How does Disney track visitor movements in the park?
Disney in 2013Florida Walt Disney World ResortIntroduced to "MagicBand"Is a substitute for Fast Pass, it can also be used as a payment terminal, it is a useful item that can be used as a smart key of a hotel room. However, after a certain thing, Adam Clark Estes started to think that "My actions in the park are being tracked by MagicBand", and how it tracks the actual state of MagicBand and the user We are investigating whether it is.
How I Let Disney Track My Every Move
First of all, you can see what kind of items MagicBand is by seeing the following movie.
MagicBand Testing at Resort Room Door, Epcot Attractions and Food Purchase, MyMagic +, FastPass + - YouTube
The red wristband wrapped around the wrist of a man is "MagicBand".
When this is brought close to the device on the door knob ... ...
The door opened automatically.
Towels in the form of Mickey Mouse are displayed and it can be said that it is a Disney hotel.
Continue to the entrance gate of the park.
When bringing MagicBand close to the round part where Mickey is drawn ... ...
White light is on.
In addition, you can enter the park after fingerprint authentication.
We also use MagicBand when taking an attraction. With smartphone appFast passAs time can be managed, ......
I will head to the gate.
Here too there is the same device as when entering the park, hold MagicBand over Mickey.
If the light turns on ......
You can enter the attraction with a gate separate from general.
In addition, it is also possible to make payments using MagicBand.
Even when you pay money at a restaurant in the park, you can finish the accounting by simply holding MagicBand.
Mr. Estes began to have doubts about MagicBand when Splash Mountain, who was supposed to be on board, broke down and it was time to evacuate before traveling. At Disney World, we manage Fast Path through the application, but Estes's people were supposed to get on Estes's smartphone while descending the evacuation staircase, but in fact no one is on the ride I got a picture of Splash · Mountain sliding in at.
In large commercial facilities in the United States, it is installed in the facilitybeaconThere is a place where the service of communicating with the shopper's smartphone using radio signal is being done. In Disney World, in addition to the need for fingerprint authentication before entering, from the fact that the picture of the vehicle which it was supposed to ride arrived, "Is it probably that the visitor is being monitored at MagicBand? Estes, who began thinking, decided to disassemble MagicBand that he actually brought back.
As a result of actual disassembly, the mechanism of MagicBand is "fitness device"FitbitIt is similar to "RFIDHe said that technology was very simple to use. The outside is a silicon bracelet, and it seems that the two antennas inside sent two kinds of radio signals of short distance and long distance.
Those that perform near field wireless communication among the two antennas are thought to be used as the key of a door or used when entering an attraction park, which can be confirmed with the above movie Yes. And Estes thought that the antenna that performs long distance communication sends information to the beacon installed in the park.
However, Estes said that he did not remember signing a document that allowed him to track his movements. As a result of examining it, I found out that "Disney World's website"My Disney Experience Terms and Conditions(Terms and Conditions of Disney Experience)"Or FAQ's"About radio frequency technology"It seems that MagicBand has found that it is written that" Provide information to us to improve the whole experience in the park "on a page where technical terms are arranged.
Actually Disney is actively recruiting mathematicians investigating various patterns from consumption of food to the schedule of characters walking in the park. If we can collect information on where guests are concentrated, There should be big merit. However, as to the extent of this long distance communication range, there was no mention on the website.
Therefore, Estes actually decides to ask Disney. When Mr. Estes inquires about the strange experience of Splash · Mountain, Disney's public relations announced that "As the photos taken during the attraction link with each visitor, we have several points "I'm reading" MagicBand at that time. " In addition, Mr. Jim MacPhee, senior vice president, told Mr. Estes' interview, "MagicBand was originally made with privacy in mind," "There is nothing to tie with yourself." Regarding Mr. MacPhee's comment, Estes wrote that "The word" is made with privacy in mind "seems like a joke in post-Snowden era."
Although some comments were obtained by inquiries, Estes will listen to the experts next, that technical information about MagicBand could not be heard.
People who tried disassembling MagicBand exist outside of Estes. In the following articles you can read detailed disassembly articles.
Making the Band - MagicBand Teardown and More - AtDisney Again
Also, people who actually hacked MagicBand using Raspberry Pi based on the above mentioned articles.
Hacking The Magic Bands From Disney #piday # raspberrypi @ Raspberry_Pi «Adafruit Industries - Makers, hackers, artists, designers and engineers!
As mentioned above, MagicBand has two antennas for short range and long distance communication, of which short range communication is standardRFIDwas. Therefore, Mr. Berndt made a custom such as hacking the chip for short-distance communication and lighting the light.
Berndt further investigated, another long distance antenna is very powerful,Federal Communications CommissionofwebsiteAccording to the report that it is transmitting signals of 2.4 GHz, it turned out that it is possible to communicate with a receiver terminal that is 100 feet (about 30 m) apart. "What MagicBand uses is not strictly BLE, but it also adjusts the energy in the same way." "I can also detect some Bluetooth signals and I do not know if they are actually doing it or not , But technically the visitorsFitbitYou can also know if you are using. "Security researcher and hacker Samy Kamkar says.
In addition, Disney explained that all data collected by MagicBand's system is encrypted / anonymized, and there is no fear that a specific individual will be tracked by someone. However, if you set up a beacon, for example, in a Disney store, you can also monitor the actions of people with MagicBand even outside the park. "If I were to design a device, the next thing in the park would be to set up a system outside the park," Kamkar said.
Using MagicBand in consideration of the convenience in the park actually meant that my actions were being monitored, "I intended to sign in with Facebook to join my friend, but in the coming years it will be on the Internet behaviors It is similar to being monitored and likely to sell advertisements, "Estes said.
MagicBand certainly makes many things useful, but in modern society where not only Facebook but also many other companies including Google are monitoring people's behavior, we are using convenience and In exchange, privacy is being sacrificed, Estes pointed out. Disney World is a magical country, "In the sense of privacy, Disney World is not a special place at all, but it is the place that is doing the most magical surveillance on the earth," Estes said .
in Hardware, Posted by darkhorse_log