Blog Post

Loophole in iBeacon could let iPhones guard your likes instead of bombard you with coupons

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

The iBeacon technology that Apple (s aapl)has implemented in iOS7 has retailers and others pumped about the internet of things pretty excited. The technology lets stores or people set up “beacons” that can talk to the iPhone, letting it know that you are standing next to a pair of shoes that you might like or that Starbucks (S sbux) wants to offer you $1 off your latte.

iBeacon demonstration example mobile shopping

But ReelyActive, a company that’s building out physical infrastructure to let devices communicate with their surroundings, has discovered a nifty trick in the iOS 7 code that lets its engineers flip the iBeacon model. Instead of the beacons talking to the phone, ReelyActive can make the iPhone 5s talk to its radios using Bluetooth, and potentially give iPHone users more control over how they interact with machines trying to sell them things.

The company details the trick on its blog and in the video below:

ReelyActive CEO Jeffrey Dungen isn’t sure why Apple has left this loophole in the OS, but from his perspective this is exciting. Dungen’s startup is perhaps a bit too far ahead of its time right now, in that it’s thinking beyond beacons to a fully connected world where a person’s preferences are communicated by their device and stored in the cloud.

With the iPhone’s ability to share data via Bluetooth and this code in iOS 7, he thinks it could start letting users have more control when they are interacting with beacons at first, but beyond that with other connected devices. For example, instead of the beacon near the shoes letting your phone know they are there, your phone could tell that beacon it’s not interested in getting an offer.

Even more interesting is if your phone walks into the retailer and tells a sensor that you are interested in a new pair of jeans. Outside of the context of shopping, the device might share data about a person’s preferences, so a restaurant automatically knows you are allergic to nuts, or a friend’s home knows you like the A/C set to a certain temperature.

Your phone knows a lot about you, so what would it mean if it could share that at your command with other smart sensors or radios in the environment as opposed to the environment trying to constantly tell your phone what it thinks you want? Using a standard such as Bluetooth LE (which is what iBeacon uses) and access to code in the OS to flip the phone from an information receiver to an information provider could be huge. Let’s hope Apple sees it that way.

11 Responses to “Loophole in iBeacon could let iPhones guard your likes instead of bombard you with coupons”

  1. Samuel Au

    Doing it this way is very disruptive to the rf environment..reading limited broadcast beacon can serve thousands of mobile devices.

    But sending signal from phones will simply jam everything up with so many broadcasters..bad idea..

    • Jeff Dungen

      Samuel, with BLE, the transmission of an iBeacon packet is shorter than 1ms (per channel). It would require a very dense concentration of mobile devices to jam the channels. Of course, the fact that iBeacon transmits over 30 times per second when run in the foreground is overkill (1 transmission per second would suffice for many applications).

      It’s not uncommon to have an active RFID real-time location system support the co-existence of thousands of broadcasting devices. Simply a balance of transmission period and the expected maximum number of devices.

  2. Spam, spam, and more spam. These nfc-ish tools designed to sell you something are just automated gps based nifty little push notifs……that will all in time be turned off. Developers beware! See the Sonar story recently about pinging you with all your “friends” who are nearby? Who couldn’t see their demise coming? A nifty tool yes…..but not something joe-merican wants!!!

  3. The Pass Designer ( now allows you to identify up to 10 Bluetooth Beacons to a Pass, and display a relevant message on the lock screen when the Passholder is close to the iBeacons.

    This is available immediately. Simply go to the Lock Screen view in the Pass Designer and enter the iBeacon details.

  4. Radhakrishnan S

    Technically Apple supports BLE peripheral and central modes. iOS coreBluetooth framework lets the iDevice behave as beaconer or listen for beacons. IBeacon in essence uses the same framework. So I don’t think it is a loophole of any sorts!

    • Jeff Dungen

      For over a year, our challenge has been to find a phone/OS combo that allows you to use peripheral mode to send advertising packets including a fixed, unique identifier, and to do so indefinitely once the user opts-in. In another blog post, we’ve outlined this challenge and why we were surprised to find a solution in iBeacon:

      If Apple intended this functionality for active RFID, they’ve done an unusually poor job with respect to documentation. Our breakthroughs have come via packet sniffing. We’re certainly curious to see what Apple have planned for iBeacon operation in peripheral mode on the mobile device.

  5. Too Legit To Nit

    Just want to clear up that iBeacon doesn’t just bombard you with unwanted information. If you do want to have the convenience of paying for your Starbucks without pulling out your wallet, then you would voluntarily download (assuming Starbucks will include such a feature) the Starbucks App, Log In, and most likely turn on or off this feature in Settings.

    Apple is very conservative and very calculating. You need to realize that the fact that Apple, Nokia and Google have finally agreed on a standard for micro-communication, the world will change in a significant way. When you see “another way to force-feed brands”, I see 1000 other uses from medical to musical applications. It’s like a blind guy getting cutting edge surgery that allows him to finally see, and all he looks at are all the ads everywhere…

  6. Too Legit To Nit

    Wrong. They forgot to mention that you would need to have an app running WITH your screen ON in order to send a beacon signal. The real answer to what they are trying to do is SIMPLE: When a customer enters a store, their phone passively recognizes the beacon. They acknowledge the notification and touch it. At that point, your app opens up and uploads the customer’s info including what beacon they are near and for how long. You can figure out the rest. [email protected] if anyone wants a real iBeacon App

    • While it’s true that you need the app to run in the foreground in order for iBeacon to send packets with a user-defined UUID, iBeacon can nonetheless send packets indefinitely while in the background and even with the screen locked. However in this case the UUID gets dropped but you can still identify the phone based on its random device address at least within a 15 minute window until it changes.

      There might also be a way to prompt the device to send the UUID while backgrounded by sending it a special packet. If so, that means that infrastructure in the space could simply send periodic keep-alive packets to overcome this constraint.

      Note that the standard use case you describe doesn’t work if the mobile device loses internet connectivity. And of course there’s vendor lock-in if Apple maintains the iBeacon lookup servers. There are trade-offs. The role-reversal presented in this article doesn’t dump on iBeacon, it simply presents an alternative with interesting potential.