Schneier on Security
A blog covering security and security technology.
« Using Wi-fi to "See" Through Walls |
| David Dittrich on Criminal Malware »
October 12, 2009
Wi-fi Blocking Paint
I wrote about this in 2004. This is an improved product:
While paints blocking lower frequencies have been available for some time, Mr Ohkoshi's technology is the first to absorb frequencies transmitting at 100GHz (gigahertz). Signals carrying a larger amount of data -- such as wireless internet -- travel at a higher frequency than, for example, FM radio.
Posted on October 12, 2009 at 1:47 PM
• 41 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Ah, yes. Faraday Cage in a can. Combine this with a can of magnetic white-board paint, and we've got ourselves a good time!
Now all we need is a transparent, wideband radio-absorbent window coating. Oh, and some kind of Faraday floor wax, too.
That doesn't make sense as quoted; in general, higher frequencies are easier to block than lower. Is there some specific difference with WiFi that I am missing?
Instead of a tin foil hat, you can just paint your regular hat.
This and the previous blog post combined make a great add campaign. Scare them, then sell them the remedy.
"We're assuming that excessive exposure could be bad for us. Therefore we're trying to make protective clothes for young children or pregnant women to help protect their bodies from such waves."
.... AHHH attack of radio waves
I don't get what's so cool or useful about this. Most hacking is about something more important, and done in a more sophisticated way, than simply using a neighbor's wireless connection. No?
I see two things this is useful for avoiding: freeloaders and (as Robert K notes) spies. But I don't see how it is "a quick and cheap way of preventing access to sensitive data from unauthorised users," as the article claims.
@dan: would such clothes prevent the body scanning thingies from.. scanning you?
Let me get this straight, the BBC is suggesting that it is easier to paint your entire house than it is to encrypt your wireless connection? On the plus side, you won't be bothered by cellular calls at home.
I see it as useful in a crowded apartment building to avoid Wifi interference. But that's mainly because I'm having that problem at the moment.
the coolness factor is pretty high, but the best use will probably be to effectively block the use of cell-phones/texting, maybe in testing areas or theaters. the idea of painting as an option to encryption seems pretty ludicrous.
Windows are easy to block- metallised window coatings attenuate quite strongly.
The problem with all these kinds of things though is that they only attenuate the signal, so it's not a robust security defense; at least unless you're at Tempest blocking levels anyway. Otherwise a sufficiently directional antenna backed up with enough amplifier gain can still recover the signal, and with enough power can transmit into the network.
The main advantage is that it makes it harder for others to find and tap into your network to leech of it, and in many situations improves throughput, because everyone ends up with their own set of frequencies rather than having to share, even if they live within close proximity.
Pretty off topic: do programs that wipe free space really protect you? What happens when a hard disk sector contains sensitive data, and its file was insecurely deleted, and then the same sector was reused for another file? Is the sensitive data at all recoverable?
Of course, if it *is* recoverable, the solution is simply to never normally delete sensitive data, and if you already have, encrypt all the sensitive data and transfer it to a fresh hard disk, and dispose of the old one. But I'd like to know whether that much work is necessary.
"and some kind of Faraday floor wax, too."
And it's a Faraday dessert topping!
On the other hand, if this paper is right, the necessity of multiple delete passes is just a misconception based on an old, ill-researched paper with no subsequent substantiation.
I can say this about disc wiping. It is certainly true that back in the day (way back) when I worked for DEC, and disk drives were washing machines, that we could indeed recover wiped data, and fairly easily (though those who could always do it were considered gurus, but this is in the service/repair business, mind you, not an ivory tower with serious thinkers really).
At the time disc heads wrote a wider track indeed, and erase heads (yes, some drives had a separate erase) didn't wipe that all out, for fear of wiping the adjacent track in misalignment. So there was this 'tween tracks space you could realign the read heads on and get the "erased" data back quite often. Aligning heads at all on one of these "washing machines" so a disk written on one had a prayer of being read on another (or even the same one if the temperature changed much) was considered a black art by most techs at the time, even those who'd gone to the two week course. As a budding engineer, this was all pretty old hat. Most techs couldn't even get a scope to trigger, much less understand an eye pattern.
