The TSA's Selective Laptop Ban

Last Monday, the TSA announced a peculiar new security measure to take effect within 96 hours. Passengers flying into the US on foreign airlines from eight Muslim countries would be prohibited from carrying aboard any electronics larger than a smartphone. They would have to be checked and put into the cargo hold. And now the UK is following suit.

It's difficult to make sense of this as a security measure, particularly at a time when many people question the veracity of government orders, but other explanations are either unsatisfying or damning.

So let's look at the security aspects of this first. Laptop computers aren't inherently dangerous, but they're convenient carrying boxes. This is why, in the past, TSA officials have demanded passengers turn their laptops on: to confirm that they're actually laptops and not laptop cases emptied of their electronics and then filled with explosives.

Forcing a would-be bomber to put larger laptops in the plane's hold is a reasonable defense against this threat, because it increases the complexity of the plot. Both the shoe-bomber Richard Reid and the underwear bomber Umar Farouk Abdulmutallab carried crude bombs aboard their planes with the plan to set them off manually once aloft. Setting off a bomb in checked baggage is more work, which is why we don't see more midair explosions like Pan Am Flight 103 over Lockerbie, Scotland, in 1988.

Security measures that restrict what passengers can carry onto planes are not unprecedented either. Airport security regularly responds to both actual attacks and intelligence regarding future attacks. After the liquid bombers were captured in 2006, the British banned all carry-on luggage except passports and wallets. I remember talking with a friend who traveled home from London with his daughters in those early weeks of the ban. They reported that airport security officials confiscated every tube of lip balm they tried to hide.

Similarly, the US started checking shoes after Reid, installed full-body scanners after Abdulmutallab and restricted liquids in 2006. But all of those measures were global, and most lessened in severity as the threat diminished.

This current restriction implies some specific intelligence of a laptop-based plot and a temporary ban to address it. However, if that's the case, why only certain non-US carriers? And why only certain airports? Terrorists are smart enough to put a laptop bomb in checked baggage from the Middle East to Europe and then carry it on from Europe to the US.

Why not require passengers to turn their laptops on as they go through security? That would be a more effective security measure than forcing them to check them in their luggage. And lastly, why is there a delay between the ban being announced and it taking effect?

Even more confusing, the New York Times reported that "officials called the directive an attempt to address gaps in foreign airport security, and said it was not based on any specific or credible threat of an imminent attack." The Department of Homeland Security FAQ page makes this general statement, "Yes, intelligence is one aspect of every security-related decision," but doesn't provide a specific security threat. And yet a report from the UK states the ban "follows the receipt of specific intelligence reports."

Of course, the details are all classified, which leaves all of us security experts scratching our heads. On the face of it, the ban makes little sense.

One analysis painted this as a protectionist measure targeted at the heavily subsidized Middle Eastern airlines by hitting them where it hurts the most: high-paying business class travelers who need their laptops with them on planes to get work done. That reasoning makes more sense than any security-related explanation, but doesn't explain why the British extended the ban to UK carriers as well. Or why this measure won't backfire when those Middle Eastern countries turn around and ban laptops on American carriers in retaliation. And one aviation official told CNN that an intelligence official informed him it was not a "political move."

In the end, national security measures based on secret information require us to trust the government. That trust is at historic low levels right now, so people both in the US and other countries are rightly skeptical of the official unsatisfying explanations. The new laptop ban highlights this mistrust.

This essay previously appeared on CNN.com.

EDITED TO ADD: Here are two essays that look at the possible political motivations, and fallout, of this ban. And the EFF rightly points out that letting a laptop out of your hands and sight is itself a security risk -- for the passenger.

EDITED TO ADD (4/12): This article suggests that the ban is because of a plot to hide explosives in iPads.

Posted on March 27, 2017 at 6:28 AM • 91 Comments

Comments

Victor WagnerMarch 27, 2017 7:09 AM

Get the 15" laptop, throw all the electronics away, leave just screen and keyboard.
Put Raspberry Pi and three AA batteries inside. Voila - you are able to show TSA staff that this is really laptop, which executes some code, and have a lot of space inside to put in explosives.

Moreover, you have powerful processor and lots of program-controled pins to implement timer initiator.

RMarch 27, 2017 7:11 AM

In Feb 2016, a terrorist managed to bring a bomb concealed in a laptop on a Somali flight. His first flight on Turkish Airlines was cancelled, so he boarded the next one out on a domestic airliner. The bomb went off mid-flight, most likely due to change in pressure inadvertently, taking out only the bomber whose severely burned body was found. Flights from Somalia to the UAE are the most common flights out of the country, including through several domestic airline companies with egregiously poor security measures. Given that Somalia is also the most corrupt country, it is not inconceivable for this attack vector being used again on a flight through the UAE elsewhere.

http://www.bbc.com/news/world-africa-35521646
http://www.cnn.com/2016/02/11/africa/somalia-plane-bomb/

andyMarch 27, 2017 7:17 AM

The ban impacts ten airports and all carriers flying out of those with direct flights to the US and UK. There are no direct flights from those airports on US carriers. So to say that the rule doesn't apply to US carriers is not wholly true, it doesn't apply because they don't fly those routes.

