Apple and Nike don't toe security line

Apple and Nike put their foot in it as sneakers prove anything but the sole of discretion

Apple and Nike may be top consumer brands, but you can't say they never put a foot wrong. The companies thought highly of their alliance to make running shoes report on exercise parameters via an iPod; after all, it neatly targets their preferred demographic. And if you can prevent the shoe-mounted sensor from catching fire mid-stride, what could possibly go wrong?

The answer, as both companies now realise, is privacy. Surreal as it may seem, security researchers have found a way to make the system tell tales on its users. Because the radio link between shoe and iPod isn't encrypted and contains a unique identifier, a determined snooper can automatically track their athletic prey — even plotting their course on Google Maps. The most intriguing and worrying aspect of it wasn't that it's possible to just do it, but that it can be done for a few pounds and with middling amounts of IT skills.

We doubt very much that anyone will suffer as a result of using this system, apart from the ever-present danger of ridicule due to conspicuous brand addiction. The message to Apple and Nike, though, is one that all companies should get: any product or service that stores or communicates personal data is a security risk. At some point during the development cycle, it should be looked at in that light. Even if the risk is considered too light to be worth fixing, the company should be aware of what could happen.

The warning comes at an apt time. As it becomes easier and cheaper to put intelligence and communication into ordinary objects, they'll join the connected world with all its penchant for convenience and unforeseen consequences. We expect safety standards to protect us with a device's physical and electrical characteristics. There is no safety standard for devices that says no communication can be intercepted nor personal information extracted. There should be: one day, there will be.

For now, individual companies must bear the responsibility for specifying and following their own best practice in this field. Apple and Nike were lucky: the solution to their problems is a little more design, and the worst they've suffered is a bit of embarrassment and some free publicity. That may not be the case next time some heel decides to snitch.