But believe it -- we could and did do that often, mostly for government agencies who at the time were the only people other than the charge card companies who could afford a lot of computers.
I am not saying I could do this on a modern drive, not hardly. For one thing, the S/N of a *good* track is barely readable-- while developing "eye pee" coding schemes for a disc company I found that out real quick. No fudge at all in the race to cram more on there. So my suspicion is that it's not possible at all anymore. Doesn't mean it was not possible at one time, though.
Perhaps that's where the misunderstandings come from. Under 1k tracks on a 12"+ diameter disk, there's fudge to play with indeed. Nowadays, not so much so.
A lot of this is based on work compiled by the NCSC, in NCSC-TG-025 (forest green covered rainbow series) "A Guide to Understanding Data Remanence in Automated Information Systems"
I have reversion 2 of the document, and would be happy to provide it to anyone interested, (but will not be publicly hosting it at this time, however I plan to place the entire set, minus one that is "unobtainable", as well as other foundational IA material online later this year)
Wouldn't such paint allow people in densely populated areas to get by with cheaper equipment? I've had to upgrade both power and quality of my wireless stuff specifically because the neighbors' wireless stuff (and microwave ovens, etc.) keeps lifting the noise floor. Seems to me an office or school would benefit even more from designs using this kind of thing (much as they benefit from acoustic tiles and noise suppressing/absorbing materials).
Are security and fear of exposure to microwaves really the big payoffs here, or are they a useful set of 'early adopters' willing to pay for products that haven't become cost effective for more mundane uses?
Ironically, when I went looking for a signal strength meter to identify noise sources, all I could find were meters designed specifically to detect bugs and report power-line 'radiation exposure'.
On the "paint issue"
I'm not sure the journo understands what he is talking about,
"The paint contains an aluminium-iron oxide which resonates at the same frequency as wi-fi - or other radio waves"
I find it highly unlikley that it does "resonate" across such a wide band of frequencies...
And to go on and say about a system in "resonance" that,
"meaning the airborne data is absorbed and blocked."
Is just plain wrong.
I'm assuming from "aluminium-iron oxide" that the paint contains a "ferro magnetic" material which can act as an "absorber".
However unlike a "reflector" (E field) which is a surface effect most "absorbers" (H field) need a volume.
I'm not sure just how much volume you are going to get in a layer of paint.
@Clive Robinson: "I'm not sure the journo understands what he is talking about"
Hasn't the journo already admitted they don't understand by admitting they are a journo? ;-)
"Ironically, when I went looking for a signal strength meter to identify noise sources, all I could find were meters designed specifically to detect bugs and report power-line 'radiation exposure'."
There is plenty of equipment out there (EMC etc) but... there are a couple of questions you need to answer.
The first is how deep is your pocket?
The second is what sort of signal are you trying to measure?
There are so many types of signal you find on the ISM bands that you realy need to know what you are looking for and why.
For instance your problem may not be wide band signals lifting the noise floor, it might be high power CW signals blocking early parts of your receiver line up which has insufficient dynamic range or poor third order issues.
In might be the case that actually adding an inline antenuator on the receive path improves your system...
If you are investigating then you can rent appropriate equipment however you would have to know how to use it to get the best effect.
For instance a spectrum analyser on "zero sweep" is actually a broad band receiver with adjustable bandwidth from a few Hz to several MHz. However they are usually quite "deaf" and will require an appropriate antenna (and possibly a broadband amplifier).
How about hair dye as an inconspicuous alternative to the tin foil hat? Too bad I am balding a bit already...
"The paint contains an aluminium-iron oxide"
I might be wrong, but doesn't aluminium and iron oxide make Thermite?
Sounds like a great chemical to cover your walls with
She has warned that the world will not "wait indefinitely" for proof that Iran is not making nuclear weapons. Said Hillary.
Is this logic? How can you proove that something is NOT happening? Ah, these politicians!