My fear is that the Yemeni bomb makers have figured out how to stabilize TATP and work it into a laptop that will power up and run.

101March 27, 2017 7:18 AM

More bizarre security theater, weird economic/political skullduggery or a practical response to a real and verified threat? We will never know, that's for sure.

I cannot see a ban involving only a few airports in the entire world could have a credible preventive impact. There's always another airport or airline.

Why not suggest travelers buy extra flight insurance because there is credible intelligence to predict a problem with bombs on planes coming from the ME?

At that point smart travelers might decide to NOT fly to/from there which in turn would cause the effected airlines and countries to up their own security simply to improve their chances of economic survival.

In any case, the bottom line should be to focus on credible intelligence to isolate, prevent and eliminate threats by violent criminals. Conversely beating up the 99%+ of non-threatening travelers is plain stupid.

Bruce SchneierMarch 27, 2017 7:21 AM

"The ban impacts ten airports and all carriers flying out of those with direct flights to the US and UK. There are no direct flights from those airports on US carriers. So to say that the rule doesn't apply to US carriers is not wholly true, it doesn't apply because they don't fly those routes."

That's an interesting point I have not seen anyone say anywhere. Thank you.

Bruce SchneierMarch 27, 2017 7:22 AM

"Get the 15" laptop, throw all the electronics away, leave just screen and keyboard.
Put Raspberry Pi and three AA batteries inside. Voila - you are able to show TSA staff that this is really laptop, which executes some code, and have a lot of space inside to put in explosives. Moreover, you have powerful processor and lots of program-controled pins to implement timer initiator."

Agreed, but that's a much more complicated engineering effort.

And I forgot to mention that the TSA routinely -- if occasionally -- swebs laptops for trace explosives.

RobertMarch 27, 2017 7:23 AM

It is easier to bug someone electronic devices when you aren't carrying them

FabienMarch 27, 2017 7:28 AM

I would have thought that a laptop contains enough metallic lithium to make a crude explosive, or even just an incendiary device, to prove fatal at 30000ft and 0.3 bar. Breaking a window might prove enough at those altitude.

If that's the case, then checking that the laptop works wouldn't be an adequate measure.

MatthiasMarch 27, 2017 7:33 AM

I think this is part of an intelligence operation targeted at a broad range of persons from the affected countries. Intelligence agencies want the ability to gain access to electronics that may contain useful data without alerting the owners. If laptops have to be checked, agents can easily and quickly get access to mirror any storage devices. All they need is a court order addressed to the airport. This may also allow them access to devices from diplomats that they would otherwise not get without causing a major incident.

Snarki, child of LokiMarch 27, 2017 7:43 AM

Lithium batteries, of the type commonly used in modern consumer electronics, have a history of occasionally failing catastrophically, resulting in serious fires. As a result, they are typically banned from aircraft cargo compartments.

Yes, passenger aircraft cargo compartments have smoke/fire detectors and suppression systems, but not nearly as good as the "OMG, my laptop is REALLY HOT!" detection system, and not appropriate for "Class D: combustible metal (lithium)" fires.

The ultimate problem is that modern batteries pack a lot of energy into a little package. So does a bomb.

JeredMarch 27, 2017 7:44 AM

"[W]hy this measure won't backfire when those Middle Eastern countries turn around and ban laptops on American carriers in retaliation."

In addition to the fact that US carriers don't fly to the affected airports/countries, the other piece missing is that the ME3 carriers act primarily as transit carriers. That is, not a whole lot of people from the US want to fly to Dubai or Abu Dhabi, but they can get better price or service by transiting DXB on the way to India, for example.

This is catastrophic to the profits of those carriers in a way it is not possible to tit-for-tat retaliate.

SteveMarch 27, 2017 7:47 AM

Or the terrorists could just carry a Samsung Galaxy Note 7 phone. They explode right out of the box.

adam sahMarch 27, 2017 7:51 AM

These days, the vast majority of travelers (business or personal) can switch to cellphone or tablet for the duration of a flight. In fact, many functions (word processing, spreadsheets) can often be done right on cellphones, albeit slower and more limited -- again, lessening the pain of being disconnected for N hours. Most people can queue up N hours of email and simple docs.

Obviously, this has a degree of security theatre, but of all the inconveniences this seems hardly worth the fuss, and as you pointed out, it's likely to lessen as the threat subsides and additional detection measures are invented and deployed.

