πŸ“‘ Hacking the ISTE18 Smart Badge

Bookmarked Hacking the ISTE18 Smart Badge, Part II by Doug Levin (k12cybersecure.com)

There are three points about the risks of what ISTE deployed at their conference to know: (1) the β€˜smart badge’ is a really effective locator beacon, transmitting signals that are trivial to intercept and read, (2) you can’t turn it off, and (3) most people I spoke to had no idea how it worked. (I freaked out more than a few people by telling them what their badge number was by reading it from my phone. Most of those incidents ended up with β€˜smart badges’ being removed and destroyed.)

Doug Levin reflects on the introduction of ‘smart badges’ at ISTE. Really just a Bluetooth tracking device that then allowed vendors (and anyone for that matter) to collect data on attendees. Levin hacked a badge to unpacking their use. He explains that with little effort they could be used by anybody to track somebody:

Downloading a free mobile app, as I did, an attacker could easily track a specific badge and be notified when it goes out of or comes into range. With little technical skill, an attacker could use it to approach someone outside of the convention center (at a bar or restaurant or tourist attraction) and by employing social engineering techniques attempt to gain their trust. I myself was able to identify that there were over a dozen ISTE conference participants on my train platform on Wednesday morning bound for Chicago O’Hare. When one ISTE participant entered my train car at a later stop, that was trivial to identify. While there were no other ISTE participants on my flight back to the DC area, I located two badges in the baggage claim area (likely packed in someone’s luggage or carry-on).

Audrey Watters suggests that, “ISTE has helped here to normalize surveillance as part of the ed-tech experience. She suggests that it is only time that this results in abuse. Mike Crowley wonders why in a post-GDPR world attendees are not asked for consent? If this is the future, then maybe Levin’s ‘must-have’ guide will be an important read for everyone.

4 responses on “πŸ“‘ Hacking the ISTE18 Smart Badge”

Leave a Reply

Your email address will not be published. Required fields are marked *