Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Squid Costume |
| Young Man in "Old Man" Mask Boards Plane in Hong Kong »
November 8, 2010
The End of In-Flight Wi-Fi?
Okay, now the terrorists have really affected me personally: they're forcing us to turn off airplane Wi-Fi. No, it's not that the Yemeni package bombs had a Wi-Fi triggering mechanism -- they seem to have had a cell phone triggering mechanism, dubious at best -- but we can imagine an Internet-based triggering mechanism. Put together a sloppy and unsuccessful package bomb with an imagined triggering mechanism, and you have a new and dangerous threat that -- even though it was a threat ever since the first airplane got Wi-Fi capability -- must be immediately dealt with right now.
Please, let's not ever tell the TSA about timers. Or altimeters.
And, while we're talking about the TSA, be sure to opt out of the full-body scanners and remember your sense of humor when a TSA officer slips white powder into your suitcase and then threatens you with arrest.
EDITED TO ADD (11/8): We're banning toner cartridges over 16 ounces.
Additionally, toner and ink cartridges that are over 16 ounces will be banned from all U.S. passenger flights and planes heading to the United States, she said. That ban will also apply to some air cargo shipments.
Other new rules include:
- International mail packages sent to the U.S. must be screened individually and certified to have come from an established postal shipper;
- Cargo shippers, such as UPS, Federal Express, and DHL, have been encouraged to report cargo manifests to Homeland Security faster, prior to departure, to aid in identifying risky cargo based on current intelligence.
There's some impressive magical thinking going on here.
Posted on November 8, 2010 at 10:21 AM
• 102 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Yeah, while reading the opening paragraph I was like: umm, if they could get a bomb on a plane with Wi-Fi based triggering, they could get one with a timer on it.
It seems pointless to close the Wi-Fi hole when the timer one is still out there.
It astounds me that they care more about these fictions than actual bombs. Didn't the unibomber use altimeters? And successfully at that. Is the TSA even looking for them?
The TSA is not doing enough. In fact they seem to be missing out on the basic commonality of all this threats: the aircraft itself. Banning aircrafts will make air travel much more secure.
(Thank goodness for GoToMeeting, Skype, and other telepresence software; I managed to fly only four times in 2010.)
Don't you have to sign onto the wifi and pay a fee or something like that. How do they expect to automate that?
But timer-based bombs are easily defeated: just ensure that the airplane stays on the ground a random amount of time after the scheduled departure time (in the order of a few hours) before the passengers embark.
Most of the services offer a subscription. No need to sign on.
Just get a pre-paid debit card and use that for the subscription.
Would an altimeter function as expected in a pressurized cabin? (I don't discount the danger, I'm just curious)
Thank goodness the UK government has a long history of searching for clandestine radio and television receivers. Because that's the real risk - not WiFi, not cell phones, just a fixed-frequency HF receiver listening for a DTMF sequence. WiFi just makes it easier - DropBox, anyone? :-)
I will be flying with my family this thanksgiving weekend. It appears to me my only choices are either to have my children exposed to radiation, or exposed to the fondling of a stranger. Is that correct? Is there a way for me, as a parent, to protect my children from both?
I'm surprised they've not noticed that laptop batteries are shaped like sticks of dynamite...
Alex Lerman: an altimeter that measures air pressure presumably wouldn't, but a GPS probably would.
They tell you GPS devices aren't allowed on planes due to potential interference, but of course that won't stop a terrorist who managed to get a bomb on board...
Which brings up another point: if our portable electronics are so dangerous that we have to turn them off during take off and landing, why couldn't a terrorist use them against a plane? Maybe the problem is with having hundreds of low power devices on at once, but surely a terrorist could construct a powerful jammer concealed in a laptop or other device quite easily...
"Just ensure that the airplane stays on the ground a random amount of time after the scheduled departure time (in the order of a few hours before the passengers embark"
I'm not sure what the current figures are but in better times most airlines had to have an aircraft in the air for 17hours out of every 24 to break even...
I cann't see the air industry putting up with that loss making restriction.
@ Jose C Silva,
That's even less profitable ;)
What does an altimeter look like?
I can make one out of the bits you could get airside in the shops (start with an ordinary plastic drinks bottle a Bic biro and a couple of ruber bands)...
So what do you tell the TSA to look for.
Also, how about satellite phones?
The story seems awful speculative -- it ain't exactly a TSA press release.