VMarch 27, 2017 7:54 AM

Bruce says:
And the EFF rightly points out that letting a laptop out of your hands and sight is itself a security risk -- for the passenger.

Entering the US with a laptop / phone / USB stick is a security risk

PeteMarch 27, 2017 8:04 AM

There are so many ways around all these extra checks for a determined engineer. We all know this. Making a bomb hiding laptop, something that looks like a laptop on an x-ray, is non-trivial without having access to a similar x-ray machine as used by airport security around the world and lots of data about what these images look like.

You can buy a remote wifi device with a tiny linux computer, about 2cm x 1cm x 1cm in size, powered by 5V USB for about $15 on amazon. I own one. That device is easily controlled via wifi by any smartphone/tablet/computer without any physical changes necessary to either device. It would be easy for a moderately competent Unix person to setup some nasty things - either with manual remote control or with a timed control.

Should over 8M people daily (approx 3.3B annually) be inconvenienced hoping to catch 1 event, on 1 flight, in a year? Today, the answer seems to be yes.

Basically, our governments have decided that protecting fewer than 1,000 people worldwide is worth all the extra costs. says that fewer than 500 people died in airplane-related incidence in 2013 and 2014 each. But somehow 40K+ Americans will be killed on our roads in 2017 and nobody is asking for all vehicles to be made safer IMMEDIATELY.

I don't pretend to know what the best/correct answer is. That is something our society has to decide. Just providing data. Should 1 class of traveler get more money spent on safety than another type of traveler?

ThomasMarch 27, 2017 8:09 AM

Not sure why only muslim countries though,. surely any terrorist with half a brain (granted, those are rare) would just produce said laptop-bomb in a non muslim country.

And that aside, said laptop could be set on a timer,. putting it in the cargo hold just ensures they can't detonate manually.

This ban raises many questions surely,.
Next up, electronics beyond a certain size may only be transported by ship?

ThomasMarch 27, 2017 8:12 AM

Oh and secondly,. any decent size laptop with a big battery pack - LiIon batteries on their own can be dangerous enough,.

Surely we've had plenty of reports of samsung phones getting banned last year.
Imagine what a battery 10x the size could do in terms of havoc on a plane.

MastodontMarch 27, 2017 8:17 AM

It could also be that US just don't trust the airport security (or any security) in these countries to do a good job of screening/scanning or checking ID.

Dave MurrayMarch 27, 2017 8:21 AM

Or it has nothing to do with bombs and everything to do with physical access for snooping.

GiordiMarch 27, 2017 8:24 AM

I'm with the EFF on this one. The ban is probably "dual use": It looks like it protects against the attack that commenter R mentioned (which happened over a year ago, so it's a bit late anyway), but the real target is to compromise people's laptops. It would be interesting to board such a flight with a honeypot machine and analyse what the NSA did to it. Since the latter may include passive data access, one would have to install active monitoring for location, USB drives, camera, etc.

BorisMarch 27, 2017 8:27 AM

Perhaps the idea is simply to separate people flying from the ME and their laptops so that they can more easily be examined / compromised when they reach the US and UK?

AnuraMarch 27, 2017 8:41 AM

I don't see how requiring someone to turn it on would solve the problem. My laptop fits two SSDs, and there is plenty of space remaining if you don't care about airflow; I don't think you need that much considering you are in a closed space. That said, even if you ban all carry-on, there will always be something you can smuggle explosives in (including passengers).

DominikMarch 27, 2017 8:56 AM

Security checkpoints at the airport tend to be most crowded places I've visited in my life, especially around holidays. The idea of improving security by asking would-be-passenger-bit-really-criminals to press a button on a device that could be a bomb, with hundreds of people around, is completely backwards. I also love these "US Citizens and Green Card holders" lines. They makes targeting Americans so much easier. If I can see that, home come TSA's security experts can't? They're either really devious or patently stupid.

My InfoMarch 27, 2017 9:07 AM

The biggest thing going on at airports — and I have it on good information — is not terrorism, but prostitution and human trafficking. Children and adults are disappearing; some are being trafficked and sold into sex slavery, and some are being murdered.

With the laptop ban, it sounds to me as if the government is confident in its ability to compromise and gain control of smaller devices such as phones and tablets at will, but certain laptops are possibly too locked down and secured with open source and/or custom operating systems, and these require an "evil maid" attack on the part of the government.

It's too bad that the government access to personal data, which stretches all reasonable interpretations of constitutional bounds, is not being used in good faith to fight crime, but to enforce and assist the operation of the human trafficking, sex slavery, and drug dealing cartels.

CassandraMarch 27, 2017 9:10 AM

Perhaps the credible threat has more to do with land-side to air-side security at certain airports?

