Researchers have shown how simple it is to monitor and record Bluetooth low energy signals transmitted by phones and wearable devices, allowing the user to be easily identified and tracked.
Researchers at Context Information Security have demonstrated how easy it is to monitor and record Bluetooth Low Energy signals transmitted by many mobile phones, wearable devices and iBeacons, including the iPhone and leading fitness monitors, raising concerns about privacy and confidentiality. The researchers have even developed an Android app that scans, detects and logs wearable devices.
The app can be downloaded along with a detailed blog explaining the research at: www.contextis.co.uk/resources/blog/emergence-bluetooth-low-energy
The Context findings follow recent reports that soldiers in the People’s Liberation Army of China have been warned against using wearables to restrict the possibility of cyber-security loopholes. “Many people wearing fitness devices don’t realise that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device,” said Scott Lester, a senior researcher at Context. “Using cheap hardware or a smartphone, it could be possible to identify and locate a particular device – that may belong to a celebrity, politician or senior business executive – within 100 metres in the open air. This information could be used for social engineering as part of a planned cyber attack or for physical crime by knowing peoples’ movements.
Bluetooth Low Energy (BLE) was released in 2010 specifically for a range of new applications that rely on constantly transmitting signals without draining the battery. Like other network protocols it relies on identifying devices by their MAC addresses: but while most BLE devices have a random MAC address, Context researchers found that in most cases the MAC address doesn’t change. “My own fitness tracker has had the same MAC address since we started the investigation, even though it’s completely run out of battery once,” said Lester. Sometimes the transmitted packets also contain the device name, which may be unique, such as the ‚ÄòGarmin Vivosmart #12345678′, or even give the name of the user, such as ‚ÄòScott’s Watch’.
BLE is also increasingly used in mobile phones and is supported by iOS 5 and later, Windows Phone 8.1, Windows 8, Android 4.3 and later, as well as the BlackBerry 10. The Bluetooth Special Interest Group (SIG) has predicted that, “By 2018, more than 90 percent of Bluetooth enabled smartphones are expected to be Smart Ready devices,” supporting BLE: while the number of Bluetooth enabled passengers cars is also predicted to grow over to 50 million by 2016.
iBeacons, which also transmit BLE packets in order to identify a location, are already used in Apple Stores to tailor notifications to visiting customers, while BA and Virgin use iBeacons with their boarding pass apps to welcome passengers walking into the lounge with the WiFi password. House of Fraser is also trialling iBeacons on manikins to allow customers to look at the clothes and their prices on their phones. The current model for iBeacons is that they should not be invasive: you have to be running the application already, for it to detect and respond to a beacon. But the researchers have concerns: “It doesn’t take much imagination to think of a phone manufacturer providing handsets with an iBeacon application already installed, so your phone alerts you with sales notifications when you walk past certain shops,” said Lester.
The current version 4.2 of the Bluetooth Core Specification makes it possible for BLE to implement public key encryption and keep packet sizes down, while also supporting different authentication schemes. “Many BLE devices simply can’t support authentication and many of the products we have looked at don’t implement encryption, as this would significantly reduce battery life and increase the complexity of the application,” said Lester.
“It is clear that BLE is a powerful technology, which is increasingly being put to a wide range of uses,” concludes Context’s Lester. “While the ability to detect and track devices may not present a serious risk in itself, it certainly has the potential to compromise privacy and could be part of a wider social engineering threat. It is also yet another demonstration of the lack of thought that goes into security when companies are in a rush to get new technology products to market.
* Follow Gadget on Twitter on @GadgetZA
3D printed room-service? Visit the hotel of tomorrow
To mark its 100th birthday, Hilton predicts the trends that will change travel and hospitality in the next 100 years.
Intergalactic getaways, fast-food nutrient pills, 2-3 hour working days and adaptable, personalised rooms that can transport guests everywhere from jungles to mountain ranges. These are some of the predictions for the next 100 years that the Hilton hotel group has put together in celebration of its 100th anniversary.
In a report supported by expert insight from the fields of sustainability, innovation, design, human relations and nutrition, findings reveal the impact of the growing sophistication of technology and climate change on the hotel industry in the future.