Yes, you can use an altimeter in a cabin situation. The cabin pressure is raised to 10,000 feet, and then back down to the landing atmosphere pressure. Set bomb on at 10k, trigger bomb to explode at set altitude below 10k.
This stuff isn't rocket science, and yes the TSA procedures are a joke.
Terrorists wouldn't use an internet-based mechanism because its highly likely the source could be traced back.
Terrorists only use the internet for propaganda purposes.
They don't even use it to communicate, even though the government keep trying to get them to use Skype by claiming they don't know how to crack the encryption schema, which is as a whole a load of disinformation to encourage them to use the service so communcations data can be intercepted.
Create a false sense of security and they will come is probably the government strategy.
Terrorists see through that kind of thing stratight away though, unless they aren't sophisticated and organised.
I would say however as a whole you need to be sophisticated and organised to even start thinking about terrorism as a political means to an end.
I've read that El Al does put at least some cargo through an unpredictable number of cycles in a decompression chamber to foil altimeter triggers.
@ Alex Lerman, Tom,
"Would an altimeter function as expected in a pressurized cabin? (I don't discount the danger I'm just curious)"
Yes no problem at all the FAA and others alow cabin preasure to drop to the equivalent of 8000ft ASL. It's why your ears pop and airlines dish out sweets to suck.
Airpreasure drops about 4% for every thousand feet you go up so it is quite easy to detect.
If you look around the web you will find pictures of plastic drinks bottles that have been closed empty in the cabin of a flying aircraft and have colapsed very noticably by the time they land.
You can do the opposit, on the ground with an empty drinks bottle squash it flat between finger and thumb at the bottles waist, and then do the top up tightly. When you get up in the air the bottle will re-inflate to nearly the same size it was before you squashed it.
I will leave it to your imagination as to how something this simple could be turned into a bomb detonator but it's very very simple.
Apart from two fine wires you can make it entirely out of plastic parts...
Apart from being somewhat awkward to provide this is the official 'reason' why there's no cell coverage on the London Underground- because somebody *might* use the cell phone to trigger it (as opposed to a timer, which... still works fine.)
And internet? That would be just crazy talk!!! You'd be helping people do useful work, but multiplying up the risks by a factor of almost... one!!!
@Woollard: They've just recently started Wi-fi on Glasgow Underground, and are about to introduce Wi-fi on London Underground if Glasgow is successful.
Next time I fly from an airport that has those scanners, I'm going to wear loose pants and go commando.
If somebody started a 'low/no security' airline would our democracies allow us to travel on it?
Would you be frightened to travel on it?
I'd take the risk and if it all went very wrong at least I'd have died with dignity rather than being perved by the TSA.
I would not normally respond in this manner but:
As the TSA officer approaches your private area I suggest you let off a loud and smelly fart, having eaten an especially spicey Indian curry the night before. Or you could tell the TSA officer to be careful as you have syphilis which is easily contracted through breathing in the air around the infected area.
Clearly, the only solution here is to outlaw the possession of time on an airplane--either in your carry-on bags, or your checked luggage.
@Anon: There are many professional 'gases' a terrorist could let off to subdue a TSA officer or officers which would be more effective.
However, in the process a terrorist would risk contaminating himself with the same gas.
It's probably not the weapon of choice but who knows these days.
The body scanners are one of the many fronts in the war against personal freedoms, privacy, and rights.
Re. full body scanners.
Remember the Therac-25? That was supposed to be perfectly safe and foolproof as well. Just ask those who got massive overdoses of radiation from it. Oh, you can't - they are all dead!
The beatings will continue until morale improves!
Same day I read of Express Jet Pilot Michael Roberts walking off the job for refusing the Full Body Scan, or Pat Down, I read of a TSA supervisor arrested for stealing about $700 a day from unsuspecting travelers.
Now I ask you, what's more likely of a threat? -- A suicidal airline pilot, who wants to take a planeload of passengers with him. -- Or an underpaid greedy TSA agent, in a position to randomly harass any individual traveler he feels like.
"[WiFi] would mean that passengers would no longer need to illicitly use their cellphones when they come into range of ground masts at low altitudes near airports – a potentially dangerous activity that could interfere with the aircraft's avionics."
If someone is trying to blow the plane up, cell phone interference with avionics wouldn't be my biggest concern.