This is probably proof of stupidity and/or bad intentions. :-/
@secure delete: What sort of threat are you thinking about? Do you want to protect yourself against today's script kiddies, or do you want solid assurance that the NSA will be unable to read the secure file forty years from now?
Overwriting the sector will do just fine for almost all purposes, provided you're sure it's overwritten. If you're really worried about the data ever getting out, destroy the disk itself (not just the drive).
A great deal of small electonic devices sold nowadays have an aluminum metalic paint on the outside, and some devices have this paint on the inside of the case, this is probably the same thing put there for the fcc part15 certification.
the certification does not wear off, the paint does.
The stuff about this paint seems like hype; the iron oxide might help for low frequencies (
Copper sheet, now that might do some good.
But for a paint: epoxy paint with ground-up GaAs microwave diodes. Hideously expensive; it's what you'd use to "stealth" something against radar. The EM radiation gets rectified and scattered over a wide spectrum of frequencies and directions.
Don't expect to find it in the paint aisle at Home Depot.
Hmm, I feel like starting a business producing nice wallpapers with a tinfoil layer inside. Decorate and secure your home at the same time! $50 a roll...
Cheapstakes could simply plaster their walls with unfolded milk or juice "brick" containers instead.
100GHz, wow! Not a lot of commercial applications in that band.
Anyway, just painting the walls won't do anything. Have you ever seen a shielded chamber used for RF/EMC measurements? It's made from galvanized steel. All seams are bolted together every 3".
The doors are triple sealed with beryllium copper fingers.
@ Peter A.
"Hmm, I feel like starting a business producing nice wallpapers with a tinfoil layer inside."
In the UK you can get rolls of tinfoil bonded to a thin layer of expanded plastic foam. It is designed to be used as "lining paper" for exterior walls that have radiators mounted on them. The idea is the tin foil reflects back some of the 40% of the heat that would otherwise heat the environment (twice ;)
@ Snarki, child of Loki,
"the iron oxide might help for low frequencies (
I've got ferrite material in my workshop that works up into the UHF band that I use for making very broadband transformers for amongst other things pulse amplifiers with a low PRF but high peak power.
I have other more exotic "slab" which consists of various metal compounds that absorbe RF energy up into X Band. Some of these materials are based on aluminium.
"Copper sheet, now that might do some good."
Any solid metal with a high surface conductivity would be good. In fact chromium and nickle coated plastics work quite well as well. As does silver loaded epoxy resin.
I've been known to design "one off" microwave wave guides and horn antennas out of FR4 fiberglass PCB material that has been gold or silver plated. And I have a cute little LPDA I designed using double sided FR4 that works from 1-24GHz I sometimes use for EmSec work (a hint if you want to make your own "plate through holes" can be long slots if you want).
Due to the "skin effect" the depth of conductor decreases with increasing frequency. The real issue is I^2R losses causing sufficient problems for the surface to burn up like a fuse, or gold rim on a plate in a microwave oven.
"100GHz, wow! Not a lot of commercial applications in that band."
You'd be surprised I've seen some French made "proffesional survalence" equipment that works up near those frequencies simply because "bug detectors" don't work up there.
Then there is other interesting "microwave imaging" equipment that works around there as well.
Then there is doplar based systems used in tracking systems that work up there as well.
Remember as far as "stealth aircraft" go the higher the frequency the more likely you are to get either a reflection or more importantly a shadow as BAe amongst others have shown.
Interestingly common or garden RF absorbtion material tends to become reflective as the EM frequency goes up. And you can use common or garden plastics as lense material to make directional antennas from 5 or 6 GHz up.
@ secure delete
Personally, I don't trust the secure delete products: programs leak all over the OS. I don't think HD's need 3-7 random passes either. Here's what I recommend: use privacy-oriented Linux LiveCD or USB's to get/view the data; use truecrypt volumes w/ random keys to store the data; when u must erase, "loose the key." The last part makes data unrecoverable as side effect, and is easily done. Write key on cigarette paper and burn it. Or keep it in file on ramdisk for temporary storage. If you might need to clear it quick, keep your case uncovered so you can hit RAM with a 500,000 volt stun gun a few times. I don't see any forensic data being left over or recovered if they try. Use this method and you just have to get rid of 256 bits of data (or clear RAM) to securely delete terabytes of sensitive info. Is that really so hard?
