Researchers have shown how simple it is to monitor and record Bluetooth low energy signals transmitted by phones and wearable devices, allowing the user to be easily identified and tracked.
Researchers at Context Information Security have demonstrated how easy it is to monitor and record Bluetooth Low Energy signals transmitted by many mobile phones, wearable devices and iBeacons, including the iPhone and leading fitness monitors, raising concerns about privacy and confidentiality. The researchers have even developed an Android app that scans, detects and logs wearable devices.
The app can be downloaded along with a detailed blog explaining the research at: www.contextis.co.uk/resources/blog/emergence-bluetooth-low-energy
The Context findings follow recent reports that soldiers in the People’s Liberation Army of China have been warned against using wearables to restrict the possibility of cyber-security loopholes. “Many people wearing fitness devices don’t realise that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device,” said Scott Lester, a senior researcher at Context. “Using cheap hardware or a smartphone, it could be possible to identify and locate a particular device – that may belong to a celebrity, politician or senior business executive – within 100 metres in the open air. This information could be used for social engineering as part of a planned cyber attack or for physical crime by knowing peoples’ movements.
Bluetooth Low Energy (BLE) was released in 2010 specifically for a range of new applications that rely on constantly transmitting signals without draining the battery. Like other network protocols it relies on identifying devices by their MAC addresses: but while most BLE devices have a random MAC address, Context researchers found that in most cases the MAC address doesn’t change. “My own fitness tracker has had the same MAC address since we started the investigation, even though it’s completely run out of battery once,” said Lester. Sometimes the transmitted packets also contain the device name, which may be unique, such as the ‚ÄòGarmin Vivosmart #12345678′, or even give the name of the user, such as ‚ÄòScott’s Watch’.
BLE is also increasingly used in mobile phones and is supported by iOS 5 and later, Windows Phone 8.1, Windows 8, Android 4.3 and later, as well as the BlackBerry 10. The Bluetooth Special Interest Group (SIG) has predicted that, “By 2018, more than 90 percent of Bluetooth enabled smartphones are expected to be Smart Ready devices,” supporting BLE: while the number of Bluetooth enabled passengers cars is also predicted to grow over to 50 million by 2016.
iBeacons, which also transmit BLE packets in order to identify a location, are already used in Apple Stores to tailor notifications to visiting customers, while BA and Virgin use iBeacons with their boarding pass apps to welcome passengers walking into the lounge with the WiFi password. House of Fraser is also trialling iBeacons on manikins to allow customers to look at the clothes and their prices on their phones. The current model for iBeacons is that they should not be invasive: you have to be running the application already, for it to detect and respond to a beacon. But the researchers have concerns: “It doesn’t take much imagination to think of a phone manufacturer providing handsets with an iBeacon application already installed, so your phone alerts you with sales notifications when you walk past certain shops,” said Lester.
The current version 4.2 of the Bluetooth Core Specification makes it possible for BLE to implement public key encryption and keep packet sizes down, while also supporting different authentication schemes. “Many BLE devices simply can’t support authentication and many of the products we have looked at don’t implement encryption, as this would significantly reduce battery life and increase the complexity of the application,” said Lester.
“It is clear that BLE is a powerful technology, which is increasingly being put to a wide range of uses,” concludes Context’s Lester. “While the ability to detect and track devices may not present a serious risk in itself, it certainly has the potential to compromise privacy and could be part of a wider social engineering threat. It is also yet another demonstration of the lack of thought that goes into security when companies are in a rush to get new technology products to market.
* Follow Gadget on Twitter on @GadgetZA
Triggerfish launches free digital learning Academy online
Platform designed for anyone wanting to understand more about career opportunities in animation.
Triggerfish, in partnership with Goethe-Institut and the German Federal Ministry of Economic Cooperation and Development, has launched Triggerfish Academy, a free digital learning platform for anyone wanting to understand more about the career opportunities and how to get started in the field of animation.
The website features 25 free video tutorials, quizzes and animation exercises introducing animation as a career and the principles of storytelling, storyboarding and animation, as well as several additional resources to help guide aspiring animators into a career in animation.
“The South African animation industry is growing – and so is the demand for skilled animators globally,” said Noemie Njangiru, head of Culture and Development at Goethe-Institut Johannesburg, pointing to the success of recent Triggerfish projects like the Oscar-nominated Revolting Rhymes; Mama K’s Team 4, recently announced by Netflix as their first original animated series from Africa; and this year’s New York Children’s Festival and Shanghai International Film and TV Festival winner Zog.
Njangiru also highlighted the opportunities for animation outside the traditional film industry, within fields like advertising, app and web design, architecture, engineering, gaming, industrial design, medicine, and the motor industry, not to mention growth sectors like augmented reality and virtual reality.
The course was created by Tim Argall, currently the animation director on Triggerfish’s third feature film, Seal Team. He’s roped in many of the South African animation industry’s brightest stars, from Malcolm Wope, character designer on Mama K’s Team 4, and Annike Pienaar, now working at Illumination in Paris on Sing 2, to Daniel Snaddon, co-director of the multi-award-winning BBC adaptations Stick Man and Zog, and Faghrie Coenraad, lead dressing and finaling artist on the Oscar-nominated Revolting Rhymes, as well as Triggerfish head of production Mike Buckland. The featured talent share not just their skills but also their stories, from how they broke the news they wanted to be animators to their parents, to common myths about the animation industry.
