Security Fears of Wi-Fi in London Underground

The London Underground is getting Wi-Fi. Of course there are security fears:

But Will Geddes, founder of ICP Group which specialises in reducing terror or technology-related threats, said the plan was problematic.

He said: "There are lots of implications in terms of terrorism and security.

"This will enable people to use their laptop on the Tube as if it was a cell phone."

Mr Geddes said there had been numerous examples of bomb attacks detonated remotely by mobile phone in Afghanistan and Iraq.

He warned a wi-fi system would enable a terror cell to communicate underground.

And he said "Trojan" or eavesdropping software could be used to penetrate users' laptops and garner information such as bank details.

Mr Geddes added: "Eavesdropping software can be found and downloaded within minutes."

This is just silly. We could have a similar conversation regarding any piece of our infrastructure. Yes, the bad guys could use it, just as they use telephones and automobiles and all-night restaurants. If we didn't deploy technologies because of this fear, we'd still be living in the Middle Ages.

Posted on April 13, 2011 at 1:14 PM • 45 Comments

Comments

foosionApril 13, 2011 1:31 PM

Light bulbs a security threat. They allow bad guys can build bombs at night.

RobinApril 13, 2011 1:38 PM

"But Will Geddes, founder of ICP Group which specialises in reducing terror or technology-related threats, said the plan was problematic."

Surely there's been a mistake here. They obviously specialises in inducing terror of technology-related threats.

Dave C.April 13, 2011 1:42 PM

1. So should we deploy any technology regardless of how it could be used in a terrorist attack?
2. Or should we deploy any technology only if it can be shown that the risk of a terrorist using it in an attack is very low?
3. Maybe we dont care either way?

reisiApril 13, 2011 1:49 PM

It is silly that mainstream media constantly gives free advertising space for these companies. Not a single comment by police or any other security official however.

What would had made the original article meaningful is discussion about what kind WIFI security is going to be required from the bidders? One-time PSK with lifespan of maximum tube travel time over SMS? PSK printed out in a ticket or card? What kind of scheme actually would best work here?

Sadly I'm afraid they will select the lowest bidder and which will provide open WIFI.

Dom De VittoApril 13, 2011 1:49 PM

"This will enable people to use their laptop on the Tube as if it was a cell phone."

Wow, did he realise that people could use their laptop to search the web and update facebook too? Terrifying !

There are also numerous examples of using 'clocks' to set off bombs - why are watches allowed on the tube?

Alternatively, maybe 'High Explosives' shouldn't be allowed on the tube - I'm pretty sure preventing that would really nix the 'rists, and wouldn't impact a million people's daily routine....

As for communication, what would they say that couldn't be said in advance - "Hey, I need the loo, don't blow yourselves up until I'm back." ?

Also "Programs" can be used to "steal your identity" and "have you thrown in prison, like that guy from Indiana Jones, when he was framed for murder in China, but didn't actually do it."

I know someone who used a program once, and weeks later they found him dead. Smelling of beer. In his car. Wrapped around a tree. I'm not saying that program was a "trojan", but that's got to be more than coincidence, right ?

Dom "Hey, just got my movie-plot-threat entry for 2011 sorted!" De Vitto

mcbApril 13, 2011 1:54 PM

@ Bruce

"If we didn't deploy technologies because of this fear, we'd still be living in the Middle Ages."

Yo, Habilis, don't chip that rock, you'll put your eye out...

Count-0April 13, 2011 1:55 PM

I think Mr. Geddes is missing the worst part of all this: the "Terrorist" could use the existing "Tube" system to actually move from place to place unnoticed. Why they could even transport "hazardous material" in an enclosed space! Bet bet would be to shut it all down and stay barricaded in your flat.

CalvinApril 13, 2011 2:09 PM

LOL, can you imagine the bomber trying to keep in touch with his bomb remotely via an underground WiFi network as it traveled the physical and electronic networks? These guys have a tough time match lighting a fuse and yet I'm supposed to worry about them mastering this? Heh, I've got a list of things that could keep me up at night but this definitely isn't on it.

ChristianOApril 13, 2011 2:18 PM

Studys show more than 99% of all terrorist breath air.
Air should be abnned from undergrounds.

Not to forget clocks ... bombs can be exploded using so called timers, totally without 2G/3G/4G network.

Brandioch ConnerApril 13, 2011 2:29 PM

@Dave C.
"2. Or should we deploy any technology only if it can be shown that the risk of a terrorist using it in an attack is very low?"

Already done. In the USofA, you are more likely to be killed by someone in your own family than by a terrorist.

http://tinyurl.com/3fep3k2

DeclanApril 13, 2011 2:36 PM

The Internet is already a series of tubes, so I don't think there will be any added risk.