If, for example, airport workers are known not to be well screened, or an air-side perimeter not well secured, it would be entirely possible for a device that looks like a laptop to be smuggled into an aircraft, by-passing passenger security screening. A conspirator boards the plane, having gone through passenger screening without problem, and recovers the smuggled-in device, which can then be used for nefarious purposes.

By banning all such devices from the passenger cabin, it become obvious if someone has one, so they can be identified and challenged.

Note that a laptop is something that is easily left behind by accident on a plane, so there is a level of plausible camouflage if it is found. If not carefully inspected, it might be sent to lost property, and an attempt made with a new device later. This also supposes that passenger cabin searches between flights are either insufficiently rigorous, or may have been compromised.

I am not saying this is the case, but it may be a scenario that fits the known facts.

MoMarch 27, 2017 9:25 AM

"The ban impacts ten airports and all carriers flying out of those with direct flights to the US and UK. There are no direct flights from those airports on US carriers. So to say that the rule doesn't apply to US carriers is not wholly true, it doesn't apply because they don't fly those routes."

United and AA have direct flights from UAE and Qatar. I have personally been on these flights. They are horrible compared to Qatar and Etihad!

ElliotMarch 27, 2017 9:26 AM

You can find a thousand rationalisations of how this is for the good of the governed, and why the system cares about the good of the governed, but at the end of the day...
I refer you to Orwell's 1984...
"The Party seeks power entirely for its own sake..."

M. WelinderMarch 27, 2017 9:40 AM

The really strange thing about this ban that it applies to direct flights only.

That laptop that isn't safe for the cabin from Istanbul to New York is perfectly safe if you fly via Paris, Reykjavik, or Mexico City.

WinterMarch 27, 2017 10:04 AM

"The really strange thing about this ban that it applies to direct flights only."

This would suggest a device that could not function through a landing. No idea why people would still use a pressure gauge. And even the simplest device could nowadays be programmed better than that.

AnonMarch 27, 2017 10:07 AM

It makes no sense, other than to intercept devices. They will simply try something from another airport. Maybe this is the point?

TedMarch 27, 2017 10:18 AM

The ban baffles in other ways too. The articles I have read state that any electronic device larger than a smart phone is subject to the ban. I am a photographer and cameras are prohibited from carry on baggage as well. While a professional model DSLR may have a substantial amount of interior volume most of it is easily inspected by removing the body cap and the battery. The exclusion of tablets similarly mystifies as their instant on feature make them easy to inspect and their low interior volume make them extremely difficult to modify while maintaining function. Finally there is as others have pointed out the lithium contradiction. Am I supposed to carry on my camera batteries and check the body? Wouldn't this make a function check of either item a lot more difficult for inspectors?

D-503March 27, 2017 11:04 AM

@Jered
You hit the nail on the head. The Canadian Broadcasting Corp ran a story that all but accused the three biggest US airlines of having lobbied for exactly this kind of measure:
http://www.cbc.ca/news/business/electronics-travel-ban-business-1.4034590
The affected airports just happen – coincidence of all coincidences – to include the hubs of major long-haul airlines that have been successfully competing with Delta, United, and American with better service at a lower price.
Business and first class travellers want to be able to work on their laptops on long flights to Asia. They are highly profitable customers for the airlines, and they'll choose other airlines if there's a carry-on laptop ban.
Citing "security" would be a convenient way to dodge a WTO challenge or the like.
@Bruce
It's... interesting... if this angle hasn't been as widely reported inside the US as it has been outside the US over the last few days.

AstromacMarch 27, 2017 11:24 AM

@andy, @Jered: Please do not perpetuate the myth that US carriers don't fly to those airports. It is simply not true. Multiple US carriers do fly to several of those airports.

I also think the most likely explanation to the ban is economic retaliation against the Gulf carriers and Turkish airlines, which have greatly expanded their offers to the US. However, the fact that the UK also went along with the ban and given that they included UK carriers as well, lends some doubt to that idea. Could it be that Bannon et al. are so dumb that they fed the UK disinformation to enforce their nationalistic brand of economics?

A terrorist with half a brain will naturally fly to another destination before going to the US/UK. Presumably the US also tried to push Europe to this silly ban, but perhaps they are not so eager to follow the "leader" as the UK.

@Victor Wagner : you have a good point. However, taking out the internals of a laptop, replacing with a working small computer, connecting every little thing, filling up voids with a bomb is not a straightforward task. Especially because laptops are x-rayed, and such a homemade concoction of electronics would probably stand out. Much easier to just throw a bomb in checked luggage and time it well.

JamesMarch 27, 2017 11:42 AM

Terrorists have probably worked out how to both have a laptop that at first sight turns on like a normal machine, and doubles as a bomb. Off to the top of my head this could be done with a Socket-On-Chip machine with the GPIO wired up normally to correspond to the laptop "on" button.

