My power is out so I can't browse too much atm. I vaguely remember the Google beacon being a always-on notification that launched a website link pressed.
How well does that work in android and iOS?
Would it be feasible to make an "SOS help" beacon and expect every phone nearby to be notified or similarly spammed with an ad message?
These should be great for attackers - a long-range Bluetooth device with years of battery life. Reprogram these for the MouseJack attack.[1] Get a bag of 50 and spread them around. Profit! If you want to attack a specific company, spread them around that company's building and nearby restaurants. If you repaint them, who's going to notice an extra rock in the landscaping?
If the "remote updating for fleet management" can be attacked, you don't even need to buy them; you can take over other people's.
Bluetooth devices can do MITM attacks on anything with a wireless keyboard or mouse. This device isn't designed to do that, but it's a programmable long-range Bluetooth device designed to be unobtrusive, so it's hardware that can be repurposed for an attack.
I don't think the beacons are "programmable" in the sense you think they are. They have a protocol which allows for configuring a root password and changing the string that it broadcasts, but it's not like you can install a different Bluetooth stack or profile (short of some profound vulnerability, but the same could be said for a pair of Bluetooth headphones).
They might not be intended to be, but from their dev site:
"Estimote Beacon is a small computer. Its 32-bit ARM® Cortex M0 CPU is accompanied by accelerometer, temperature sensor, and what is most important—2.4 GHz radio using Bluetooth 4.0 Smart, also known as BLE or Bluetooth low energy."
"The Estimote is built around the Nordic Semiconductor nRF51822, which explains their presence on the Nordic booth at CES. It’s a nice chip, basically a 32-bit ARM Cortex M0 CPU with 256KB of flash and 16KB of RAM with a built-in 2.4GHz radio supporting both Bluetooth LE as well as 2.4GHz operation—where the 2.4GHz mode is on air compatible with the nRF24L series products from Nordic."
They might not be "easily programmable", but how much would you be against Travis Goodspeed being able to do something similar to what he's done here with an Estimote beacon? http://travisgoodspeed.blogspot.com.au/2011/02/promiscuity-i... (You can't see it very well in the image in the Makezine article of the board, but under the "CH3" in the label for the smaller chip is a 4 pin header that I'm 99.9% sure will be a jtag header...)
This version is based off the nRF52, which is still in preproduction as I understand it ( disclosure: I write firmware for the nRF51 for an IoT startup).
Both the 51 and 52 can have a BLE DFU programmed into the chip, allowing over the air firmware updates, so you wouldn't need a JTag. Most companies lock this down with a secure boot loader, meaning you would need to be able to flash the device using a JTag (only $500!)
-evul haxor learns about those beacons at the target location
-finds a weakness in remote firmware update
-prepares special firmware with added Microsoft/logitech mouse/keyboard emulation (nRF52 can do this). Bonus points if he can make one beacon flash other beacons in range.
-infects one beacon using long range setup (yagi, amp)
Yeah, like a sibling comment suggests, beacons are definitely in the bottom of the trough of disillusionment on the Gartner hype cycle chart.
There is a ton of potential for them though, but perhaps more in the autonomous vehicles and robotics space than in the realm of current consumer devices. Of course, there are plenty of competing technologies in the micro-location space.
Making beacons more computationally powerful beyond just broadcasting a UUID is an interesting development, and one competing tech, like location fingerprinting, can't easily do.
Yea I can see usage for big shops like wallmart etc where its next to impossible to find something if you dont know the store. Image if these where available for each area, and you just put in what you are looking for and it guides you to the correct section.
You can place them in physical locations and let users download your app that will trigger when it sees them, it almost makes sense versus app with GPS coordinate list, almost ....
20 comments
[ 0.28 ms ] story [ 38.2 ms ] threadWe just released a new revision of our Location Beacons. We implemented new, low power Nordic nRF52 chip and extended range to 200 metres (+10dB).
Beacons can simultanously advertise both iBeacon and Eddystone packets as well as telemetry & sensor data + they have built-in GPIO slot.
There is also 1Mb EEPROM, so you can read/write data directly in the beacon.
You can read more on our blog: http://blog.estimote.com/post/149362004575/updated-location-...
I will be more than happy to answer any questions here.
If the "remote updating for fleet management" can be attacked, you don't even need to buy them; you can take over other people's.
[1] http://www.computerworld.com/article/3037377/security/mousej...
"Estimote Beacon is a small computer. Its 32-bit ARM® Cortex M0 CPU is accompanied by accelerometer, temperature sensor, and what is most important—2.4 GHz radio using Bluetooth 4.0 Smart, also known as BLE or Bluetooth low energy."
And from here: http://makezine.com/2014/01/03/reverse-engineering-the-estim...
"The Estimote is built around the Nordic Semiconductor nRF51822, which explains their presence on the Nordic booth at CES. It’s a nice chip, basically a 32-bit ARM Cortex M0 CPU with 256KB of flash and 16KB of RAM with a built-in 2.4GHz radio supporting both Bluetooth LE as well as 2.4GHz operation—where the 2.4GHz mode is on air compatible with the nRF24L series products from Nordic."
They might not be "easily programmable", but how much would you be against Travis Goodspeed being able to do something similar to what he's done here with an Estimote beacon? http://travisgoodspeed.blogspot.com.au/2011/02/promiscuity-i... (You can't see it very well in the image in the Makezine article of the board, but under the "CH3" in the label for the smaller chip is a 4 pin header that I'm 99.9% sure will be a jtag header...)
Both the 51 and 52 can have a BLE DFU programmed into the chip, allowing over the air firmware updates, so you wouldn't need a JTag. Most companies lock this down with a secure boot loader, meaning you would need to be able to flash the device using a JTag (only $500!)
1- A beacon broadcast a UUID.
2- The users should install my app, the app reads the UUID.
3- The app requests the picture or video related to this UUID from my server.
If an attacker can access the beacon and modify it, then my app is not going to find the UUID's i added to the server.
-evul haxor learns about those beacons at the target location
-finds a weakness in remote firmware update
-prepares special firmware with added Microsoft/logitech mouse/keyboard emulation (nRF52 can do this). Bonus points if he can make one beacon flash other beacons in range.
-infects one beacon using long range setup (yagi, amp)
-profit
BT pairing prevents trivial MITM attacks.
There is a ton of potential for them though, but perhaps more in the autonomous vehicles and robotics space than in the realm of current consumer devices. Of course, there are plenty of competing technologies in the micro-location space.
Making beacons more computationally powerful beyond just broadcasting a UUID is an interesting development, and one competing tech, like location fingerprinting, can't easily do.