Schneier on Security
A blog covering security and security technology.
« Privacy Salience and Social Networking Sites |
| Friday Squid Blogging: Bottled Water Plus Squid »
July 17, 2009
Pepper Spray–Equipped ATMs
South Africa takes its security seriously. Here's an ATM that automatically squirts pepper spray into the face of "people tampering with the card slots."
Sounds cool, but these kinds of things are all about false positives:
But the mechanism backfired in one incident last week when pepper spray was inadvertently inhaled by three technicians who required treatment from paramedics.
Patrick Wadula, spokesman for the Absa bank, which is piloting the scheme, told the Mail & Guardian Online: "During a routine maintenance check at an Absa ATM in Fish Hoek, the pepper spray device was accidentally activated.
"At the time there were no customers using the ATM. However, the spray spread into the shopping centre where the ATMs are situated."
Posted on July 17, 2009 at 1:04 PM
• 42 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
What constitutes tampering in this case? What if you are someone who regularly checks to make sure no skimmer is attached to the slot? Will that trigger the mechanism?
Seems like this doesn't provide any additional security in this case, and may make it less secure if people now cannot even verify the lack of a skimmer for fear of being sprayed.
They do think kind of thing instead of providing true security. It works well in the imagination. One pictures criminals (probably terrorists) getting sprayed and running away.
Masks? Did the technicians think of wearing masks while messing with the mechanism? Or maybe they wanted to deliver a message to potential thieves and masks would have shown how to avoid the pepper spray.
Sorta reminds me of the automated security systems in _The Fifth Element_ or _Robocop_ complete with the malfunctions..."You have five seconds to comply!"
And even with ED-309 they learned a valuable lesson.. Build in an override mechanism to prevent attacking the creators.. Prime Directives (#4, I believe)
It's sad, I can remember that but I can't remember people's names :-/
Probably not legal here. I don't think you can use that kind of force in the mere protection of property.
It's a South African thing I guess: a few years back I read about a company there making anti-car theft devices ... with flame throwers.
Considering how car alarms go off for no reason all the time, I can't see how that could ever have been a good idea.
"Probably not legal here. I don't think you can use that kind of force in the mere protection of property."
OC is regarded as a "less than physical force" option on the use of force continuum as it has no residual effects.
Google "Repulsar Thief Repellent" or "Burglar Bomb" for devices suited to the home or office stateside. Note: OC regulations vary by community.
Our kinder, gentler cousins to the north of the 49th parallel can try FlashFog http://www.flashfogsecurity.com/index.htm
"It's a South African thing I guess"
To be fair the "car flame thrower" was intended as a less lethal defense against carjacking, a violent crime for which deadly force is the common, effective, and judicially sanctioned remedy.
Assuming the the technicians know what part of the ATM might emit a disabling chemical spray, you'd think that step one one the service checklist would be to cover that with tupperware or something. After all, the security system is one of the things that might require routine maintenance.
Whimps! The only propper thing to use is a claymore!
Besides that, the stupidity of the scheme is right in line with other unsupervised offensive technologies. Basically this is a (relatively benign) anti-personal mine, which has no business at all being used in populated areas.
I assume the hope of the people who chose to implement this was that the need to stand at an ATM wearing masks, goggles, etc., would discourage criminal activity before it starts, which means that even if it's effective, false positives and accidents would dominate incidents where the defense is actually triggered. I don't know enough about the criminal opportunities with ATMs in South Africa to know if crime prevention in this manner is plausible at all.
That said, I would characterize a pepper-spray release during maintenance as a failure in maintenance procedures (carelessness or lack of training), rather than as a 'false positive'. If a guy breaks his arm setting a bear trap, the 'false positive' angle isn't really relevant.
Given the size of the cloud of pepper spray described, it also sounds like collateral damage is also a real possibility (and protecting oneself during a robbery would require a full-on gas mask).
Dye packs. Tear gas packs. How long will it be before the cyanide pack?
And haven't they ever heard of pepper foam?
Criminals who are forced to wear one of the common variety of gas masks will stand out from the crowd.
I wonder how difficult it would be to make a gas mask that is not visible from a distance. If it was skin coloured, had what appeared to be sunglasses to cover the eye protection and had what appeared to be a full beard and moustache to conceal the air pipe leading to a filter mounted at the waist then from a distance of about 10M during the day (or 2M at night) a casual observer might not notice anything unusual.
