Presentation at iBeacon Makers' Workshop held at Andreesen Horowitz on 29 April 2014, describing some security and privacy concerns with the new iBeacon micro-location technology.
2. Introduction
• Security
• What is the threat model?
• What are the threat countermeasures?
• [User] Privacy
• How might iBeacons impact users?
3. Threat Analysis
• Who are the bad actors?
• What are their capabilities?
• What are the bad acts we want to protect
against?
4. Bad Actors
• Competitors
• Competitive analysis, offers
• Vandals
• Physically move and/or
destroy beacons
• Script kiddies
• Opportunists - Gaming the
system “Security Checks” by Flickr user David Woo
used under CC BY-ND 2.0 license
5. Bad Actors’ Capabilities
• Create beacon clones
• Place your beacons in unauthorized places
• Disable beacons
• Move beacons
• Monitor interactions with beacons
6. Bring In The Clones!
• Place duplicates of existing beacons
• Pollutes analytics
• Can be used to annoy users, encourage them to
disable app
• Might be used to “game” special offers
• Countermeasure: Fusion of beacon location with
rough geolocation from other sources
• No effective crypto countermeasure
7. Beacon Planting
• Place beacons in unauthorized places, like
competitors’ premises
• Car salesman gives user an app
• Salesman gets notified when prospective
customer enters competitors’ showroom
• Salesman calls customer and sweetens offer
• Countermeasures: WarBeaconing, public shaming,
search-and-destroy
8. Beacon Abuse
• Destruction or
movement of existing
beacons
• Countermeasures
• Detect unexpected
loss of beacon “hits”
• Geolocation fusion
• Camouflage
“beacons” by Flickr user jnxyz.education
used under CC BY-2.0 license
10. User Alerts
• Concern about over-
alerting users
• But this problem is
self-correcting
• Not alerting users can
be a concern -- users
may not know they’re
being tracked “estimote” by Flickr user Sam Churchill
used under CC BY-2.0 license
11. Aggregation
• Beacon services potentially have access to
lots of behavioral information
• Shopping center apps can aggregate
behavior within centers (and co-owned
centers)
• Popular apps (Facebook, Google) could roll
out beacon services with great potential to
aggregate user data
12. Summary
• Significant security threats exist
• Beacons will require active management
to mitigate loss, cloning, and movement
• Deployment scenarios that support wide
aggregation of beacon data are problematic
for privacy