Nike+iPod Generates Privacy Concerns
File this one under P for “privacy” or perhaps “paranoia.” A research group at the University of Washington has shown that the Nike+iPod Sport Kit could be exploited to enable someone to track the movements and location of a Nike+iPod user surreptitiously.
It turns out that the Nike+iPod sensor, either placed inside a Nike shoe or attached to the top of any other shoe, continuously transmits messages containing a unique identification code that the Nike+iPod receiver uses when pairing with a particular sensor. It doesn’t even have to be attached to a shoe, but wherever the device is placed, it must receive the kind of jolt that indicates a step. The sensor transmits with enough power that a receiver can pick up the signal from up to 60 feet (18.2 meters) away, making it possible for a custom-built receiver to detect the presence and identity of particular sensors from a distance. Because the sensor is a transmit-only device and doesn’t require an acknowledgment from the receiver, larger or more sensitive antennas could theoretically pick up signals even further away.
Obviously, there’s no inherent connection between you and your Nike+iPod sensor, but once someone had visually identified you, the unique code in your Nike+iPod sensor would enable later tracking, even without human intervention.
Apart from leaving the Nike+iPod sensor home, the only workaround is to turn it off whenever you’re not using it, but few people are likely to do that, and Apple hasn’t made it easy. And of course, if you want to use the Nike+iPod Sport Kit for a workout, there’s no alternative but to leave the sensor on during that time.
The real question revolves around the likelihood that a miscreant would take advantage of this design flaw in the Nike+iPod Sport Kit to stalk someone or otherwise compromise that person’s safety. Unfortunately, the technical side of the equation isn’t difficult. The research group built surveillance devices based on a Windows XP laptop, a commercially available miniature “gumstix” computer (sold for less than $250), the combination of an Intel Mote and Microsoft SPOT Watch, and an iPod running Linux (which required no special hardware at all). They even wrote a Google Maps-based Web application that displayed surveillance data in real time and could send tracking data via email or SMS text messaging. (Be sure to watch their movie showing each of these devices.) Some technical skill would be required to create any of these devices, and the research team is not publishing their source code, but clearly, this exploit isn’t limited to government spooks.
Apple announced some time ago that over 450,000 Nike+iPod Sport Kits had been sold, so there is already a large installed base of people who could potentially be tracked, even were Apple to update the product to eliminate this possibility. Such an update isn’t hard in theory; it’s just a matter of the sensor and the receiver agreeing on an identification code that changes on a regular basis, but that may be hard to implement within the constraints of a tiny $30 device.
So, if you’re a Nike+iPod user, should you be concerned? Tough question. I usually come down on the side of common sense, and common sense says to me that the likelihood of something bad happening because of carrying a Nike+iPod sensor in your shoe is low. And yet, compared to most proof-of-concept security exploits, this one is pretty worrying, both in its ease of implementation and interaction with real-world safety. The research team’s paper offers some fairly obvious and easily imagined scenarios, including the jealous boyfriend tracking his girlfriend, the ex-boyfriend using it to “accidentally” bump into his ex-girlfriend, the stalker, the professional thief monitoring when someone was home, the unethical organization tracking members or employees, a store tracking customer behavior, and even muggers using it to “pre-qualify” victims.
In the end, I think it comes down to individual situations. You probably have a pretty good idea if someone might want to track your whereabouts, or if you’re a potential burglary or mugging target. In such cases, I’d encourage caution; turn the Nike+iPod sensor off or remove it when you’re not exercising, or consider an alternate workout device. I’d encourage particular care around geek-intensive environments like college campuses. For most people, though, the minimal risk is likely worth the potential privacy invasion – most miscreants aren’t likely to rely on high tech methods of being creepy when the tried-and-true methods of skulking around corners remain available.
Perhaps the more overarching lesson from this security exploit is that we need to pay more attention to the concerns generated from our ever-increasing physical presence in the infosphere (see Luciano Floridi’s “Peering into the Future of the Infosphere,” 2006-09-25, if you’re unfamiliar with the concept). Even setting aside situations where a manufacturer of some gizmo intends for it to reduce your personal privacy in ways you may not realize, unexpected exploits such as this one are going to become all the more common, whether related to toll-collection transponders (which have been used to create traffic speed maps), GM’s OnStar car monitoring service, cell phones (which reveal your location within about 300 meters to your cell phone provider), or the next popular piece of personal electronics.