"Just ensure that the airplane stays on the ground a random amount of time after the scheduled departure time (in the order of a few hours before the passengers embark"
That's why it's called the Lockerbie disaster, not the "airplane lost over the ocean for no clear reason." Timer, delay on departure.
Doesn't mean everyone was not killed anyway. Timer and altimeter (and suicide) detonated bombs have killed plenty of folks.
Loud, public & repeated reference to the full-body scanners as "the porno scan," as in: "I think I'll pass on the porno scan, fellas. Thanks!" will torpedo this particularly noxious new bit of nonsense faster than reasoned debate about its inefficacy.
Larger toner cartridges are next. I think someone should start running a book on how long it takes until people are banned from flying altogether.
I know, then we could all start travelling by train again ...
Or in some form of cryo-stasis ...
So if I were a terrorist hell-bent on using wifi as a trigger (silly, but come along with me here) wouldn't I more likely use ad-hoc mode and say "screw the rules" about banning the official wifi service? Unless they actively jam 2.4ghz on the planes (keep those microwaves running at all costs!), the lack of official wifi isn't even a speed bump to a wifi-wielding terrorist.
Not that I expect logic from the TSA. Glad I almost never have to fly. I hope that remains true.
Also, I loved the Goldberg article link.
@Anon: Very bad idea. They will charge you with "usage of a chemical weapong against a TSA officer" :)
In order to protect against timers, they would have to stop time during a flight. This could be a benefit to all travelers! It will probably make flying more expensive, though.
@Alex Lerman: Yes. Cabin pressure is higher than outside, but gets lowered somewhat. That is a relatively sure sign of flight and you can combine it with a timer and some plausibility checks.
While I still see some of the same problems with a WiFi trigger as with a phone-trigger, namely that you have to get the signal into the fright container. With a cargo plane that is a no-go. With a commercial airliner that has WiFi, there is also a floor in between, but it may still be doable by boosting signal strength massively. Mind that this would require a high degree of RF engineering skills, and possibly a motorized antenna. It also has a high risk of still not working.
The internet side is rather trivial: Do a wget from a website and check for a trigger phrase/number/whatever. Maybe use an unsecured forum for that or a not verified email account. The only hurdle I see is paying for the connection. This seems to at least require some advanced scripting and a stolen credit card.
That said, best option is still altimeter+timer and maybe plausibility check in a microcontroller. If you have any kind of RF reception from the outside (which you will typically not have or only very unreliably), use a GPS receiver. These are _passive_, if well shielded, there is no way of detecting a signal from them. And they have you 3D coordinates, which is basically the only option for a somewhat accurate impact point choice for the plane. WiFi is only interesting because the cabin may have a a base-station. Same for cellphones. Both WiFi and cellphones are entirely useless in freight aircraft.
Frankly while the ridiculous precaution of eliminating WiFi is likely to annoy me, its the last link about an Agent "joking" about planting felony evidence that really terrified me.
If I were to go into a TSA checkpoint and do the same in reverse - I'd expect to be brutally arrested on the spot, with the additional risk of being tasered or even shot if I offered even the slightest resistance.
I'd be not at all surprised to have my whole life turned inside out in the subsequent investigation, the accusation make public ruining my career, all my privacy eliminated and have a good chance of going on the lifetime "no-fly" list - all for making a similar "joke".
I'd rather have him steal all my stuff than have him threaten my livelihood, my ability to be with my family and my freedom for the rest of my life.
That I have to fear this kind of TSA Agent behavior every time I go through a Checkpoint is completely unacceptable.
This TSA gentleman's actions are not funny in the largest extreme. I'm not a legal expert, but I'd think it's a serious felony and his "just kidding" statement can be explained to Judge in the sentencing phase.
Him being fired, tried and convicted would be a good deterrent against other officers doing the same.
I only hope it goes down this way.
Any TSA agent that performs a pat down, especially on a minor, should be arrested immediately and put on the sex offender watchlist.
The ban on electronic devices is not to prevent interferance with the airplane, but so that people will do what the crew tells them to instead of playing their video game. Similarly, the restrictions on cell phones... could you imagine being on a plane full of idiots shouting into telephones.
I wonder what they'd arrest you for if you asked how much it would cost for a "happy ending" to the pat-down?
Tom: "Which brings up another point: if our portable electronics are so dangerous that we have to turn them off during take off and landing,"
I've read somewhere that this is no security but a safety measure.
1) don't miss important announcements and
2) don't have something like a notebook on your lap hurting you during a rough landing.