JimFiveApril 13, 2011 3:52 PM

In further news, ICP Group suggests that we should consider banning the level, the wheel, fire, and sharp pointy sticks to prevent their use by terrorists.
--
JimFive

GweihirApril 13, 2011 4:07 PM

Stupid and incompetent officials, that still have no problem making severe public statements can be found in the real world within minutes. If that.

GweihirApril 13, 2011 4:10 PM

Ah, corporate shill. Sorry, my mistake. A common economically motivated terrorist then.

Tim StevensApril 13, 2011 4:10 PM

Bruce, what happened to the 2011 April Fool's Day Movie-Plot Threat contest? Not too late for the Sixth Annual one...

Emma BullApril 13, 2011 4:29 PM

"This will enable people to use their laptop on the Tube as if it was a cell phone."


...or they could just use their cell phone. *rolls eyes*

John McDonnellApril 13, 2011 4:39 PM

It's remarks like this that give the security profession a bad name.

Of course, all terrorists are totally wedded to only carrying out attacks on the London Underground; they'd never dream of blowing up anything else - it wouldn't be the same.

MTApril 13, 2011 4:45 PM

How is this deployment of WiFi for public use any different from current deployment of WiFi for public use by coffee shops, pizza parlors, and countless other vendors?

Why, I've even heard that many public libraries provide open access to their WiFi networks.

Clive RobinsonApril 13, 2011 5:45 PM

What Bruce has not mentioned is that a month before this WiFi anouncment is that talks between Mobile Phone Companies and Transport for London broke down.

Officialy the reason has not been given, unofficialy is that it boils down to money and the participents sitting around the table waiting for somebody to blink.

Prior to this idea for mobile phones London Underground had been severly slated for the fact that emergency services could not communicate underground even though the Tetra Network is supposed to be down there for the transport police etc.

Oh and the reason they tried to put Tetra down there was that some time prior to that they were slated in a report into a serious fire where emergancy services could not communicate.

And prior to that...

Basicaly for some reason that usually involves money nobody has yet had any luck in putting a radio based communications network in the London Underground.

That being said it is a technicaly chalenging environment if you want to cover both ordinary passenger use and emergency services use.

The best way for passenger use is to put the GSM/WiFi/whatever into the actual trains and multiplex it up and work out a reliable link system from the train to a node or central point (possibly using a leaky feeder system working on the underside of the train).

Unfortunatly that sort of passenger service is not going to work very well in an emergancy as there will not be the box to convert the GSM/Wifi/... signals to the leaky feeder frequencies. And even if there where there would not be power in the tracks etc...

And if you try to provide a system for the emergancy services as all four (Police/Fire/Ambulance/Port authority) use incompatable systems it's a problem that is not going to get solved any time soon, even if there was the money to do it...

So all this faux security talk about Terrorism and Technology is realy about somebody undeservably getting media access for their thorougly undiserved15seconds of fame.

John E. BredehoftApril 13, 2011 6:44 PM

When I was originally considering the purchase of a netbook, I was exploring the possibility of having my netbook replace my cell phone. I didn't realize that these thoughts were a danger to society.

After we eliminate the threat of air-based terrorist activity by banning airplanes, we can eliminate the threat of drunk driving by banning cars.

LisaApril 14, 2011 2:47 AM

Terrorists require Oxygen. We need to launch all of the nukes worldwide at the same time in order to burn off all of the free Oxygen in the atmosphere, in order to stop the terrorists!

Guaranteed 100% effective in stopping terrorism! What is more important than that?

It's not like we've done proper risk-value assessments on current anti-terrorist efforts so far.

Such as spending approximately a Billion dollars for porno-scanners that likely result in more cancer deaths and/or more deaths on the road (by travellers uncomfortable with being imaged naked or touched by strangers in private places) which opt to drive instead of fly, then would likely be killed by terrorists in even the "worse case scenario" that can be practically achieved. And that is not even considering the numerous additional lives that could be saved by putting a Billion dollars into free health-care clinics.

GreenSquirrelApril 14, 2011 5:36 AM

I just love opening lines like this:

"Will Geddes, founder of ICP Group which specialises in reducing terror"

He is not reducing terror, he is, in no uncertain terms, increasing it.

Arrest Will Geddes and terror will reduce slightly....

Joachim ReinkeApril 14, 2011 6:34 AM

Rice is a security threat. Recent studies reveal that approx. 90% of all suicide bombers have eaten rice during the last 48 h before their attack.

JimApril 14, 2011 8:36 AM

@ Dave C:
"2. Or should we deploy any technology only if it can be shown that the risk of a terrorist using it in an attack is very low?"

There are very few terrorists. There, done.

