Google Beacon – persistent project or privacy predicament?
Just another day at the office when an unexpected parcel from Google drops on the door step… the random gift of a Google Beacon!
The organisation is pushing the initiative once more by sending businesses free Beacons to encourage implementation. Unfortunately, in today’s security conscious environment these deliveries are sparking more privacy questions than implementations.
What is Project Beacon?
Project Beacon provides proximity experiences for customers using Bluetooth low energy (BLE) technology to send signals to local smart devices. The device continuously broadcasts an identifier which connects to a user’s device. Once your device has interacted with the Beacon it can then transmit its programmed action to the device.
What are they and why is Google promoting Beacons?
Google is promoting the advantage of improved offline attribution with Google ads. Since the Beacons can be used to pinpoint a physical location, you can track conversion from online advertising to in store visits.
For example, if someone searches for a winter coat locally and visits a Google advertisement for your store but then clicks off before purchasing it wouldn’t have been classed as a conversion. However, with Google Beacon, the device can be tracked into the store as a physical visit.
For the customer, Beacons enable promotions to be broadcasted to receptive devices in the Beacon range to encourage in-store visits. You can read more about the features and benefits of Google Beacon here.
What does this technology mean for privacy?
The concerns around Beacon privacy and security is not just relevant to Google, but other distributors as well, including Apple. Although many may consider these threats minimal, they are still concerns according to Kontakt.io.
As default, most Beacons do not encrypt the data that’s transferred to them from connected devices. Kontakt.io explains a hacker could change the connected Beacon password and change it so that they have full control of the device, putting the entire IoT infrastructure at risk.
Unsurprisingly, as a Beacon is a physical box, it is also subject to physical attacks. Although this is extreme and unlikely, someone could physically remove the device, take it apart to access its information.
Cloning and Piggybacking
One of the largest threats is from cloning, where an attacker listens to the device and captures Beacon data, copying the information to an external application without consent. After capturing the data, the hacker may clone it, copying the configuration and contents to another Beacon in order to mislead customers. Using a duplicate Beacon opens up an array of possibilities for the hacker, including triggering in-app payments.
As the latest drive continues and technology gets smarter, so do the hackers and the future of project Beacon is still undecided.