But I don't know if that's the real reason, or if it makes sense.
Why not just pack all luggage in large reinforced shipping containers (and rf shielded). It would also make loading and unloading luggage from the aircraft faster.
@bdw - "I will be flying with my family this thanksgiving weekend. It appears to me my only choices are either to have my children exposed to radiation, or exposed to the fondling of a stranger. Is that correct? Is there a way for me, as a parent, to protect my children from both?"
You will be exposing your family to higher than normal radiation levels during the flight anyway. In my opinion that not the issue, it's the creepy TSA guy/gal looking at your kids with the scanner thats scary as hell. As bad as the thought of them patting down kids.
It seems to me that the TSA(well, the airlines, because the TSA should not exist) should be flagging any checked bag with powered-on electronics for manual inspection. All electronic devices radiate while they're in operation, and it would be absolutely trivial to design a bag sorting conveyor that sorts bags based on the presence of emissions.
If you eliminate powered-on devices from checked baggage, you limit bomb makers to mechanical or chemical timers. Acoustic analysis could likely be done to detect mechanical triggers, and existing chemical sniffers could probably catch the chemical timers.
"Which brings up another point: if our portable electronics are so dangerous that we have to turn them off during take off and landing,"
The reason is historical and goes back more than half a century (like the prohibition on mercury thermometers).
Early Instrument Landing Systems where to put it bluntly not very good technicaly, nor where most portable electronics and electromechanical devices like shavers. They ILS receivers on the aircraft where easily interfered with and could give errors sufficient to cause an aircraft to come into danger when used in low or zero visability.
One big danger where hand held receivers used to listen to the pilots talking to aproach or tower the local oscillator just happened to come out in the ILS band and thus was a major issue as many designs had high local oscillator radiation levels (ie equivalent to a milliwatt and above into a halfwave dipole).
Since then electronics has come on a pace and inertial navigation systems are actually good enough to get the aircraft into the right position let alone the satellite navigation and other systems so the reliance on the old ILS is virtually non existant.
The EMC requirments that came in in the 1980's put paid to handheld receiving equipment radiating significant Local Oscilator or other signals.
The exception is two way radios and other transmitters especialy those in the upper HF bands such as northern european "hunters radios" etc.
However like many rules once in place it takes a significant motivation to remove them due to the CYA principle.
"Please, let's not ever tell the TSA about timers. Or altimeters."
The bureaucrats at TSA are so bright that if they learned about altimeter-triggered bombs, they would order all airliners to stay below 5000 feet (even in Denver where the planes would have to become subway cars with wings).
Seems like they should have always been xraying packages from Yemen -- isn't that a no-brainer.
I believe Lockerbie was Altimeter triggered in the cargo hold.
Clive is correct; the restrictions on portable electronic devices comes from the Federal Aviation Regulations, Part 91.21: http://rgl.faa.gov/...
Not at all, unless you're absolutely certain the terrorists don't know how to send airmail from any other country.
How long can this ban last in the face demand from business[wo]men, first-class passengers who feel they paid for it and they should damn' well get it, and everyone else trying to avoid total boredom on a five-hour flight?
You're right, Mr. Cloth, the first class passengers will probably kill this. That's where the airlines come closest to making money.
Alex: Pretty much; the pressure in the cabin is much higher than outside, but still substantially lower than on the ground (ballpark: 9-12 kft inside pressure, 30-40 kft outside), easily enough change to be used to trigger a device.
In fact, several bombs used around the time of the Lockerbie bombing used both a timer and altimeter; the Lockerbie bomb, however, relied on a timer alone - which is why it went off earlier in the flight than planned, since I seem to recall the flight was slightly late leaving. At the scheduled detonation time, instead of being over the Atlantic it was over a Scottish town - meaning the "error" on the terrorists' part meant more death and destruction. It also preserved the evidence used in the trial, of course, which is presumably why they wanted it to blow up over the ocean...
I have always doubted the effectiveness of a politically-driven government organization like the TSA to comprehensively achieve anything.
I do not, however, doubt the absolute, ruthless efficiency of an airline to force their captive audience to pay for WiFi. It's unlikely in that even terrorists can't get free WiFi out of an airline.
It's amazing, nobody has followed up on my earlier post about Wi-fi being introduced on Glasgow Underground and soon to be introduced in London.
I think this community has an unhealthy obsession with air-travel security.
