How come no one talks about iBeacon?

I just realized that iBeacon is still a thing. I was listening to generic radio news and they talked about Christmas retailers knowing where you are in their stores. And I remembered and said to myself, “oh yea, iBeacon from like 6 years ago” and then proceeded to look up the current status of it and see what privacy concerns it might have. I found it to be still very active and the Apple website for it is very open about what it does. I also read the wikipedia article because frankly it is much shorter.

Here is what I know:

  • The beacons are basic bluetooth LE devices that send out one-way pings.
  • The beacons have a unique ID along with other data.
  • Anything can read a beacon, they are public to anything in range of the ping emitted by the beacon.
  • Android can also see iBeacon’s no problem and all an app needs to do is have a library to understand them since its not baked into the Android operating system.
  • Google also has beacon like protocols and LE devices.

This is what I assume logically from above (I might be wrong):

  • While you might not have a specific retailer’s app installed (eg McDonalds), some other app that implements iBeacon can still see all device pings in their vicinity. This reminds me of Skyhook with WiFi SSID location mapping. It would be the same as Skyhook but with beacons. All you would need is one app with access to iBeacon (such as Facebook or some other app), and this one app could be gathering/recording all iBeacon data it sees in your travels?
  • I assume iOS doesn’t filter access to iBeacons to just the beacons associated with that app. I assume the app can see all beacons. This app could then sell your position/time data to data brokers/retailers/etc especially since they know what store you went into. For example, Walmart might want to know the shopping habbits of Target shoppers.

This is what I still have a question about:

  • I don’t know much about the LE protocol. So does an iPhone respond to a Bluetooth LE ping? or is it stealth? like a port when it doesn’t respond to a protocol request? Maybe this is the wrong terminology.
  • We know that iPhone’s keep the bluetooth on even when you turn it off with the icon. But does iBeacon get included with that?
  • Does an app register with iOS what beacons it is interested in? and does the app get “woken up” when iOS sees a beacon registered by the app?
  • Does an iPhone give apps enough access to Bluetooth where an app could also read other beacons, like the ones offered by Google? or does iOS filter bluetooth LE access?

As I remember it, that tech benefited businesses more than consumers, and consumers weren’t so wild about being marketed to like that. I don’t know if beacons are still being used. In this small town where I live, I don’t think they ever took off the slightest bit.

2 Likes

I might have thought the same thing @MacPhyle, but when I listed my business on Google Maps, they mailed me one of their beacons. See the link below. And there are tons of websites that sell these things. I just found a beacon scanner for my andoid phone. I’m going to go do some war driving!!! this feels like college in 2002 doing wifi war driving, LOL.

2 Likes

I think the original beacons were only useful when you have a store’s app installed so you get special offers when you’re nearby. I don’t really know what happened after that, but u suspect they are being used a lot for indoor navigation as I’ve been able to navigate inside shopping malls where there is no GPS.

So I don’t know if there are any store specific ones anymore, but I guess if the beacons are incorporated into locations, in Google Maps, say, store apps would only need access to location services and not detecting a specific beacon. Interesting that Google are sending out beacons.

2 Likes

Ok, so I’ve been in the house for all of Christmas and my first trip out to get curbside pickup for Chick-fil-A. They had 3 Apple iBeacons and on Android at least, the app can see all of them!
Screenshot_20191226-185928|250x500

I also got a Google Eddystone

I’ve just installed BLE scanner on my iPhone. It picks up all BLE devices, which iBeacons are. Think I’ll take a trip to the local mall before it closes.

At home, it is picking up my Nest Mini, my TV and a Charge 2… don’t know where that last one is coming from.

2 Likes

When I go out of the house, I disable WiFi. At home I normally always keep Bluetooth disabled as well as the GPS… for battery, but mostly for privacy and safety reasons. I can’t think of ANY good reason to give this sort of info away free to any business.

2 Likes

Thanks @Pommster, I don’t have an iDevice for testing the access iOS gives to apps. So yeah, I think all of my assumptions might be correct. WTF. Why is no one bringing this privacy / tracking issue up in the security community? It’s like it only occurs to them to think about online tracking, and forget about the other half of the leakiness in our devices. Similar to ISP tracking, we’re pretty sure it’s happening, and maybe the security media talks about it like it’s a good assumption that it’s happening, but they never dig deeper into it. Instead, let’s watch the packets from an Alexa, but never go any deeper. I’m starting to rant, LoL

I suggest you don’t look into the reasons why WiFi and Bluetooth MAC randomization have become a thing :wink: Those techniques are probably more used than the beacons. And I’ve heard that some malls even install numerous microcells to track phones that way.

There were a lot of N/A devices with no services showing in the app, but mainly I was picking up other people’s fitness trackers. I saw one Eddystone and no iBeacons.

2 Likes

Yeah @PHolder. I’m just getting sort of confused by the shear quantity of tracking and how any company can say, “we’re more secure / private / whatever” when there are actually enabling so many alternate ways of tracking. We should have a chart of top tracking methods to at least hang a lantern on this. I’m not trying to stop any of it, heck I love my Google location history in maps, but gosh we should at least know about the most prolific of the methods.

1 Like

@Leo, I remember you talking about seeing the Bluetooth LE devices pinging around you. Did you ever think about them being used as tracking devices similar to Skyhook and wifi SSIDs?

Hey @Pommster, could the N/A devices be our phones? Or are they smart devices? That would be a big difference. I think I’m going to switch to a BLE app as well. You can definitely see more.

You could be right. They may well be other phones.

LOL, the article below is reflective of the only kind of articles I can find about BLE on Google News. I only wish we got the indoor navigation that they thought would be possible. I go to Lowes and the aisle markers are the only thing that works when I look up something on my phone when walking around that place. Next time I go I’ll do a scan for BLE.

In our office, I’m getting 5 N/A devices at the moment, 2 smartphones, 2 laptops and another, somewhere, possibly another smartphone from a colleague, who shut it in his drawer over the holidays.

Due to DSGVO/GDPR over here, the beacons would have to be opt-in, so they couldn’t ping you, unless you have given permission… Which is kind of hard to do. I’m guessing that they are pretty much non-existent here.

I’ll have a look later, when I go shopping at lunch time.

1 Like

Awesome @big_D let us know

My local mall is kind of small and doesn’t have any mapping. The Westfield mall nearer Adelaide I am sure has mapping do may have beacons in there. I’ll take a trip there in the next few days (if only to escape the heat) and see if there are any beacons there.

I just listened to the TwiT Best Of episode and this is what foursquare is collecting across many apps, iPhones, Samsung, etc. Also, my scans have been showing allot. I need to upload some screen shots.
https://foursquare.com/