The ban applies to airlines in predominately Muslim countries probably because that's where (since the 1970s) these types of attacks have come from pretty consistently. Nobody worries about Nuns or Methodists downing planes.

That said I agree there is nothing stopping a terrorist bringing a bomb into Europe via his checked baggage and flying from there. What is also a mystery is the UK and U.S. bans do not fully overlap either from originating countries, nor airlines. Four countries included in the U.S. list - the UAE, Qatar, Kuwait and Morocco -- are absent from the U.K. restrictions, while the UK has additional airlines covered - Jet2, British Airways, Monarch, Thomas Cook, and Tunis Air to name a few.

D-503March 27, 2017 11:44 AM

I feel silly now. Bruce has already posted a link to the Washington Post story!
@Winter
Thanks for the link! People have already pointed out that any attack that can be done from a laptop can also be done from a smartphone. If someone is technically competent enough to hack a flight control system from a laptop computer, then it isn't that much of a step to do the same attack from a smaller form factor computer, AKA "phone". Someone correct me if I'm wrong, but I thought "smartphone" = "smaller electronics that [snip] hide a complete computer".

Israeli security takes a "no-nonsense" approach: they simply shoot your laptop to make sure it isn't dangerous.
Recently, Canadian airport security blew up an unfortunate passenger's laptop. The passenger looked working-class, so airport security assumed she couldn't be the owner of the laptop. Afterwards, local charities pooled together to buy her a new computer.
I don't know how airport security would react to a laptop whose contents have been customised (eg, hard drive replaced with SSD, etc.). Such customisations are becoming more common, but not common enough that airport security would necessarily know what they're looking at in an X-ray.

My InfoMarch 27, 2017 11:53 AM

Re: my previous comment

Here’s why United Airlines banned girls with leggings from a flight

http://www.nydailynews.com/news/national/united-banned-girls-leggings-flight-article-1.3010391

But the policy at United, which has mostly male leadership, is notable for one thing: Many of its clothing rules apply mainly to women.

I should know. Under this policy the transgender are considered terrorists and prohibited from flying at all.

But the real reason for this incident is that Minneapolis is quite a "destination" for underage girls. ... meaning that said underage girls are being trafficked there, lest there be any doubt.

Caspar HarmerMarch 27, 2017 11:57 AM

What we should do is require that all largish electronic devices be put in a kind of trailer sticking out the back or towed behind the plane. People who want to work on their laptops could use a kind of cloning service for their data and use a Airline supplied laptop. Voila!

Dirk PraetMarch 27, 2017 12:28 PM

@ D-503

The Washington Post and the US edition of The Guardian have reported a similar accusation, this is a protectionist measure to help US-based airlines

With what we know for now, it's the only explanation that makes sense. Why the UK decided to follow suite and the rest of Europe didn't is probably more a political than a security related question.

@ My Info

Re. Here’s why United Airlines banned girls with leggings from a flight

Unless it was somehow related to the laptop ban, I believe it belongs in the Squid threat. I don't mean to be rude, but most regulars by now know you're transgender, and there really is little point seizing every opportunity to bring that up. @Clive has serious health problems, there's probably a decent percentage of other LGBTQ commenters here too, and they're not posturing about it either.

DmitryMarch 27, 2017 12:49 PM

The EFF has already said most of my thoughts on the matter in a more eloquent manner.

@Pete

I don't quite agree with the idea that security on planes should be essentially dropped, but I agree that many current measures are just counter-productive security theater.

Your numbers are quite clear though. Road security is magnitudes more important and nothing significant is being done. I agree.

@Dominik

So I'm not the only one that thinks that's a stupid and irresponsible behavior. Good.

Sok PuppetteMarch 27, 2017 12:58 PM

Forcing a would-be bomber to put larger laptops in the plane's hold is a reasonable defense against this threat, because it increases the complexity of the plot.

No. No it's not. It doesn't increase the complexity enough to be worth its cost.

It isn't hard to build a working bomb. But it's harder than hooking up a timer, which you can buy readymade anywhere. And if you look at the complexity of building not just any bomb, but a bomb that can go into a laptop and not make that laptop look totally pathological on X-ray, then that's really a lot harder than adding a timer. Not to mention that you have to defeat the chemosensors and spectrometry and I don't know what all that are floating around at airport security (for both checked and unchecked luggage). And don't even get me started on the complexity of setting up a conspiracy to evade inspection entirely.

So, if you're really so obsessed with attacking planes that no other target will do, not even the airport security lines themselves, then asking you to check your "laptop" doesn't raise the bar for you very much. Hell, if you can't come up with a timer, and you really think carry-on is a big advantage for you, then put your bomb in a book or something. There are a million ways to go. Not that many people are so obsessed with both planes and laptops that they're going to discard all those options.