Great story--someone should get the Darwin award for the flame thrower thing.
I wish folks were as creative about removing people from these god awful DOJ watch databases as they are about protecting property.
. . . and you should see what happens when you bounce a check.
It has begun! Robots 3, humans 0.
A very large point to you sir, I laughed so much I nearly droped the mobile I use to web browse.
A much apriciated start to the day 8)
@ Russell Coker,
"I wonder how difficult it would be to make a gas mask that is not visible from a distance."
For CS gas and Pepper Spray it's already been done.
Go into any pushbike shop and ask about "micro particulate" bandana cycle masks.
The nasty bits in exhaust fumes from oil fuel vehicals is smaller than a lot of dibilitant sprays so the "micro particulate" masks can be quite effective.
The problem is your eyes
To get around this get a pair of largish sunglasses, a metal/building work goggles/ eye protectors and one of those sports neoprean eyeglasses straps.
Take the eye protectors apart to get the soft clear plastic visor gland that presses against the skin to keep dust out. Using a modeling knife and suitable glue make it fit the large sun glasses unobtrusivly fit and adjust the neoprean sports strap so the finished item fits snugly and is held in place.
In combination with the bandana mask and appropriate garish cloths and back pack you will actually mearge in as a cycle courier and people who see you will possibly remember your cloths not your face.
I think you can work out the rest for yourself ;)
On posting the above I got the following on my MobPhn I use to browse,
Parse error : syntax error, unexpected $end, expecting ')' in /htdocs/www/blog/templates_c/%%2A^2A9^2A9DE3F0%%mt%3A119.php on line 266
I don't know if it's of help to you or not.
note to criminals: please wear a mask when you try to steal money!
the location of pepper spray on the continuum of force depends upon your local jurisdiction. In several US states, pepper spray is legally defined as lethal force.
I worry that security measures like this assume every user is able bodied and young - who are able to simply put the card in the slot - but what about old people or people with Parkinson's disease for whom it's not such a simple operation?
As a former South African (crime being the primary reason I left) - I can attest to the extreme measures that businesses have to adopt to protect property and lives. The audacity, ingenuity and violence displayed by criminals there is quite extreme. I worked in a bank for a while behind 20mm bullet proof glass designed to withstand a direct round from an AK-47. The criminals simply got at one of the new affirmative action tellers and slowly coerced her to cash fraudulent checks. They got away with 60K before it was detected. The crime situation in SA is a complex and intractable one and there is little political will to solve the issue. I feel for the desperation of the bank managers.
On an important note, the flame thrower invention never went into production as it was judicially sanctioned.
I think that it's also important to understand that the "Blaster," as it was called, was manually activated, rather than being an automatic system. There would still be false positives, but in order for your mechanic to be toasted, he (or someone else) would have to have triggered the switch.
@ AppSec - and here I always through that the lesson of ED-209 was don't demo with live ammunition. :)
"Security theater", indeed. The main way to get money out of a South African ATM seems to be with explosives. The gas wouldn't be much use there.
(I am thinking of the scene in "Butch Cassidy and the Sundance Kid": "You used too much dynamite!")
What a dumb idea this was. It is definitely a case of solving the wrong problem. If they think they have a reliable way to detect people tampering with the card slot, that detector should simply make a loud noise announcing the tampering, set the ATM out of order, and dispatch a technician. This will remove any monetary motive for those that attempt to tamper with the card-slot, and false-positives will do very little harm.
"Tampering" ATMs in South Africa often involves blowing them open with explosives. If that sort of tampering was to set off the pepper spray, it would make it a lot harder for the bombers to return to grab the cash.
The "Guardian" article seems a little garbled. The subheading says it a security measure against explosive attacks, and the first two paragraphs support this. The third paragraph then says the machines also include a camera to photograph someone tampering with the card reader slot, but then confusingly says:
"ANOTHER machine then ejects pepper spray to stun the culprit while police response teams race to the scene." (my emphasis.)
Most readers seem to have been left with the impression that the capsaicin sprayer is activated by tampering with the card reader. But the article doesn't actually say that, and it is just as possible (and more logical) that tampering with the card reader gets you photographed, but blowing the machine up results in a discharge of capsaicin from some other source -- not inside the destroyed machine -- whilst also summoning the police.
