded devices to be tracked this way.

    1. Re:Wrong!! by gl4ss · · Score: 2

      this is really "news" from 2000.

      furthermore, iBeacons and such are used exclusively for the purpose of creating a beacon..

      --
      world was created 5 seconds before this post as it is.
  6. HIPPA by sunderland56 · · Score: 3, Interesting

    Isn't leaking personally identifiable health information a violation of HIPPA?