Maybe its linked to 9/11, maybe its linked to this audience are probably being from the west and are constantly absorbing western news agency propaganda.
Nobody seems to be raising flags about Wi-fi on underground transport networks as a vulnerability.
On being confronted either by backscatter scanners or being groped by the TSA, I cannot fathom why American pilots have not gone on strike. All you need is for all pilots in the USA to strike, and the TSA will have to reconsider their approach.
The in-flight WiFi I use has a captcha. I guess this explains why.
I heard the cell-phone mechanism was really just a clock. Phone capability (SIM) had been removed. So they might as well ban clocks and watches...
And if you'd like to stick it to the man, join up with National TSA Feel-Up Week, and Protest the New Pat-Down
Speaking of the TSA scanners and the Enhanced Pat down, have you seen this?
one of the things to note is the fact they have two different pat down levels now, making the fact painfully obvious that it's a scare tactic.
The sad thing is, Who are we scaring?
Anyone trying to smuggle won't be scared, they'll use the most advantageous path possible. All it does is frighten innocent people, discriminate against trans people or those with bodily differences (mastectomy?), and trigger rape survivors to the point they break down talking about the search.
Why are we doing this again?
I still think the more likely target is the security line. Why mess with scanners and patdown when you can kill 100 people at once.
I also should prob mention that although surveys say demand is high less than 2% of passengers actually end up using on flight wifi...
That would be a more compelling reason to turn it off.
The 16 oz rule is a legacy issue. The shoe bomber had less, as pointed out in 2003 Congressional debate by Congressman Ed Markey from Mass:
Rep Markey, incidently, is who authored the cargo screening mandate that went into effect Aug 2010.
Modern microcontrollers can run on 0.9V or less (less than the voltage from a conventional coin cell), and can sleep in the nA range while running a wake timer. I doubt any scanner could detect such a barely-running system that slept 99.9% of the time, waking for a few clock cycles and incrementing a variable, then waking up fully after a designated amount of such cycles to do its dirty work. Such a system could sleep for hours to over a year on a single cell, then trigger something. The emissions during the sleep duty cycle would be virtually undetectable.
I have absolutely no evidence, empirical or theoretical to back this up, but I still believe it's not only possible but quite easy.
You'd need to shield the bags, which could be done quite easily in an enclosure the size of a shipping container. Rubber strips which seal the opening(used at airports all over) could be made out of highly conductive/permissive material to provide shielding from outside EMF. The conveyor would direct the bags to the center of the scanner, following a curved path to prevent a straight shot to the portals. Let the bag sit for 10 seconds and sniff it. High-gain, wideband antennas connected to LNAs could easily detect the radiation. You could even emulate a GSM tower and see if it connects.
Is the field strength produced from a modern MCU in sleep mode really that much less than, say, a QRP radio signal from 12,000 miles away? Remember, even in sleep mode, an MCU uses a clock.
From The Atlantic article:
"I'm going to run my hands up your thighs, and then feel your buttocks, then I'm going to reach under you until I meet --"
Obviously a reader of The Dirty Hungarian Phrasebook!
Great, as a convicted kiddy-fiddler, I'm off to join the TSA where I can be paid while I get my jollies!
I think it is because tube wifi makes sense. I would like to think that most people here are sensible enough to realise that banning wifi, either in flight or underground, is not an effective security measure, so there is little controversy over bringing it in to the London Underground.
It is an interesting example of how people think though - since 11 Sep 01, we have had a steadily increasing amount of restrictions on air travel because there is a public perception that it is a great threat. However, despite Madrid and the London Underground bombings, we have almost zero security on trains.
It would be trivial for a terrorist to get a huge amount of explosives on a train into a major station (Kings Cross for example) and cause major loss of life as well significant disruption to London's business and commerce.
However, the Evil Cunning Terr's seem intent on getting a simpleton with a few grams of explosive onto a plane.
It always intrigues me how we seem able to tolerate amazing levels of risk for what we view as normal forms of transport but for the strange, magical birds in the sky we soil our trousers at the slightest hint something could go bad.
I half wish their response was to ban toner cartridges everywhere. Then people wouldn't be able to print the pointless, endless documents that inflate bureaucracy at the expense of sanity.
I know that I'm dreaming here, but it's a pleasant dream.
Why not have your luggage inside a Faraday Cage and Wifi available on-board?
