1,300 APs; 70,000 rich, influential, inebriated football fans… What could go wrong?

The technological feat pulled off at the Super Bowl was impressive.  The most credible statistics we’ve seen:

  • 1,300 APs & 12,000+ Bluetooth beacons around the stadium
  • 15.9 TB of LTE traffic handled by carriers over the in-stadium DAS
  • 10.1 TB of wifi data traversed the guest wifi from 6AM-11PM
  • Lots of high tech companies were doing R&D as a part of the services supplied to the NFL/49ers

Our stats that haven’t been published until now:  (So remember, you read it here first!)

  • 27,000 fans opted in.  The number who read the use policy before agreeing to it?  ZERO!  (The 43,000 others who never opted in, no doubt, had their MAC addresses constantly tracked… and quite possibly correlated back to databases that contain additional information about those MAC addresses.)
  • This isn’t in any of the articles we read, but out of those who opted-in, 20% of the 10.1 TB wasn’t directly attributable to social media, news sites, video, etc.  Curious how much of that might have been financial or corporate data.
  • A number of companies have access to the data, including companies deeply involved in analytics & machine learning & big data.  Customer satisfaction & behavioral analysis can’t be left out.
  • The technology to “scrape every packet of data transferred” and store it on a 12 TB disk?  The cost of that technology fully implemented?  Less than $250,000 is our guess.
  • What controls were placed around the access & use of that data by any of the companies involved?  (Oh, and let’s not forget their third party partners!)  We have no idea.  And neither do those who opted in, nor the ones who didn’t opt in.

A handful of those 27,000 fans might have worried about a “man-in-the-middle” or “twin towers” situation.  A few might have thought, “Hmmmm… maybe I should access my company dropbox right now.”  Or, “I’d better access my company email when I get home.”


We were was presenting at a security conference a few weeks back on security in the IoT (Internet of Things).  The Q&A turned the focus to why security isn’t the primary feature in all the home monitoring, fitness tracking, connected car’ing that we’re doing.  The consensus is that when it comes to functionality vs. security, functionality always wins.


What does all this mean?  The most damaging hacks are often the ones that are never discovered.  The social conscience in me fears the potential outcomes.  The narcissist in me wants to jump up & down screaming, “Woo Hoo!  Job security for as far as the eye can see!”


Here’s the slideshare link to the IoT Security presentation with speaker notes.

Leave a Comment