Automating Your Trip to Work with iBeacons and JavaScript

Alasdair Allan
3 min readJul 18, 2017

I used to be pretty excited about iBeacons. But my experiences hacking the CES scavenger hunt—something I did along with Sandeep Mistry not just once but twice—have left a sour taste in my mouth. Many commercially available beacon implementation are easy to reverse engineer, and the rush to market has left security problems that, even when resolved, leave unanswered questions.

But that doesn’t mean other people aren’t still playing with them, for instance Nick Lee—a partner and CTO at Tendigi, a mobile design and development studio in Brooklyn—has gone ahead and automated his life using iBeacons.

Nick’s route to work is now instrumented using iBeacons. (📷: Nick Lee)

He’s gone ahead and automated two actions that he performs more or less every morning, summoning an Uber to get to work, and ordering his coffee at Starbucks when he arrives.

“My routine is pretty static. Every morning, a little before 10 AM, I request an Uber to my office. Once I’m about halfway there, I use the Starbucks app to order coffee.” — Nick Lee

The first iBeacon has been placed in the mailbox in his apartment building’s lobby. Picked up by his phone as he steps out of the elevator, his custom built Heroku app uses Uber’s public API to request a ride.

Nick’s automated morning routine. (📹: Nick Lee)

However it turns out that ordering his coffee was a bit more problematic as, despite having a supposedly open API, ordering Starbucks isn’t exactly easy. Nick eventually wound up building a custom Node.js module for placing Starbucks orders. Beacon placement, outside the Starbucks next to his office, also turned out to be somewhat interesting.

An Estimote Beacon planted, guerrilla style, in a phone booth outside Starbucks. (📷: Nick Lee)

Unfortunately by publicising his hack Nick has left himself far more open to beacon spoofing. All someone needs to do to order an Uber, or a coffee, and make him pay for it is walk next to Nick while spoofing the beacon identities of one—or both—of the beacons that he’s deployed in the wild.

This is exactly what Sandeep and I did to hack the CES scavenger hunt, and of course, we now know exactly where both his beacons are located. Since iBeacons are broadcast technology, all we need to do to harvest those beacon identities is walk past them ourselves.

As a real world demonstration of Nick’s reverse-engineered Starbucks Node.js library this is an amazing hack. As something he should continue to do every day? I’d advise him against it.

--

--