The article, Attention shoppers: Retailers can now track you across the mall, talks about how retailers are able to wirelessly capture the MAC addresses of your phone to understand your buying patterns. The retailers use these buying patterns to improve their marketing strategies and sell you more things. The article mentions that there are routers that help them in capturing this information and there are data tracking companies that are using them to gather information to sell to the retailers. These data tracking companies do this by accessing your phone wirelessly to get your MAC address, perform a one-way hash on the MAC addresses and then aggregate the data before it is sold to retailers. This data can also be provided to law enforcement agencies with the proper paperwork. These data tracking companies insist that they are not snooping on the phone to gather other information such as contacts and web archives.
From a wireless security perspective, there are various ways of how hackers can get into the network. The way the MAC address is being captured indicates that even if the MAC address is being hashed, the wireless transport of the MAC address from the consumer’s phone to the retailer’s location is not encrypted. Additionally, when these MAC addresses are compromised then hackers can use this information to gather specific data on the consumer by creating a “base station clone” similar to an “evil twin” attack. This is not something that might happen in the future but it is happening now and the consumers are mostly unaware. The consumers do not know that their movements are being tracked and recorded and thus cannot really react to it. On the other hand, consumers who do know that their data is being accessed wirelessly have the option to opt-out by going to the data tracking companies’ websites. Even if consumers opt-out, who knows how many of these companies are out there getting your data. Another option the consumers have is to shutoff automatic wireless connectivity of their phones but even in this case how many consumers would actually remember or even know how to do that.
We can see that the tracking of consumers without their knowledge raises privacy concerns. These privacy concerns revolve around “legitimate” capture of the consumer’s movements, contact lists, text messages and visited websites to name a few. Additionally, there are technologies at play here that could compromise the phone’s camera and voice recorders as well which would take us beyond the consumer but for anyone the consumer interacts with. All of this can be advantageous to the hackers who are looking to do some harm to you or people that you may know. Since most of our phones are constantly connected to the Internet, we remain vulnerable. There used to be a time when tracking was a concern in the online world but that has changed. Now, this tracking is happening in the real world and in real-time. The bleeding-in of online tactics into the real world will only increase as time progresses and we will see the further blurring of the lines when it comes to privacy. On the other hand, some consumers prefer to give up “some” of their privacy so that better services and targeted marketing can be provided to them. My concern with this giving up of some of their privacy is that it is just a start, a nudge to see how far consumers can open up their private matters. What is interesting is that companies actually do not need anyone’s permission to track you and thus have already trampled on and will continue to “test” how much they can get away with.
Lastly, what is troublesome about all this tracking is that currently there are no strong laws and regulations about making use of the information and safeguarding it against these kinds of malicious attacks. There seems to be no one monitoring what are the limits these companies can go to and whether special handling is required to protect this consumer data. Are we supposed to take the word of these companies that they are doing the right thing? Do the consumers really have a choice?
In conclusion, the usage of phones to gather information about you as a consumer would continue to increase and wireless technologies would be the norm. From a broader lens, while technology opens up doors to do new and innovative things, it can also be exploited for unauthorized access to your information. We as a society have to carefully figure out the pros and cons and keep the individuals in the loop because in the end it really comes down to trust and responsibility towards the individuals.
References:
http://news.techworld.com/mobile-wireless/3263560/smartphone-owners-unaware-of-malware-risks/
Research Finds MAC Address Hashing Not a Fix for Privacy Problems
http://www.watchguard.com/infocenter/editorial/27061.asp
http://www.theicor.org/art/present/art/ARCI00029.pdf
Welcome to Khan's Blog 