There are little known, cheap 10GHz room bugs that sophisticated criminals use. Since most sweeping equipment doesn't look that high in spectrum, these bugs are often missed. Not bad for $20-$40 huh? If the paint truly works on higher frequencies, it may be useful in conference rooms as an additional security measure against high frequency bugs like this. I still prefer jamming, but there's these laws you see... ;)
If I paint my car with it, will it prevent me from getting speeding tickets?
@ Nick P.,
"There are little known, cheap 10GHz room bugs that sophisticated criminals use."
Yup and "all stations in between".
10-12GHz is popular due to Sat TV head ends making components and designs easy.
For those "Hunting" in that area a Sat TV downconverter "head end" conected to an appropriate receiver (Spectrum Analyser / comms test set) works quiet nicely.
A little known trick to turn a Sat TV head end into a low power transmitter is to turn the devices over and cut and remake the DC side tracks from input to output. Some early ones have such poor LF side filters that you can put the output of ISM band micro video cammeras with audio (from Swann) directly in...
Easier still is to buy a 10GHz "Traffic light" dopler radar unit from the likes of "RS Electronics" or neumerous other suppliers (Digi-Key / CPC etc) and if you have the money change the diode. This will give you 100mW into a small horn antenna which will easily carry video for 20miles.
All that though is very old hat. Think early digital cell phone chips into up converters. Then go have a look through the product catalogs of AD-Devices and the like.
The output of some Motorola DSP chips will feed directly into AD DDS chips and give an output you can drive a Mini Circuits high level mixer with. This in turn can be fed into two or three "Mod Amps" and give you 50mW anywhere you want in the low microwave bands.
Depending on what you feed to the DSP chip and the code you write for it you can have multi channel audio (essential for usable bugs) and a degree of encryption and or spread spectrum (DS or FH or both).
The component cost would be below $100 even for a very small production run.
This is the joy of "Software Defined Radio" systems of which you will be hearing a lot lot more of in the near future (along with "Ultra wide band" systems).
High tech radio systems are now most definatly within the possabilities of "Old School hackers". They have grown up slightly and swapped "model trains" for "covert comms" 8)
@ Nick P.,
If you and others are interested in HERF and other RF Pulse devices that amongst other things make low grade EMP devices that can ruin a data center.
Have a look at some of the links from this page of GBPPR,
Especialy have a look at the "microwave oven" projects for 13cm / 2.3GHz amature band.
I have seen converted "microwave ovens" run of computer grade UPS's (with additional copper braid soldered onto PCB tracks) used for Earth Moon Earth (EME) communication. Similar devices will quite happily "cook" security equipment such as CCTV etc (this also includs the "organ sack" holding it if they don't know what they are doing).
the link 404's for me.
I expected an article on radio waves somehow preventing walls from being painted, perhaps because the paint won't stick. That's what it says: "Wi-fi blocking paint. (="Wi-fi is blocking paint.)
What was intended, of course, was "Wi-fi-blocking paint" (Paint that blocks Wi-fi).
It is exactly to avoid such ambiguity, or at least, reader stumbles, that compound modifiers, especially noun-gerund ones, are hyphenated.
"Man eating shark" and "Man-eating shark" are two *very* different things.
I don't see why so many people (both in the comments and in the article) immediately jump to the conclusion that blocking out all cellular communication in, say, a theater is a good idea. While that would reduce annoyances from cell phones going off, it would also block folks like doctors and policemen from receiving time-sensitive calls. With all the impetus towards restricting communication in the interest of security (think Mumbai attacks and Twitter), it's odd that no one ever thinks about improving communication in the interest of security.
Vaguely cool, but potentially quite dangerous.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.