“Key industry players are incorporating wireless radio communications capabilities into many new personal consumer products. For example, the new Nike+iPod Sport Kit from Apple consists of two components — a sensor and a receiver — that communicate using a wireless radio protocol. Unfortunately, there can be negative side-effects associated with equipping these gadgets with wireless communications capabilities,” T. Scott Saponas, Jonathan Lester, Carl Hartung, and Tadayoshi Kohno report for The Department of Computer Science and Engineering, University of Washington.

The group reports, “In the case of the Nike+iPod Sport Kit, our research shows that the wireless capabilities in this new gadget can negatively impact a consumer’s personal privacy and safety. As part of our research, we built a number of surveillance tools that malicious individuals could use to track Nike+iPod Sport Kit owners. Our tools can track Nike+iPod Sport Kit owners while they our working out, as well as when they are just casually walking around town, a parking lot, or a college campus. The tracked individuals don’t even need to have their iPods with them.”

“Our research also shows that there exist simple cryptographic techniques that the Nike+iPod Sport Kit designers could have used to improve the privacy-preserving properties of the Nike+iPod kit,” the group reports.

“Our work underscores the need for a broad public discussion about and further research on the privacy-preserving properties of new wireless personal gadgets,” the group reports. “We stress, however, that there is no evidence that Apple or Nike intended for these devices to be used in any malicious manner. Additionally, neither Apple nor Nike endorsed this study.”

The group reports that they have built several mechanisms for detecting and tracking Nike+iPod shoe sensors:

Windows XP-based surveillance devices: We developed a mechanism for attaching a Nike+iPod receiver to a Windows XP laptop via a USB port. When someone wearing an active Nike+iPod sensor walks near one of our laptops, the laptop’s attached Nike+iPod receiver will detect the sensor’s broadcast messages and will relay information about those messages to the laptop. The laptop will then display the sensor’s unique identifier on the screen. The laptop will also use WiFi to upload information about the observed sensor to a back-end database. This latter step allows our Windows XP machines to serve as participating nodes in a larger surveillance system.

Gumstix-based surveillance devices: We also made a cheap and small Nike+iPod surveillance device from commercially available miniature gumstix computers. Our gumstix surveillance devices also use WiFi to upload real-time surveillance data to a back-end database, thereby allowing the gumstixs to serve as participating nodes in a larger surveillance system. The gumstix-based surveillance device is small enough to hide in the environment, such as in the bushes near a running trail or under someone’s desk, and can detect nearby Nike+iPod sensors up to 60 feet away. It would also be easy for anyone else to build their own gumstix-based surveillance device, and the total cost for a full, WiFi-enabled gumstix surveillance node is under $250 (USD). The node would be cheaper if one prefers not to use the WiFi capabilities.

Second-generation Intel Mote and Microsoft SPOT Watch: We also built a Nike+iPod surveillance device using a second-generation Intel Mote (iMote2) and the receiver that comes with the Nike+iPod Sport Kit. We also wrote companion software for a Microsoft SPOT Watch. Not only is the iMote2 another small surveillance device, but, because of the SPOT Watch, our system will allow an adversary to obtain real-time surveillance data on his or her wrist watch.

Using and iPod as a surveillance device: We also show how to convert a third-generation iPod into a surveillance device. Such iPods are often available on eBay for around $100. Our iPod surveillance device runs iPod Linux and our software, and has an attached Nike+iPod receiver.

GoogleMaps web application: Recall that our Windows XP- and gumstix-based surveillance devices can upload surveillance information to a back-end server in real-time. To demonstrate what an adversary might do with that data, we created a GoogleMaps-based tracking web application. This web application can overlay surveillance data on a map in real-time, and can also display historical tracking data on the map. Our back-end system can also email and SMS text message tracking information to the adversary.

The group states, “We strongly suggest turning off your Nike+iPod sensor when you are not actively working out. Unfortunately, this suggestion will only help you when you’re not working out. If you want to workout with the Nike+iPod kit, then we are unaware of any way to improve your location privacy during your workout. There are simple cryptographic technique that the Nike+iPod designers could have used to improve the privacy-preserving properties of the Nike+iPod Sport Kit. But, as with any technical change, there will be some associated tradeoffs, like sensor battery life, manufacturing costs, and use experience.”

Full article including video, photos, screenshots, and more here.

Related articles:
Spotted: unreleased ‘Nike Amp+’ wrist-mounted Bluetooth iPod remote (with image) – November 27, 2006
Nike+iPod Sport Kit runners log over 1 million miles in 10 weeks – September 20, 2006
Marware debuts Sportsuit Sensor+ for iPod nano: Nike+iPod wireless sensor holder for non-Nike shoes – September 18, 2006
Apple sells 450,000 of Dvorak’s ‘nutty’ Nike+iPod Sport Kits in under three months – September 13, 2006
Singer-songwriter John Mayer tests Nike+iPod Sport Kit onstage – September 02, 2006
Chicago Tribune: Nike+iPod Sport Kit puts fun back into burning calories, it’s a great system – August 01, 2006
Will the New Nike+iPod Sport Kit sell more iPod nanos and Nike shoes? – July 27, 2006
USA Today: Clever Nike+iPod Sport Kit makes running more fun – July 21, 2006
Time Magazine’s Gadget of the Week: Nike+iPod Sport Kit – July 20, 2006
PC Magazine review gives ‘Nike+iPod Sport Kit’ 4.5 out of 5 stars – July 18, 2006
Using Apple’s iPod Sport Kit with non-Nike shoes – July 17, 2006
Apple’s Nike+iPod Sport Kit officially released today (link to High-res photos) – July 13, 2006
Apple releases iTunes 6.0.5 with Nike+iPod Sport Kit sync features – June 29, 2006
Nike+iPod Sport Kit now available for order at Apple Store – June 13, 2006
Video: Dvorak admits to baiting Apple Mac users for hits – June 10, 2006
Dvorak thinks iPod+Nike Sport Kit is ‘nutty’ – May 24, 2006
The making of Apple iPod+Nike Sport Kit and there’s more to come – May 24, 2006
Nike+iPod Sport Kit sensor’s battery will outlast the shoes – May 24, 2006
Analyst: Nike+Apple = iPod as a platform – May 23, 2006
Apple and Nike shares rise folowing Nike+iPod announcement – May 23, 2006
Nike and Apple team up to launch Nike+iPod, footwear that talks to your iPod – May 23, 2006