That is an innovative and reasonably thoughtful response to defending ATMs in the environment of extreme crime that is modern South Africa. Of course, it would be most effective if it took the attackers by surprise, but even if they come equipped with respirators they will get away with less cash than otherwise (and given the volume of capsaicin apparently discharged, the cash they do get may be unusable!) Plus if the response is triggered by an explosive attack, it should be fairly simple to keep the false positive rate astronomically low (apart from careless technicians!)
[Incidentally, I did some googling to try to clear this up, but even restricting the search to South Africa, I was unable to find any sources that weren't either David Smith's report, or links to this blog.]
>Dye packs. Tear gas packs. How long will it be before the cyanide pack?
Actually, chemical warfare agents were already used in the 1920s to thwart drilling attacks on safes. If you knew the exact spot to drill, you were OK; 1 inch to the left and you got a face full of mustard gas or chloropicrin. You still occasionally get reports of someone -- inexperienced locksmith, or owner doing his own maintenance -- getting "stung" by an antique safe.
They fell out of favour long before civilian possession of such materials was criminalised. I don't know why, but would guess the reason is that any sane locksmith would refuse to work on them.
It would be better to use nerve gas in this case. Fewer complaints.
"the location of pepper spray on the continuum of force depends upon your local jurisdiction. In several US states, pepper spray is legally defined as lethal force."
Tell us more. The continuum of force concept is used to guide the lawful application of force in response to an offender's actions. OC sprays (along with police canines and tasers) are routinely located somewhere between verbal instruction and the use of impact weapons. Legal definitions of prohibited devices aside, short of drowning someone in a vat of the stuff it's pretty hard to move OC out of its place on the continuum.
Cool. So how long before teens pranksters learn how to bend cards that will trigger the mechanism, and they go around triggering them for fun?
It seems to me that if your objective is to prevent attackers from getting money even if armed with explosives then design the machine to immediately dye any stored currency when the case is breached. In this case the ATM manufacturer / bank is trying to do more - they want to incapacitate or slow the attackers after they've opened the safe to allow for apprehension. Unfortunately this would only work once and all subsequent attackers will wear gas masks.
10 foot wall, 11 foot ladder, etc.
> It seems to me that if your objective is to prevent attackers from getting money even if armed with explosives then design the machine to immediately dye any stored currency when the case is breached.
That might work in some countries, but this is in South Africa. People won't refuse to handle cash just because it's obviously stolen -- this is the country where a police officer is charged with a crime every three hours (and that's probably just the ones caught skimming.)
While "use of force continuum" is a term of art in use by police departments, several state legislatures have made it very hard for non-police to legally carry OC-based sprays.
As an example, Massachusetts forces carriers of OC-based sprays to have a Police-issued permit. (Amusingly, said permit is labeled "Firearms Owners ID, Restricted", not to be confused with UnRestricted forms of the MA Firearms Owners ID...which allow the ownership of firearms.)
Reference pulled from Google, at a small-town Public Safety dept. in Massachusetts:
If OC-spray is covered under MA Firearms law, is it a lethal weapon? If not, why not?
I doubt the MA Legislature answered those questions...
More generally, I would love to know what the "tamper-detection" logic/mechanism is.
Of course, if this data enters the public domain, it then becomes common knowledge among the smarter thieves...Thus, the weaknesses would be broadcast.
But I suspect that if the mechanism becomes common, some thieves will gather data from their less-lucky fellow to develop their own "public domain" data.
Thus, the smarter criminals will eventually have a pool of "public domain" data about the tool, whether or not the company releases the data.
Instead of worrying about false positives, what about attackers booby trapping the ATMs?
Wait until some unsuspecting person comes up to get money, remotely trigger the pepper spray (this would be the hard part but I'm sure it's doable), and them rob them and/or the ATM.
Police suspect the guy who got maced, and you get away while they're busy detaining him.
"...several state legislatures have made it very hard for non-police to legally carry OC-based sprays.
As an example, Massachusetts forces carriers of OC-based sprays to have a Police-issued permit."
Ayup, some parts of New England are getting more and more like Old England all the time. Some day soon the MA OC FIDR permit will come with a coupon for stab-free kitchen knives.
It would be better if they just put some breath spray in them ATM machines. I visited South Africa a few years ago on my roots tour and most them people had real bad breath.
The basic idea is probably a good one, but it is dangerous to have a program that has no human judgment, I think. The accident reported is likely to be repeated more often, with subsequent legal implications. I would chalk it up as a failed experiment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.