They should focus on how they get the bombs inside an airplane in first place and not how they should/could detonate.
How would your system differentiate a low powered watch and a bomb?
Better yet, how would it work if it was layered within a typical innocent working system.
Some electronic gizmo that is turned off, but due to it's design it's still "on" because it needs a little be of power to keep it's memory alive.
I'd agree the detecting radiation part of your scheme is easy, but not the actual screening part.
Who needs to make a laptop battery look like a bomb when it is a bomb already if abused...
Even the accelometers that many cell phones have (combined with timer) could probably be used in these kind of devices.
It is often too difficult to obtain 100 percent security with reasonable costs.
If you use chemical fuse, you can make the device to use zero power. And if you want to, you can make the chemical fuse to power up an electrical device when the time is up.
@Alex Lerman "Would an altimeter function as expected in a pressurized cabin? (I don't discount the danger, I'm just curious)"
Actually, it should. They don't pressurize the cabin to ground-level pressure, just to a more comfortable/survivable pressure equivalent to about 8000ft (IIRC). Most planes also have both an unpressurized and pressurized (for pets and other sensitive items) luggage hold. If the bomb were in a bag in the unpressurized hold, the altimeter would work just fine.
It's not about the terrorist - it's about appearing to do something towards safety to convince people they are still safe flying - otherwise trust in the whole industry goes down in flames, instead of the planes.
Just the government doing its thing for ECONOSEC.
@lazlo: "I wonder what they'd arrest you for if you asked how much it would cost for a 'happy ending' to the pat-down?"
I've often entertained thoughts of stripping naked at the security checkpoint-if they want to see me naked, OK, so can everybody else. I haven't done it yet, because I'm sure they would arrest me on some kind of indecent exposure charge. Ironic.
Yes all active electronics systems. emmit energy it's a function ot their inefficiency.
However you need to consider many things, firstly most watches use a 32KHz crystal in an oscillator configuration that is quite high impeadence as the cut of the crystal does not like more than a few nanowatts of energy going through it.
Although this is detectable you generaly have to use capacitive coupling to pick it up which limits the range to a couple of cm or so.
There are quite cheep devices that actually use RC oscillators you will find them in PIC micro and other similar ranges and also in standalone I2C devices. Their frequency of operation is very very low and radiation is likewise very low.
In both cases (crystal and RC) you can get suficient screaning with a small plated steel box such as a tobacco tin.
By the way making RF gasget is not actually difficult. the simplest is simply remove the outer plastic sheath of 75ohm TV antenna down lead. The soft plastic foam coax dialetric is easily compressable thus forcing the outer woven coax screen into any soft mettal suround such as aluminium.
If you need something a bit better get RG56 coax and 100ohm foam as used for storing IC's on simply get the woven outer coax and put it over thin strips of the 100ohm foam.
Regarding the TSA: Something about if your jobs depends on you not understanding something...
@Jose C Silva: The passengers are the problem, not the planes. When they get rid of those pesky passengers, all will be perfect.
But really, the escalating demands for all these unreasonable security measures will just lead to their eventual discontinuation. The more outrageous they get, the sooner it will all end. I think we're getting to the point where people aren't going to tolerate much more. When the airlines are losing business because the TSA is too aggressive, things will change.
I'm not sure that I agree that passive detecting of the oscillator would be possible, the best oscillator circuit I have seen work at around 200nA, so there is very little power to begin with and this is coupled to a very low efficiency antenna at 32KHz. Think about the length of a 32Khz 1/4 wave antenna and compare this with the 2mm to 3mm of PCB interconnect. and also consider the size and selectivity of the 32Khz receive antenna.
Now you could try to detect the divider gates switching, this would look like a current pulse maybe 10nsec wide, every 32usec, the antenna for this is the microcontroller power interconnect, so these wires can easily be 20mm long. So a 100Mhz Sinx/X pulse every 32usec, now that sounds do-able
Active injection for detecting the crystal oscillator would be trivial to implement, especially for very low power circuits. I'd look for the back-scatter of the at the oscillator switching frequency.
Actually the easiest way to detect a low power crystal oscillator is to measure the vibration of the tuning fork crystal. this mechanical vibration is very easy to detect. as a matter of fact it is one technique that was used to frequency trim oscillator clock circuits.
What next? Body cavity searches for all passengers?
··· Hey the bomb could be installed on the plane… before it lifts of for the first time. or be installed during maintenance,[of course a member of the TSA could be a terrorist].