The reason we're not seeing very many plane bombings of any kind, successful or otherwise, is simply that a terrorist's expected ROI on any plane bombing is already pretty poor, and smart terrorists, the kind who have any real chance of carrying off anything at all, will see that and go do something else. That and the fact that such people are extremely, monstrously rare to begin with.

Why go to all that trouble when you can keep people freaked out by shooting up a nightclub every few months?

D-503March 27, 2017 1:06 PM

OT question: What's the effect of airport X-rays on SSDs, USB flash drives, and SD cards?
Any information storage that's based on parking and counting electrons can be comprimised by ionising radiation. Airport security X-rays are strong enough to fog high ISO silver halide film* and flip bits in DDR3 RAM.

*Back in the stone ages, before digital photography, I remember putting rolls of film in baggies to be inspected separately. Back in those days, airport security routinely looked through your camera's viewfinder and through any removable lenses.
Even further back in the stone ages (1970s), way back when, when terrorism was actually a significant threat, airport security objected to spiral-bound notebooks (because the wire could be used as a garotte?)

Ross SniderMarch 27, 2017 1:10 PM

This recommends an interesting (counterintelligence) threat scenario: an adversary comes up with a threat (with no intent to actually carrying it out) but make sure that intelligence can sniff it. They can then watch with satisfaction as a large number of costly countermeasures are made, people are pained, travel is disrupted, and politics is affected. The technical hurdle to overcome/protect against is what grows to the level that it is deemed "credible". I presume intelligence today looks to see if there appear to be real moves to implement a plan (buying tickets, laptops, etc)?

Kevin HMarch 27, 2017 1:27 PM

The only key difference is to separate the traveller with their electronics. Once one's electronics are in a checked bag, copying the contents of a hard drive or inserting some NSA/CIA created malware would be possible without alerting the traveller that an interception had taken place.

compsciphdMarch 27, 2017 2:17 PM

"Get the 15" laptop, throw all the electronics away, leave just screen and keyboard.
Put Raspberry Pi and three AA batteries inside. Voila - you are able to show TSA staff that this is really laptop, which executes some code, and have a lot of space inside to put in explosives. Moreover, you have powerful processor and lots of program-controled pins to implement timer initiator."


How does checking the laptop mitigate this risk? Bag still goes boom and takes down plane.

JasonMarch 27, 2017 3:29 PM

@compsciphd "How does checking the laptop mitigate this risk? Bag still goes boom and takes down plane."

I think his point was that checking the laptop doesn't mitigate the risk at all. Unless the check is the swab for trace explosive elements is the test, which as Bruce notes in his comment above, is routine by the TSA.

AnonMarch 27, 2017 3:33 PM

In the last few days, there have been "security experts" saying that an explosive device in the hold somehow increases the probability of saving the aircraft, but that just isn't true. Lockerbie demonstrated that most catastrophically, with wreckage spread over most of Scotland.

Any explosive device on an aircraft is bad. It's just yet another feature of this restriction that makes no sense.

Jonathan WilsonMarch 27, 2017 3:40 PM

Article on the Guardian suggests that the ban is because of evidence of a plot to put explosives into an iPad.
https://www.theguardian.com/world/2017/mar/26/plot-explosives-ipad-us-uk-laptop-ban

This does raise some questions:
1.Is this new information (from a "security source") accurate or is it something designed to direct attention away from the real reasons for the ban
2.Why has the USA implemented a different set of rules (covering the UAE and Qatar and exempting US carriers) than the UK?
3.Could the USA be using this genuine threat as an excuse to apply these measures to the big 3 middle eastern carriers (Emirates, Etihad and Qatar) as protectionism (what exactly are US carriers doing differently that other carriers out of these airports aren't doing that makes US carriers not need the extra securi6ty measures?)

AMarch 27, 2017 3:50 PM

Likely the US did not import specific X-ray machines and image-matching software (for automatic matching of objects) to these countries, fearing that this technology would leak and will be easier to circumvent. Now this comes at a price of another fear -- of actual attack. Classic security through obscurity dilemma.

It shouldn't be difficult to do a precise match/search of an X-ray image against a database of 99.9% of all laptops in circulation (and deal with the remaining 0.1% non-standard/repaired laptops on a case-per-case basis). Such technology should be foolproof. Certainly will catch raspberry pi mentioned above. If it is foolproof, why worry about circumvention?

Dirk PraetMarch 27, 2017 3:56 PM

@ D-503

OT question: What's the effect of airport X-rays on SSDs, USB flash drives, and SD cards?

