“Key industry players are incorporating wireless radio communications capabilities into many new personal consumer products. For example, the new Nike+iPod Sport Kit from Apple consists of two components — a sensor and a receiver — that communicate using a wireless radio protocol. Unfortunately, there can be negative side-effects associated with equipping these gadgets with wireless communications capabilities,” T. Scott Saponas, Jonathan Lester, Carl Hartung, and Tadayoshi Kohno report for The Department of Computer Science and Engineering, University of Washington.
The group reports, “In the case of the Nike+iPod Sport Kit, our research shows that the wireless capabilities in this new gadget can negatively impact a consumer’s personal privacy and safety. As part of our research, we built a number of surveillance tools that malicious individuals could use to track Nike+iPod Sport Kit owners. Our tools can track Nike+iPod Sport Kit owners while they our working out, as well as when they are just casually walking around town, a parking lot, or a college campus. The tracked individuals don’t even need to have their iPods with them.”
“Our research also shows that there exist simple cryptographic techniques that the Nike+iPod Sport Kit designers could have used to improve the privacy-preserving properties of the Nike+iPod kit,” the group reports.
“Our work underscores the need for a broad public discussion about and further research on the privacy-preserving properties of new wireless personal gadgets,” the group reports. “We stress, however, that there is no evidence that Apple or Nike intended for these devices to be used in any malicious manner. Additionally, neither Apple nor Nike endorsed this study.”
The group reports that they have built several mechanisms for detecting and tracking Nike+iPod shoe sensors:
• Windows XP-based surveillance devices: We developed a mechanism for attaching a Nike+iPod receiver to a Windows XP laptop via a USB port. When someone wearing an active Nike+iPod sensor walks near one of our laptops, the laptop’s attached Nike+iPod receiver will detect the sensor’s broadcast messages and will relay information about those messages to the laptop. The laptop will then display the sensor’s unique identifier on the screen. The laptop will also use WiFi to upload information about the observed sensor to a back-end database. This latter step allows our Windows XP machines to serve as participating nodes in a larger surveillance system.
• Gumstix-based surveillance devices: We also made a cheap and small Nike+iPod surveillance device from commercially available miniature gumstix computers. Our gumstix surveillance devices also use WiFi to upload real-time surveillance data to a back-end database, thereby allowing the gumstixs to serve as participating nodes in a larger surveillance system. The gumstix-based surveillance device is small enough to hide in the environment, such as in the bushes near a running trail or under someone’s desk, and can detect nearby Nike+iPod sensors up to 60 feet away. It would also be easy for anyone else to build their own gumstix-based surveillance device, and the total cost for a full, WiFi-enabled gumstix surveillance node is under $250 (USD). The node would be cheaper if one prefers not to use the WiFi capabilities.
• Second-generation Intel Mote and Microsoft SPOT Watch: We also built a Nike+iPod surveillance device using a second-generation Intel Mote (iMote2) and the receiver that comes with the Nike+iPod Sport Kit. We also wrote companion software for a Microsoft SPOT Watch. Not only is the iMote2 another small surveillance device, but, because of the SPOT Watch, our system will allow an adversary to obtain real-time surveillance data on his or her wrist watch.
• Using and iPod as a surveillance device: We also show how to convert a third-generation iPod into a surveillance device. Such iPods are often available on eBay for around $100. Our iPod surveillance device runs iPod Linux and our software, and has an attached Nike+iPod receiver.
• GoogleMaps web application: Recall that our Windows XP- and gumstix-based surveillance devices can upload surveillance information to a back-end server in real-time. To demonstrate what an adversary might do with that data, we created a GoogleMaps-based tracking web application. This web application can overlay surveillance data on a map in real-time, and can also display historical tracking data on the map. Our back-end system can also email and SMS text message tracking information to the adversary.
The group states, “We strongly suggest turning off your Nike+iPod sensor when you are not actively working out. Unfortunately, this suggestion will only help you when you’re not working out. If you want to workout with the Nike+iPod kit, then we are unaware of any way to improve your location privacy during your workout. There are simple cryptographic technique that the Nike+iPod designers could have used to improve the privacy-preserving properties of the Nike+iPod Sport Kit. But, as with any technical change, there will be some associated tradeoffs, like sensor battery life, manufacturing costs, and use experience.”
Full article including video, photos, screenshots, and more here.