“As kids, animation is part of our lives, so we don’t really think about the idea that animation is actually somebody’s job,” said Argall. “When I was a kid, I loved animation and I loved to draw. I remember when I was about 12, I thought: ‘I really want to see my drawings come to life. I want to be an animator.’ But I had no idea where to even begin.”
Triggerfish Academy is his attempt to make it easier for the next generation of African animators: an accessible starter kit for anyone considering a career in animation.
“By the end of working through this course, you’ll have all the background you need to know whether animation is a good choice for your career,” said Njangiru.
Aspiring animators can also use Triggerfish Academyto learn how to write and animate their own short story, then post their animation on the Academy’s Facebook group for feedback and advice from professional animators.
Triggerfish Academy is set up so that youth can play with it directly, but it’s also been designed to double as an activity plan for teachers, NGOs and after school programmes to use. Schools, organisations and other animation studios who are interested in using it can contact Triggerfish for additional free classroom resources.
Triggerfish Academy is just one of a number of Triggerfish initiatives to train and diversify the next generation of African animators, like sponsoring bursaries to The Animation School; the Mama K’s Team 4 Writers Lab with Netflix; the pan-African Triggerfish Story Lab, supported by The Walt Disney Company and the Department of Trade and Industry; Animate Africa webinars; Draw For Life; and the Triggerfish Foundation schools outreach programme. For more information, visit www.triggerfish.com/academy.
Dell aims to unlock tech for start-ups
The upcoming Dell Technologies Forum in Johannesburg will show that cost and scale are no longer barriers for a mid-size businesses to adopt enterprise-grade tech
Today’s medium-sized companies enjoy reinvigorated access to business technology. The powerful systems that raised the game of enterprises are now also open to smaller, agile, start-up and niche businesses.
“When you look at medium and start-up businesses, those companies have very similar needs to a large company, but not necessarily the internal resources to always pull it off,” said Sabine Dedering, Regional Sales Director at Dell Technologies South Africa. “Dell Technologies worldwide has a lot of focus on the medium business. This includes South Africa, where we established a dedicated medium business team about a year ago.”
Medium-sized businesses – internationally defined as those typically between 100 and 1,000 IT users – do not necessarily have smaller IT footprints than their enterprise peers. Some manage large and complicated accounts or service enormous user-bases among their customers. In the big picture, they deal with the same complex market demands that the large players do, but until recently often had to make do with much less in access to technology due to constrained resources such as limited IT teams and budgets.
This balance shifted dramatically with the advent of cloud, scalable services and hyper-converged infrastructure. Yet despite the doors opening, the traditional gatekeepers – other vendors and their partners – still habitually focus on enterprise players. It undermines the new possibilities technology can offer to medium businesses, a world that often marchesto the beat of its own drums.
“These are not small customers,” said Dedering. “Sometimes they are market leaders in a specific niche. But they don’t have thousands of people. You get your traditional companies that may have a few hundred employees. They provide a certain service on a regional basis or in a niche market and might never grow much beyond that because that’s what they do really well.”
Everyday everyone faces the same thing: Challenges. With support from Dell Technologies, those Medium business and start-up customers can prevent work disruptions, streamline operations, and increase productivity, using scalable, fast technology optimised for the way their business works.
Ambitions to use modern enterprise-grade technologies can be purely functional, such as hunting for efficiencies and streamlining processes. But they can also include the adoption of emerging technologies such as machine learning, mobile workforces, predictive analytics, real-time data, Internet of Things (IoT), automation and active business continuity. These capabilities are available because their services are able to fit the mould of the business, instead of traditional monolithic technology systems that dictate cost and availability.
Accessing tech’s best
But just because the technology is more accessible doesn’t make its adoption seamless. That still requires a business-first view and as such a reliable partner. As mentioned earlier, too many vendor ecosystems obsess over large enterprises. But Dell Technologies has seen the demand from medium businesses and is actively meeting them on their terms.
This can be put to the test: there will be a stand dedicated to medium businesses at the upcoming Dell Technologies Forum in Johannesburg. Visitors will be able to meet Sabine Dedering and her team:
“First and foremost, we will have a chat and understand their business requirements. Then we will connect them with the experts at the Forum and showcase the different technologies available that could be relevant to them. For us, the main focus will be to understand our medium business customers, understand their business and how our expertise can help transform their business. We explore what types of services we can wrap around their requirements to make it easier for them to leverage technology the way other bigger companies may be.”
Finance is part of this conversation: Dell Technologies is pioneering a number of finance models that are very flexible and customised around customers’ cash flow.
Medium-sized businesses don’t need different technologies than what enterprises use. Nor are they excluded anymore: the barriers of costs, complexity and scale have collapsedto open the market, aligning to the limited resources that medium-sized companies have to manage. Every business has its own unique requirements.
* Dedering and her team will be at the Medium Business stand, hosted at the Dell Technologies Forum on 27 June, at the Sandton Convention Centre. Attendance is free but attendees must register beforehand at https://www.delltechnologies.com/en-za/events/forum2019/Johannesburg/index.htm.