Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
This Android App Tracks All Your Fitbit, Jawbone And Nike Wearables
1. This Android App Tracks All Your Fitbit, Jawbone And Nike
Wearables
Anyone wearing a body tracker, smart watch or other wearable beware: your devices are constantly
leaking information about you, even if it isn't exactly personal data at first glance. Researchers
has released an Android app, named RaMBLE, on the Google Play store that can track metadata
spewed out by all devices using Bluetooth LE (for "low energy"), a lightweight version of the
Bluetooth standard used by scores of wearable products and smartphones. The app logs each device
it sees within at least 100 metres, exports the database to the Android phone SD card, and plots the
location of the device on a Google Google Maps plugin.
According to lead researcher at Context Information Security, Scott Lester, the app could prove to
be a useful hacker tool for testing the operational security of potential targets of digital espionage,
or simply carrying out early-stage surveillance on them, even if the software doesn't actually exploit
any flaws. If it's easy to attribute a device to a particular person, like a celebrity or a CEO, then it's
easy to tell when they're nearby, he claimed. Or it could provide useful insight into the most popular
devices in a given area, informing further research into specific device exploitation. Researchers
have already started digging into the innards of specific wearables, such as the Nike Fuelband, for
potential vulnerabilities.
Nike Fuelband is one of many devices using Bluetooth LE, an easily trackable standard
Indeed, given documented insecurities in the Bluetooth LE standard, the Android app should prove
useful to anyone wanting to try to hack targets' devices. Back in 2013, Mike Ryan, a security
researcher from iSEC Partners who has repeatedly found ways to bypass Bluetooth
protections, released his 'crackle' tool, which was able to exploit encryption used by Bluetooth LE,
also known as Bluetooth Smart.
More attacks are set to be demonstrated by Italian researchers Matteo Collura and Matteo
Beccaro at the Defcon security conference this year. They've promised to demo some undisclosed
2. vulnerabilities, so expect more trouble for wearables and other "Internet of Things" devices in the
very near future.
The RaMBLER Bluetooth LE tracker in action
The Android app, based on code made freely available by Google, is able to collect such metadata on
Bluetooth LE devices because they advertise their services to the wider world a few times a second
and their efforts to hide their identity often fail. Sometimes such advertising data packets contain
device information or the specific model, as in the "Garmin Garmin Vivosmart #12345678" or the
Samsung "Galaxy Gear (1234)" broadcasts. In other devices, as with the Fitbit Charge HR fitness
tracker, the universally-unique IDs (UUIDs) always start with the same identifier, containing chunks
of letters and numbers. This completely neuters Bluetooth LE device's randomisation of their unique
identifiers - known as MAC addresses - a process designed to prevent easy tracking.
Even those MAC addresses, though random, often remain static, again undoing the point of
randomisation. A Fitbit tested by Context had the same MAC address since the company started its
research into Bluetooth LE, even though it ran out of battery and reset. Rebooting didn't create a
fresh unique identifier, though it would have been beneficial for deflecting trackers. Some
manufacturers, including Nike, have opted for public MAC addresses that can be easily identified.
When testing the app outside the Underground station in the Canary Wharf financial district, Lester
detected 149 devices, including 26 Fitbits, two Jawbones and a couple of Nike products. Most
modern phones, including Apple Apple iPhones and many Android devices, broadcast over Bluetooth
LE too.
Lester told FORBES it's become increasingly quick and easy for manufacturers to push out wearable
devices and they "don't necessarily care as much about security in rush to get to market". It is
possible to use Diffie-Hellmann cryptography over Bluetooth LE - a tried and tested standard even
though it was proven vulnerable to so-called Logjam attacks this week - but Lester hasn't seen it in
action during his tests. And Bluetooth LE has reduced security compared to its heavyweight sister,
due to the added power requirements of encryption.
3. Bluetooth LE is easy to track, even easier with RaMBLE, and can be exploited. Perhaps it's time for
manufacturers to deploy better security by design before the panopticon grows even bigger than it
already is.
http://www.forbes.com/sites/thomasbrewster/2015/05/21/context-android-app-spies-on-bluetooth-le/?
ss=Security