Related articles:
Spotted: unreleased ‘Nike Amp+’ wrist-mounted Bluetooth iPod remote (with image) – November 27, 2006
Nike+iPod Sport Kit runners log over 1 million miles in 10 weeks – September 20, 2006
Marware debuts Sportsuit Sensor+ for iPod nano: Nike+iPod wireless sensor holder for non-Nike shoes – September 18, 2006
Apple sells 450,000 of Dvorak’s ‘nutty’ Nike+iPod Sport Kits in under three months – September 13, 2006
Singer-songwriter John Mayer tests Nike+iPod Sport Kit onstage – September 02, 2006
Chicago Tribune: Nike+iPod Sport Kit puts fun back into burning calories, it’s a great system – August 01, 2006
Will the New Nike+iPod Sport Kit sell more iPod nanos and Nike shoes? – July 27, 2006
USA Today: Clever Nike+iPod Sport Kit makes running more fun – July 21, 2006
Time Magazine’s Gadget of the Week: Nike+iPod Sport Kit – July 20, 2006
PC Magazine review gives ‘Nike+iPod Sport Kit’ 4.5 out of 5 stars – July 18, 2006
Using Apple’s iPod Sport Kit with non-Nike shoes – July 17, 2006
Apple’s Nike+iPod Sport Kit officially released today (link to High-res photos) – July 13, 2006
Apple releases iTunes 6.0.5 with Nike+iPod Sport Kit sync features – June 29, 2006
Nike+iPod Sport Kit now available for order at Apple Store – June 13, 2006
Video: Dvorak admits to baiting Apple Mac users for hits – June 10, 2006
Dvorak thinks iPod+Nike Sport Kit is ‘nutty’ – May 24, 2006
The making of Apple iPod+Nike Sport Kit and there’s more to come – May 24, 2006
Nike+iPod Sport Kit sensor’s battery will outlast the shoes – May 24, 2006
Analyst: Nike+Apple = iPod as a platform – May 23, 2006
Apple and Nike shares rise folowing Nike+iPod announcement – May 23, 2006
Nike and Apple team up to launch Nike+iPod, footwear that talks to your iPod – May 23, 2006
Just take the transmitter out of your shoe after the workout. Problem solved. It is also suggested in the instructions so you do not run down the battery.
That’s it, no more exercising!
They will find me….
Without spending any money on any fancy technology I can spy upon anyone who is working out: BY WATCHING THEM WITH MY EYES.
And without anything DB-programming knowledge I can log all of those people into the ultimate database: MY MEMORY!
Christ, did the frskkin’ Comic Book Guy write the above article? Oh my god the fat nerd with the laptop can figure out how fast I’m running and be jealous because he weighs 300 lbs. Whoopteeshit.
I’m so scared to jog now I think I’m going to gain weight and become a couch potato over this.
Someone spent a LOT of time and money testing all this out… to do what exactly? See where I am? HELLO! I am here – you can follow me around and see me too! How to I get a cryptomatic suit so that no one can see me either? So someone could see where I am jogging, or walking around the mall… ok – and… ???
Tommy Boy is right. Wouldn’t it be easier to…um… look for them?
But for all those blind malcontents out there within 60 feet of a runner, this might get their hopes up, I suppose.
ummm, not to mention the fact that cell phones triangulate your position at all times… you’d have to ditch a lot more than the Nike+ censor to go all-out Enemy of the State style.
My ex-girlfriend has a Nike+iPod attached to her shoes. She still comes over to my house and bothers me. If I set up this sensor and get her unique ID, I can tell when she’s coming. My PC can warn me and then automatically turn off all the lights in the house and turn my TV and radio off so it looks like I’m not home.
Thank you Nike+iPod for protecting my privacy.
Also, I can be a source of inspiration to the local joggers.
When they come down my street with a Nike+iPod, I can have my PC alert me. Then I can shout out words of encouragement to them like, “you’re running a little faster than yesterday. Good job!”
Technology, some use it for good and some for evil.
Look, there she is.
Who, that girl on the steps?
NO, DAMMIT! The girl on the C9 64 E1 2F!
@Privacy at last… you should get a Zune so you can squirt her.
Ha ha: MW: Brown!
Realistically, anyone who’s being tracked by their Nike+iPod transmitter would be tracked some other way if they ditched the Sport Kit. Most people (geeky researchers excepted) don’t set up electronic surveillance just for fun. But someone should probably tell James Bond, just to be on the safe side.
hey anyone know where that site watchmactv.com went?
it was a great archive of apple videos, ads, keynotes, and general random content etc
come to think of it, isn’t that weird that nearing the debuting of the iTV that the domain name watchmactv.com has gone missing? bought out by apple perhaps???? hmmmm…
Don’t you have to be able to see them to be in range?
“Errr excuse me, do you mind if I wave my Windows XP sensor around so I can track you please?”