Key predictions for the hotel of the future include:
Personalisation is King
- Technology will allow every space, fitting and furnishing to continuously update to respond to an individual’s real-time needs – the Lobby will conjure up anything from a tranquil spa to a buzzy bar, giving every guest the perfect, personal welcome
- From temperature and lighting, to entertainment and beyond, microchips under the skin will enable us to wirelessly control the setting around us based on what we need, whenever we need it
The Human Touch
- In a world filled with Artificial Intelligence, human contact and the personal touch will be more critical and sought after than ever
- Technology will free up time for hotel staff to focus on what matters most: helping guests to connect with one another and building memorable moments
‘Sustainable Everything’ – The Role of Responsibility
- Only businesses that are inherently responsible will survive the next century
- Sustainability will be baked into everything about a hotel’s design – from weather-proofed domes, to buildings made from ocean-dredged plastic
- Hotels will act as the Town Hall of any community, managing local resources and contributing to the areas they serve with community-tended insect farms and vertical hydroponic crop gardens
Menu Surprises and Personalisation
- Our diets will include more plant-based recipes and some surprising sources of protein – Beetle Bolognese, Plankton Pies and Seaweed Green Velvet Cake will be menu staples!
- Decadent 3D-printed dinners and room service will provide unrivalled plate personalisation
- Chefs will be provided with biometric data for each guest, automatically creating meals based on preferences and nutritional requirements
Futuristic Fitness and Digital Detoxes
- Outswim a virtual sea turtle in the pool, or challenge yourself to climb the digital face of Mount Everest, your exercise routine will be as unique as you are. What’s more, exercise energy generated from workouts will be used to power the hotel, providing a zero-impact, circular system. Guests could even earn rewards based on reaching workout targets
- Pick up where you left off with trackable workouts and holographic personal trainers
- Offline will be the new luxury as we seek to find moments of tech-free time
“Since its inception in 1919, Hilton has pioneered the hospitality industry, introducing first-to-market concepts such as air-conditioning and in-room televisions. Last year, Hilton also became the first hospitality company to set science-based targets to reduce its environmental impact,” said Simon Vincent, EVP & President, EMEA, Hilton. “We enter our second century with the same commitment to innovation, harnessing the power of our people and technology to respond to guest demands. Our research paints an exciting future for the hospitality industry, highlighting the growing importance of human interaction in an increasingly tech-centric world.”
Futurologist Gerd Leonhard said: “In 2119 we will still be searching for unique experiences, but they will be more personalised than ever. As technology shapes our lives we will seek out moments of offline connection with others, including hotel team members who will help us truly get what we need from our stays. 100 years from now hotels will have to create opportunities to converse, collaborate and connect, delivering moments that matter, individually, to each and every guest.”
Loadshedding keeps small business from the cloud
New research shows nearly half of South African small businesses struggle with internet connectivity
New research reveals South African small businesses aren’t able to adopt cloud technology because of their connectivity problems. The third annual State of Small Business report from accounting software firm Xero, conducted in partnership with World Wide Worx (WWW), shows that over half (53%) of small businesses haven’t adopted cloud technology yet, due to connectivity problems.
Over half (59%) said that scheduled power outages by the national supplier posed a significant challenge for their business. In addition, more than two fifths (43%) said that their internet connection was ‘OK but not 100% reliable’. Other challenges cited include new technologies entering the market (29%) and compatibility with customers (45%).
The research represents the opinions of 400 South African small business owners and 200 South African accountants. Almost half (47%) said their staff were highly tech-literate, but more than two thirds (67%) don’t allocate budget for training employees to use the software provided.
Colin Timmis, General Country Manager, Xero SA and professional accountant said “Our most recent State of Small Business report gives a real insight into what it’s like on the ground for small businesses in South Africa. In uncertain times like these, technology can provide stability. For example, cloud software can help overcome issues with connectivity. It helps to make your business more agile, meaning you can work from anywhere at any time. Being able to move when there are scheduled power cuts or patchy internet is crucial to keeping your business running.”
Nearly all who had adopted cloud technology said that they noticed an increase in profit (98%) and an increase in efficiency (99%). More than half (51%) suggested that it had improved their ability to work anywhere, and a quarter (25%) said it had improved security.
In addition, nearly two fifths (38%) said their IT set up was ahead of the curve. Over half (56%) said they use basic automation, whether in operational or accounting tasks. A quarter (25%) said they were using Internet of Things (IoT) technology, followed by cloud computing (19%).
“It’s great that South Africa’s small businesses are seeing the benefits of adopting technology. But there will be a learning curve for anyone using new software and employees shouldn’t be expected to self-teach. Because people are more tech-savvy than they used to be, training normally only takes a few hours. It could make all the difference in getting return on investment on the technology that you buy”, said Timmis.
Other key findings from the research reveal:
- Three quarters (79%) of small businesses claim that accounting software support is very important
- Three quarters (78%) of respondents use accounting software to manage financial records and over half (55%) are using desktop solutions.
- Only one fifth (22%) are using cloud accounting tools and nearly a quarter (23%) still do their books manually.
- Only a tiny proportion of respondents (0.25%) are using AI and machine learning.
Download the report in full here.