Unless otherwise stated by manufacturer: none. X-rays are NOT magnetic and should not damage or destroy electrical equipment or data that is sensitive to magnetism.

albertMarch 27, 2017 4:15 PM

Security Theater notwithstanding, how long would it take for a TLA to put a payload in a laptop, and what is the time between getting possession and loading it on the plane?

. .. . .. --- ....

My InfoMarch 27, 2017 5:04 PM

@Dirk Praet

Unless it was somehow related to the laptop ban, I believe it belongs in the Squid threat. I don't mean to be rude, but most regulars by now know you're transgender, and there really is little point seizing every opportunity to bring that up. @Clive has serious health problems, there's probably a decent percentage of other LGBTQ commenters here too, and they're not posturing about it either.

Wow! Just wow!

As far as the laptop ban, by "evil maid attack," I mean that this is an excuse to separate the laptops from their owners temporarily, e.g., in checked luggage, so that spyware may be physically installed on them.

Being transgender is simply yet another example of a situation makes one a target for sexually motivated cyberstalking and voyeurism on one's computer — security being especially relevant to this situation. I don't consider this to be posturing, and I particularly don't ask for any support in this respect on this forum except for that of the general computer security considerations which are of interest to the entire community that posts here.

I realize that @Clive has posted somewhat in the past about health issues — I have no reason to speculate whether or not that has anything to do with others on the forum who may or may not be "LGBTQ" as you say, or even whether that is even a medical issue per se or more of a food/drug/law-enforcement issue.

In the past few weeks I have suffered from a nasty spider bite as well as shellfish poisoning from a dish that was not even supposed to contain shellfish. Otherwise a human body is pretty much like that of an animal: if it breathes, eats, drinks, shits, and pisses regularly, and it has a normal range of motion, it's healthy, and in this day and age, if it ain't broke, don't fix it. I'm sorry but dogs get better health care than humans under Obamacare or Trumpcare or whatever they want to call it nowadays.

Reminds me of Alexander Litvinenko, who was poisoned to death with radioactive polonium on Vladimir Putin's orders. We're just not getting anywhere with health care in America or Western Europe until we fix the Vladimir Putin problem.

I still think the concern of bombs on laptops undetectable by the standard x-ray is mostly just theater and probably a diversion to gain physical access to the laptops to install spyware on them.

DJ Justice of the integrity councilMarch 27, 2017 5:34 PM

"In the end, national security measures based on secret information require us to trust the government..."

"... that is becoming less and less reliable, transparent and overseen while openly destroying its built-in protections for underclasses, minorities, and little people..."

There is no question that there ARE groups of people around the world who want to explode bombs on airplanes for various causes. It's not unreasonable to assume that's true.

It's not unreasonable to assume some of these bombs can be made sophisticated-enough to visually mimic actual legit devices, like tablets and laptops. It's additional difficulty and expertise, but we're talking about nation-state budgets. It's feasible.

The question is : If you're interested in preventing that, what GOOD is a half-assed 'ban' on some countries but not others, enforced with varying degrees of pseudo-efficacy?

If you're going to enforce a hardship or cost on some threat vectors but not others, expect the bad actors to move to others. Where do you stop? Exactly. You do not.

At some point this stops being "security" at all, becoming nihilism or paranoia writ law.

Airplanes themselves are vectors. Everything is a security concern.
The justification is either efficient and logical, OR IT IS RIDICULOUS.

My InfoMarch 27, 2017 5:59 PM

@DJ Justice

There is no question that there ARE groups of people around the world who want to explode bombs on airplanes for various causes. It's not unreasonable to assume that's true.

Once we build a psychological or criminological profile, they shift so they don't fit the "profile" anymore — and the minorities whom they hate are shoved into that "profile."

And meanwhile we give up the civil rights of 200,000,000 Americans, falsely, over 4,000 lives that were lost by terrorism on 9/11/2001.

The thousands, tens of thousands, even hundreds of thousands or into the millions of girls, boys, women, and even men who are trafficked by criminal cartels on the airlines just don't matter or even come into the calculation.

The lives destroyed, opportunities wasted, wonderful things that could have been but never were, because of false allegations of mental illness, and false association between said mental illness and terrorism — those just don't matter anymore. That one human being can be adjudicated as a mental defective in a court of law in the United States by another human being on a mere concern, allegation, or whim without examination or defense — that just doesn't matter anymore.

Yes, I said, "a mental defective." Not just mental defective. A mental defective, with an indefinite article in front of the already insulting term. In a court of law. With lifelong consequences. Without examination or defense.

They just don't get it. Even at the highest courts of the land, they just don't want to fix this particular abomination of the law. They like it the way it is. Just like Vladimir Putin who uses allegations of mental illness to punish his political opponents, and has his associate thieves in law set fire to the mental hospitals.