“Biff!*@? sock@!…*”
“That wasn’t necessary..! Look, now you’ve made me drop my Dell Mz1289c-r series Microsoft Windows XP laptop..”
” width=”19″ height=”19″ alt=”downer” style=”border:0;” />
“He he he”
” width=”19″ height=”19″ alt=”cheese” style=”border:0;” />
Hmm…
Anyone who is a serious runner won’t be using their really nice running shoes as everyday walk around shoes. They don’t want to wear them down quicker which would cause their knees to wear down quicker. In fact even most casual users of the Nike+ ipod wouldn’t be wearing their running shoes. It would far more effective for anyone wanting to compromise privacy to hit cell phones, most people who have them have them on them most of the time. These assertions by “experts” though having technical merit have no practical information for either the public or for would be privacy invaders.
Vote for Time’s ‘Gadget of the Year’ (Apple MacBook Pro, Nike+iPod Sport Kit candidates)
Current tallies:
• Apple MacBook Pro – (45%)
• Nintendo DS Lite – (36%)
• Nike + iPod Sport Kit – (8%)
• Sanyo HD1 Digital Media Camera – (3%)
• Logitech VX Revolution Mouse – (2%)
• Logitech Wireless DJ Music System – (2%)
• Garmin StreetPilot c550 – (2%)
• Palm Treo 700w – (2%)
Yep, I think Congress should stop their work and discuss this significant breakthrough.
Geeks with to much time on their hands!
Hmmm. This seems overly alarmist to me. Also, after reading the referenced article and the associated paper, I think the authors are missing out on a significant point.
The Nike+ data itself is very low value data. Encrypting the data doesn’t really achieve anything. The ‘valueable’ data posited in the paper is location information. Encrypting packet payload data does nothing to eliminate unique identifying information of the transmitter. The paper does not address how a protocol could avoid transmitting unique identifying information in the clear.
As far as the value of the location information goes, as others have pointed out, given the 60 foot range of the transmitter, visual detection of the person within 60 feet is sufficient to give you their location.
You can’t get someone location with this method. The transmitter only works in a fifty feet radius and you need two different receives to even getting close triangulation.
Given the limited range and two receiver requirement, I think the only application would be to detect that you went by a given location.
As for tracking, I don’t think I would call it track if the individual is aways within sight.
If I stand outside your house, I could detect IR signals and determine that you are operating your TV, but could you say I was tracking your TV usage.
If I have cell phone scanner, I can track your incoming and outgoing phone signals and know you are near by me. And, I could hack your GPS phone and have you send to me your location at some interval.
Where will this end.
Get a life!!
It is interesting to know that they can do this, but it should not be alarming. I think that it’s a good way to let the industry know that they do need to be concerned about privacy even in gadgets like the Nike+ transmitter. Perhaps the next generation of Nike+ will have some encryption.
I personally don’t worry about it too much. If someone wants to find me, I’m there. I only wear my running shoes for running – not every day walking around or even exercising at they gym. Running shoes are only good for a certain number of miles before they break down, so why use those miles up in casual walking about?
So, wouldn’t you have to be within 30 feet of the Nike+ sensor to pick it up? Um, forgive me for being naive, but exactly what good does that do anyone, except for helping Privacy at last avoid his ex-girlfriend (assuming she doesn’t look up and see the house lights go off)?
This is about the same as having a bell around your neck….
So this stalker needs to get to within 60 feet of me before he can tell where I am???
These are guys who thought they were going to find this great system but it failed so they wrote it up anyway and just gloss over the fact you need to be following me before you know where I am!!!
This research, at it’s best, allows a person to track a subject’s general location while the subject is on foot. In a surveillance operation, this may give the surveillance team a heads-up as to: a) when the subject is preparing to leave the current area, b) when a subject enters a current area, or c) alert the team to the subject’s location in a lost subject situation, i.e. a sensor set up at the mall would let the team know to pick up the surveillance subject at the mall. This would require having sensors set at all the subjects usual locations such as the mall, Starbucks, work, school and home. And, it assumes that the subject is a runner who is always wearing shoes with the Nike+. In a scenario in which someone would be under surveillance they would doubtfully be wearing running shoes all the time. The Nike+ is not small enough to be used as a tracking device when many current technologies far surpass its usefulness.
This technology offers no benefit over more effective surveillance technologies like sight. Nor does it increase the likelihood that someone would be stalked. Anybody who would consider employing this technology would be better served with visual surveillance techniques.
Like they can’t track me with my cellphone or gps navigation – On star – Lo Jack
Give it a rest Colombo
This could come in useful by setting these up on a marathon course to keep up with all the runners progress..
Pretty cool