John CampbellApril 14, 2011 10:24 AM

Actually, all terrorists require publicity.

Without publicity it is a little bit difficult to spread terror.

We still need information... perhaps no news should be allowed via radio or television to cut down on their use as a vector for terror as a memetic infection.

M DeterApril 14, 2011 11:14 AM

Bruce, how about a "top ten" list for Security Fallacies? This could be near the top of the list. Seriously, this one is so common, we should NAME it. Aka the "Infrastructure Fallacy: which says that because infrastructure can be used by the bad guys, the good guys shouldn't have it either." I'm sure there are more...

Richard Steven HackApril 14, 2011 4:58 PM

They didn't mind letting an Israeli company install the camera surveillance system in the London Underground.

Guess who bids for most of the airline security systems in the United States?

From an espionage standpoint, it doesn't get better than that.

Dirk PraetApril 14, 2011 7:04 PM

@ Bruce / M. Deter

Could we also introduce the "Elephant Powder Fallacy" in this list ?

A farmer has been watching one of his collegues spraying a strange pink-looking powder over his fields. He does this about every two weeks. After a while, he gets curious and asks the other guy what exactly the powder is for. "Well, it's to keep the elephants away". Absolutely stunned, he replies: "But their are no elephants in this region !". The other guy just smiles at him and goes "You see ? Incredibly effective powder, innit ?".

SApril 15, 2011 3:28 AM

@ Richard Steven Hack "They didn't mind letting an Israeli company install the camera surveillance system in the London Underground."

They've been talking for years about wiring the Tube for GSM; in the last year or so it sounded like they might actually be planning to for real - the forthcoming Olympics being a large part of the reason.

A bunch of the potential bidders apparently withdrew for cost/technical reasons (I can imagine it being a bitch of a contract, due to the way the whole network's been cobbled together over more than a hundred years), and guess who stepped in to offer it?

Huawei, offering £50m worth of free networking gear 'as a gift from one Olympic network to another'....

(Latest is they've cancelled the plans altogether, but I did find it pretty funny/disturbing)

SApril 15, 2011 3:29 AM

For 'one Olympic network to another', read 'one Olympic nation to another'.

Caffeine levels not high enough yet, apologies.

what?April 15, 2011 4:18 PM

"He warned a wi-fi system would enable a terror cell to communicate underground."


Maybe I'm just being silly here, but what does that mean?

Terror cells can already operate "underground" (in secrecy).

But, of course, if the are down in the "Underground", then they really are under (the) ground. Along with everybody else.

wtwuApril 15, 2011 5:23 PM

The WiFi proposals are only for the station platforms on London Underground, not on the trains whilst travelling between the stations.

The technical challenge for the "deep " tube" tunnels in central London either for GSM or 3GPP mobile phones, or for WiFi is considerable, far more than the "outside" / overground sections of the Rail or Tube network, or even the shallow tunnels used in many other cities' underground systems.

A typical Tube train will have several hundred mobile phones / WiFi devices aboard. The train is only at the platform for under a minute or two.

By the time several hundred devices have made their handshake / logged on with the Station based infrastructure, the train has moved off and all the connections are broken. Standard GSm / WiFi equipment can only cope with say, 256 connections at a time, this can easily be exceeded by one train, let alone two, on opposite tracks, at the same time.

Getting the signal to "hand off" sequentially to mobile phone / WiFi nodes along the length of the tunnel, without losing connections, is a challenge.

It could be possible to prevent some mobile phone detonated bombs from being activated on the Underground, by only allowing outgoing calls, but that is not a foolproof security method (an incoming call could be used to periodically suppress a detonation event, until it is missed, rather like the way in which submarine nuclear deterrents work)

ColinApril 16, 2011 7:29 AM

I know how this goes. The WiFi announcement is made on a slow news day, and some reporter calls you up to ask if there are any security risks. You rack your brains for a second and come up with the line above. The journalist turns it into a story.

You know it was a bit of a stretch - too bad you're imaginative enough to come up with that nonsense on the spot.

Markus St.April 17, 2011 7:09 AM

OMG, they really built a system of underground tunnels to transport people? Crazy guys, didn't they notice that this will make it easier for terrorists to travel within the city?

LeeApril 19, 2011 8:23 AM

I think terrorists have cottoned onto using simple technology such as watches and maps which allowed them to travel on London's underground and carry out attacks - I seem to remember it being on the news channels around 4 years ago.

Wifi will just see the news proliferate even quicker. Check-in on Foursquare, check out .... literally.

It's not just about 7/7 - the Underground would be closed in the 20th century when some kid left a shoebox from a new pair of sneakers on the platform and everyone assumed it was an IRA device.

There's nothing new here, it's a regurgitation of something old.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..