Nike+iPod Sport Kits Can Be Used To Track Users, Researchers Say

location based services

Researchers say the new Nike+iPod Sport Kit can pose privacy and security risks for users.
Apple Computer and Nike Inc. introduced sport kits in June as the first fruit of their business partnership. The kits, which retail for $29 and are compatible with Nike shoes retailing for $75 to $110, allow runners to receive information on speed, distance, and calories burned. The footwear contains sensors that use wireless radio communications to relay information to receivers in iPod Nanos.
Both companies sell the products at their retail outlets and through resellers. A dedicated Nike Web site allows users to record their training progress, interact with other runners, and link to music and coaching tools.
Researchers at the University of Washington announced that thieves or stalkers could use the systems as tracking devices. The researchers said they built several systems, for less than $250, to track wearers while they are working out or just walking.
"The tracked individuals don't even need to have their iPods with them," researchers said in a paper explaining their work.
The researchers said that the kits transmit unique identifiers, which can be read from 60 feet away to reveal the wearer's location.
They developed a system for using a USB port to attach a receiver to a Windows XP laptop, which then displays the identifier when the person is near the laptop. The laptop also used Wi-Fi to upload information about the sensor to a database, allowing the laptops to serve as nodes in a surveillance system, researchers said.
The researchers said they also made surveillance systems from Gumstix computers, which use Wi-Fi to upload surveillance information. The tiny nodes could be hidden in bushes, under someone's desk, or near someone's doorway, researchers said. With such placement, a thief or stalker could obtain information about when someone leaves and enters a home or office.
They also built similar systems with Intel Mote devices, small battery-powered computers with radio links, and iPods. Finally, researchers created a Google Maps application for displaying real-time data and sending e-mail or text message notices from a network of surveillance nodes.
The researchers reported that a little bit of soldering and tech-savvy are all stalkers or thieves would need to create similar devices -- if they obtain the instructions and software necessary to do it. Researchers said they do not plan to release the software.
They said the only way users could protect themselves from such a system would be to turn off their sensors.
The researchers said that there is no evidence Nike or Apple intended to release the devices for malicious use and that neither company endorsed the study. They said their findings show that cryptography could improve privacy safeguards. They said the findings also highlight the need for broad public discussions regarding privacy and wireless personal gadgets.
Nike issued a responded by saying it takes consumer privacy very seriously. "The Nike+ iPod Sport Kit features the same level of security as millions of other wireless consumer electronics devices such as mobile phones, Bluetooth devices, and cordless phones," the company said in a statement. "Should the consumer have any concerns, the sensor can easily be turned off or removed."
A search of the Nike Plus online forum Monday showed that users were talking about the researchers' claims. Of five people responding to news about the vulnerabilities, none expressed fear. Several people said that a thief could gain the information much more efficiently by simply watching when and where they run or go to work.
An Apple spokesperson declined to comment.