Actually, I can imagine a "MAC Address" capture booth so that the MAC addresses of all of your devices are captured "and allowed" WiFi access.
Mind you, I am also paranoid enough to see such a process sold to "enable use of WiFi on a plane" but actually intended as another fishing expedition to fill a database with such "identifying" information so it'd be easier to either mimic or monitor your home WiFi network.
It is like capturing your phone's IMSI, another personally identifying signature.
I have an idea how we can return the US to a great manufacturing country again and solve all this messy terrorism: Convince the TSA that ALL imports are potential bombs.
They'll ban everything coming in, we'll be forced to start making things again. People will start having jobs again and everything will be rosy.
...until of course we run out of raw materials and can't import them...
There is security at UK train stations in the way of banks of CCTV cameras lined in a row at ticket gates of everyone arriving and departing, and facial recognition cameras.
Plus, in London the "Oyster" card can log personal movements between stations on a long and short term basis.
Sometimes there are police standing about in an intimidating manner eyeballing everyone.
"I've often entertained thoughts of stripping naked at the security checkpoint-if they want to see me naked, OK, so can everybody else. I haven't done it yet, because I'm sure they would arrest me on some kind of indecent exposure charge."
It depends on where and how you do it...
If for instance you did it in the E.U. then within certain constraints it's covered under the human rights legislation as a "freedom of expression".
To arrest you they would have to show you ment to deliberatly offend (like mooning) or get gratification (like flashing).
Being naked in a public place is not in of it's a crime in the EU (apparently it is in Switzerland) but neither is it advisable, as it could be argued that it was provocative so various public order offences could be invoked.
However I suspect an attractive young lady is less likley to cause offence than a phlebitis ridden old goat of a man. And anybody with a distinctly different anatomical makeup than normal is always going to get some interest.
"Cargo shippers, such as UPS, Federal Express, and DHL, have been encouraged to report cargo manifests to Homeland Security faster, prior to departure, to aid in identifying risky cargo based on current intelligence."
In many cases, I'm dropping off the package at FedEx an hour before it goes in the air!
Great terrorist strategy, keep sending poorly-made nonfunctional bombs constructed out of everyday items. They should try laptops next, then makeup, electric shavers, hair dryers, anything you could conceivable carry on or ship on a plane.
All the types of items discovered would have to be banned.
Hopefully we would slowly come to our senses, but in the meantime the cost and disruption would be huge,...
Um, apparently the TSA has never heard of AdHoc mode WiFi (direct point to point links w/o the need for a router). One would assume that a bomB would have a fixed IP address rather than full DHCP compliance.
As for a bomb without an onboard minder, a simple CAPTCHA required for WiFi access would defeat most embedded WiFi bombs.
I don't travel as much as I used to. On recent travel I did not encounter the full body imagers. A couple of months ago I went through one. I will not go through another.
I will opt-out.
I will say to the fondler, "Before you start, please look in my eyes and see that I am a human being."
Once fondled, if it crosses a line (which it would seem it often does now), I will asked to file a formal complaint in writing, in which I will say that "my testicles and my penis were fondled in a way that is completely unreasonable for the protection of public safety and security." I will take as many names, and/or badge numbers, as I can and I will ask for a clear statement on when and how I will have my complaint answered.
I will start allowing enough time to do this and (hopefully) not miss my plane. I invite others to consider this approach, until TSA and DHS get the message.
I also heard they actually have fusion bombs that fit under the nails.
Another classic example of the TSA focusing on tactics. I have trouble fully expressing my utter contempt for the debacle that passes for air security these days, specifically the TSA.
I never thought anyone traveled with their printers. Maybe if you move countries, but in that case just buy a new one at the destination. Clearly TSA isn't thinking straight.
Would a web-connected bomb be better designed to connect to a flight-tracker service so it knows to go off when the falling debris is most likely to do maximum damage?
Banning aircrafts is the most wonderful idea, but you know what they should ban people from traveling abroad altogether, what an even broader range of plots have in common is that people travel from country to country.
Maybe ‹(0.o)› we could loby governments to make these plots easier as opposed to harder every time the TSA tightens controls. ‹(0.o)›– on accounts of having to play fair.
the controversial application of antitrust. treat it like a game, it’s not fun when one sides get’s the upper hand so everytime the TSA, tightens one security whole congress is forced to create another security hole.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.