Wednesday, December 06, 2006

.

Ah, the old telephone-in-the-shoe trick

New Scientist tells us about some work at University of Washington that points out privacy problems with sneakers. The deal is that Nike sells a kit to make a runner's shoe transmit data wirelessly to an iPod:

The Nike+iPod kit was launched in August 2006 and more than 450,000 have been sold so far, according to industry publication AppleInsider. The kit consists of a small sensor that attaches to a runner's shoe and wirelessly transmits information about their performance to a receiver that connects to an iPod Nano carried by the runner.

Maxwell Smart with shoe phoneVery cool, but... it seems that the protocol is too simple, and does not encrypt the transmissions. As a result, snoopers can listen in on the data, identify a specific runner, and track the runner as she runs, walks, rides.... Further, they found the range to be far greater than needed to go from shoe to iPod — they were able to read the transmissions at a distance of 20 metres, which is around ten times as far as needed for the device's purpose.

They suggest switching off the transmitter when one doesn't actually care about the data (like, when one is wearing the shoes on the bus, at lunch, or for a stroll in the park), and that certainly makes sense. But it's a workaround, at best, to a system that someone designed without much thought. These sorts of things give wireless networks a bad name.

A researcher from Symantec has something to say about it that I have comments on:

"As more devices start to communicate wirelessly, there will be a growing need for user education around the privacy issues that may arise through their usage," says Ollie Whitehouse, a researcher at IT security firm Symantec, based in London, UK. "In the meantime, we would recommend common sense techniques, such as ensuring you turn the device off after use, to minimise your risk."

Whitehouse says, "it should be noted that we're already surrounded by, and happily live among, several similar technologies, including Bluetooth."

Saying that users need education is fine as far as it goes, but let's understand what we're saying there: We're not selling this stuff to technologists; it's a consumer product, and we need to design these sorts of things so that they work well for consumers — consumers without much technical knowledge and without training. As more of these sorts of devices show up, including things like wirelessly connected cars and household appliances, we, the designers of the devices, need to make sure the privacy issues are under control. We can't rely much on education of the consumer.

And I think the comparison with Bluetooth is wrong. In fact, Bluetooth is an example of a wireless network technology that got the basic points right. My Bluetooth headset, for instance, will only pair with one device at a time. My BlackBerry and my laptop are each set up in advance to recognize the headset (I had to "OK" that initial setup). When I want to use the headset with, say, the BlackBerry, I put the former in pairing mode, and I tell the BlackBerry to pair with it. The BlackBerry is not discoverable by any other devices, and won't pair with them. The headset is promiscuous and will pair with anything, but since it will only pair with one at a time, when the BlackBerry confirms the pairing I know I'm safe.

The exposure is only at the time of pairing, and the transmission is encrypted during use, so it can't be snooped. Consumers can be given explicit instructions for doing the pairing (the sheet that comes with the headset is brief, but adequate; it could, perhaps, do with a warning that if the pairing isn't confirmed as expected, you should do it again), and that's the extent of any "education". The sorts of security problems that have made the news, such as the exposure of Paris Hilton's address book[1] are due to bad software, not due to any problems in the Bluetooth protocol. (My BlackBerry won't allow someone to connect without my explicitly turning off all the security checks, and even then I think I'd need to click something that says "OK" to the initial pairing with the hacker's device.)
 


[1] Actually, despite the frequent mention of Bluetooth in the news items about the Paris Hilton thing, it's more likely that the address book data was taken from the server on which it was stored, not by hacking a Bluetooth connection to the phone.

1 comment:

Mary said...

Saying that users need education is fine as far as it goes, but let's understand what we're saying there: We're not selling this stuff to technologists; it's a consumer product, and we need to design these sorts of things so that they work well for consumers — consumers without much technical knowledge and without training.

Amen.