iBeacons:Security and

Privacy?

Jim FentoniBeacon Makers’ Workshop

29 April 2014

Introduction

• Security

• What is the threat model?

• What are the threat countermeasures?

• [User] Privacy

• How might iBeacons impact users?

Threat Analysis

• Who are the bad actors?

• What are their capabilities?

• What are the bad acts we want to protect against?

Bad Actors

• Competitors

• Competitive analysis, offers

• Vandals

• Physically move and/or destroy beacons

• Script kiddies

• Opportunists - Gaming the system “Security Checks” by Flickr user David Woo

used under CC BY-ND 2.0 license

Bad Actors’ Capabilities

• Create beacon clones

• Place your beacons in unauthorized places

• Disable beacons

• Move beacons

• Monitor interactions with beacons

Bring In The Clones!• Place duplicates of existing beacons

• Pollutes analytics

• Can be used to annoy users, encourage them to disable app

• Might be used to “game” special offers

• Countermeasure: Fusion of beacon location with rough geolocation from other sources

• No effective crypto countermeasure

Beacon Planting

• Place beacons in unauthorized places, like competitors’ premises

• Car salesman gives user an app

• Salesman gets notified when prospective customer enters competitors’ showroom

• Salesman calls customer and sweetens offer

• Countermeasures: WarBeaconing, public shaming, search-and-destroy

Beacon Abuse • Destruction or

movement of existing beacons

• Countermeasures

• Detect unexpected loss of beacon “hits”

• Geolocation fusion

• Camouflage“beacons” by Flickr user jnxyz.educationused under CC BY-2.0 license

Privacy Issues

• Alerts and user visibility

• Aggregation

User Alerts

• Concern about over-alerting users

• But this problem is self-correcting

• Not alerting users can be a concern -- users may not know they’re being tracked “estimote” by Flickr user Sam Churchill

used under CC BY-2.0 license

Aggregation

• Beacon services potentially have access to lots of behavioral information

• Shopping center apps can aggregate behavior within centers (and co-owned centers)

• Popular apps (Facebook, Google) could roll out beacon services with great potential to aggregate user data

Summary

• Significant security threats exist

• Beacons will require active management to mitigate loss, cloning, and movement

• Deployment scenarios that support wide aggregation of beacon data are problematic for privacy