According to this BBC News story researchers from Symantic used a Raspberry Pi with Bluetooth addon to sniff for signals from wearable health and activity monitors. The researchers took their Pi to busy public places in Switzerland and Ireland, including sporting events, to see what data they could grab. At no time did the device try to connect to any wearable, but some of the devices picked up were also susceptible to being probed remotely to make them reveal serial numbers or other identifying information. Most wearables were very simple devices that communicated with a smartphone or a laptop when passing on data they have collected.
About 20% of the apps associated with some activity monitors or which use a smartphone to gather data that the team looked at did nothing to obfuscate data being sent across the net even though it contained important ID information, such as name, passwords and birthdate. Further investigation revealed that many apps did not do enough to secure the passage of data from users back to central servers opening up potential data manipulation and code injection vulnerabilities. "The lack of basic security at this level is a serious omission and raises serious questions about how these services handle information stored on their servers," said the Symantec team.
"All the devices we encountered can be easily tracked using the unique hardware address they transmit," the team wrote in a blogpost.
(Score: 5, Informative) by Jaruzel on Saturday August 02 2014, @03:53PM
Ok, the story submission system seriously needs to be fixed. I submitted this story this morning, and spent time reformatting and typing my submission (as one does). Before I did all that, AND just before I clicked submit, I checked the queue for a dupe - so as not to be wasting my or the editors time - there wasn't one.
However - clearly there was, as here it is and it must have been submitted way before mine, so kudos to freesword in that respect.
Now, I know that there's a delay between a story being accepted, and then being published but during that window, it's not listed in the queue - thus making people think it hasn't been submitted by anyone yet - I propose this gets fixed asap. I'd put it in the git queue, but meh, no-one really cares about fixing anything on SN anymore... so there's no point.
Having this happen causes people to think 'why bother submitting stories?' - and I'm sure SN want more submissions not less. I can't even withdraw my submission, I just have to wait for the 'reject' flag to hit it. Pointless.
I want to contribute more to SN, I really do, but stuff like this really puts me off.
I thought about submitting this post as AC due to whinging about submission rejections are historically offtopic, but fsck it, I'm gonna put my name on this and take the incoming karma hit.
-Jar
This is my opinion, there are many others, but this one is mine.
(Score: 3, Insightful) by azrael on Saturday August 02 2014, @07:07PM
Reading between the lines it seems:
Not sure why the constructive comment need to be wrapped in the negative tone. We're a community here, we all want to make it better, and as you see your comment got marked informative - so you shouldn't be too paranoid/worried that criticism will get you marked down (though I grant you, one would normally expect such things to be marked down, seems like people here are a better class of internet denizen!!).
Faith in community... affirmed? :)
(Score: 1) by freesword on Saturday August 02 2014, @08:58PM
You bring up a valid point. I myself was unaware of the gap between accepted and published stories and rely on the front page and queue to see if something has been submitted already or not. This is something that I think needs to be addressed to encourage submitters, especially those who take the time to see if something has already been submitted. Being able to see what it accepted but not yet published would be a good and useful feature.
(Score: 2) by kaszz on Sunday August 03 2014, @12:28AM
I had the same experience at some occasion. Being able to have a complete view would be very useful.
(Score: 2) by mrcoolbp on Sunday August 03 2014, @04:13AM
Jaruzel, I understand your frustrations and I see your point. This system is not perfect, though, we would like to improve it. Honestly I admire the work you've put into this, checking the queue before submitting the story, taking the time to write a thought-out summary, I know you've spent some time trying to improve our icon-set as well.
I could possibly see a "removed from submissions for posting" list, or a sneak peak (maybe story titles only for previous submitters) on the "Story Queue." I know the queue gets re-arranged a lot due to "breaking stories," mistakes due to global collaboration, dupes, etc. Making the "Story Queue" completely available would cause more problems than it solves I think.
I can see some benefit, however, to making the story queue available to some of our more zealous submitters, or for "subscribers" and possibly gifting a few subscriptions to the most celebrated submitters. I've talked with some of the other admins and this might be doable. What did you have in mind?
(Score:1^½, Radical)
(Score: 2) by Jaruzel on Sunday August 03 2014, @08:26AM
First off I apologies to all for coming across so negative in my post - I was frustrated, and that has come though in my original tone.
Totally in favour of this. I do intend to become as subscriber if/when that option becomes available. In the meantime, maybe a threshold of 10-15 or more accepted stories, allows submitters to see the headlines only of accepted but not yet published stories. (I actually don't even qualify for this yet!)
Also, I expected my post to be buried as a -1 offtopic, so wow - thanks to whomever modded it up. However, it totally shanghaied the comment thread, which wasn't my intention at all... so, has anyone got anything to say about unsecure wearable tech? I don't 'do' fitness, so I'm not in a place to comment really ;)
-Jar
This is my opinion, there are many others, but this one is mine.
(Score: 2) by Blackmoore on Monday August 04 2014, @09:58PM
IF a duplicate is found before one or the other is accepted, the policy is to put BOTH submitters names on the accepted submission; and try to merge when you can. It's happened to a couple I've sent in; and I've been happy to share. If I send in a dup, and the article was already live (but i didnt see it was already up) I shrug and find another article to post.
stuff happens; the system isnt perfect - and the programmers are working on other back end issues. Heck come into chat and you'll see these guys working on UTF-8 and the store. You can't prioritize everything.
(Score: 1) by turtledawn on Sunday August 03 2014, @05:34PM
Oh no, someone might be able to find out how much I walk in a day and/or mess with the step count reported to my fitness app. Who cares? Not everything needs to be locked down like a bank website.
(Score: 2) by urza9814 on Monday August 04 2014, @11:26PM
I don't see a malicious hacker having much use for this data. A malicious *store* however could probably find some use for it.
First, it mentions you can use this to track people. That's always something retailers love -- see how long you spend in what parts of which stores -- but given that anyone with these devices will also have a cellphone, you can probably just use the phone directly for tracking.
But what about, say, an athletics store that snoops on your fitness app? The moment you walk in the store they can make a pretty good guess if you're buying shoes, a bike, or whatever else. They also know how dedicated you are to that activity. Could be used to make your experience a lot easier and more enjoyable -- or it could be used to see how knowledgeable various people likely are about their fitness plans so they can target the people who aren't doing as much, and therefore likely newbies, to up-sell them a bunch of crap they don't need.
Of course, any halfway competent sales droid could probably figure that out themselves without much effort...but with this you could reduce the sales staff and target them only at people they might be able to scam more easily.