DaveMarch 27, 2017 6:03 PM

That fact that the UK immediately followed suit isn't that unusual, the US government said jump and the UK government responded "how high?". What's surprising is that Australia hasn't also immediately jumped as well, in the past they've been even more toadying to the US than the UK (there was the joke that while Blair was Bush's lapdog, Howard was Bush's doormat). So as with the reason for the US ban, it's just as easily explained by politics as security.

D-503March 27, 2017 6:07 PM

@Dirk Praet
SSDs, USB flash drives, and SD cards aren't magnetic media. They store info by rearranging static electrons (the same goes for most modern volatile RAM, too). No one suggested they're sensitive to magnetism.
That's why I was asking about ionizing radiation, not magnetic fields. It's irrelevant whether X-rays are magnetic or not*.
A DDR3 chip that's on does get messed up by the X rays used for carry-on in the US. I've done the experiment** ;-)
Stronger doses of X-rays are used for checked bags worldwide. Also for carry-on too in the sorts of places where terrorism is a bigger concern.
Re: manufacturers. Sandisk says their SD cards are "X-ray proof". But I haven't seen anything about tolerances, so my question still stands.

* A hair-splitter would point out that X rays are magnetic. X rays are just a shorter wavelength of electromagnetic waves, part of the same spectrum as radio waves, infrared, visible light, ultraviolet, and gamma rays. The reason that X-rays in normal doses don't affect magnetic media is that the spatial scale of X rays is much too small.
I remember reading somewhere that old-fashioned low-density magnetic memory is still used in some applications in outer space where ionizing radiation is a concern. Can anyone confirm or deny?

**An unrelated note: Never travel to the US with your electronic devices powered up. It's almost like handing over your passwords on a silver platter.

TõnisMarch 27, 2017 6:28 PM

Do people still believe that any of this airport nonsense is about security? I'm disappointed that my countrymen have stood still for any of this "homeland" farce. Even the word "homeland" is ridiculous: completely un-American. I'm an American, but I'm also Estonian, and I speak the language fluently. "Homeland" is one of those words that sounds normal in Estonian, probably in most European languages, and maybe in Russian. It's totally not normal in American English. In Estonian, "fatherland" is also normal. As I understand it, for Russians it's the "motherland." So, which one is America, a fatherland or a motherland? The enemies of liberty who came up with this homeland security bs are laughing at the American people.

Dirk PraetMarch 27, 2017 6:35 PM

@ My Info

We're just not getting anywhere with health care in America or Western Europe until we fix the Vladimir Putin problem.

Could I interest you in the position of House Speaker? The current one is a bit under fire and there is no doubt in my mind that this beyond genius proposal could draw massive bipartisan support.

MarkMarch 27, 2017 7:23 PM

My suggestion to everyone is simply not to go to the USA. I have never been, never wanted to go, nor will I go when the country is a police state. Questioned for social media accounts at the border? Not allowed to take certain devices? Blatant racial profiling? The FBI with 50% of adult's photos on record? That's a police state.

These post-9/11 security measures are utterly pointless and ridiculous. We all know that, and I enjoy arguing with the security people every time I go through an airport.

The best way that we, non-USA citizens, can protest is simply to withdraw our money from American companies. I'm personally boycotting all American companies.

@Bruce: This is the sort of comment that I hope you will continue to allow.

ShavedMyWhiskersMarch 27, 2017 8:05 PM

This seems to be targeting the airline economics or specific individuals.

There is no parallel mandate to use hardened luggage containers in the aircraft.

Baring extended delays only one or two devices could be opened and digitally investigated. Modern device are effectively tamper evident in their assembly and could be made more so by a competent individual or corporate IT guy.

There is no evidence of enhanced chemical detection facilities to apply to the departure or arrival stations.

A single device or small collection could be diverted and looked at in some detail in a second aircraft equipped with a lab.

Cloning a laptop with one or two TB of digital stuff takes time. Full disk encryption requires the full disk be cloned.

Devices and luggage do vanish for weeks and require a physical address for delivery.

Michael CrumptonMarch 27, 2017 8:48 PM

The thing I don't understand is if the laptop is checked as luggage, couldn't it easily run a timer to detonate in the middle of the flight, or have a barometer to detonate at a certain altitude? even iphones have timers and barometers built in.

AnonMarch 27, 2017 11:29 PM

@Michael Crumpton:

Yes, they could, which makes the argument for putting them in the hold a completely asinine idea, as the bomb is still on the flight (that is what they were afraid of, right?!).

There is another, non-security related reason for this "not ban".

CharlieMarch 28, 2017 5:23 AM

Actually we are heading for a nice catch-22

At least on Lufthansa and therefor most of the Star-Alliance no Lithium-Ion batteries are allowed in checked baggage.
In fact I was asked each time at check-in if I had anything with a LIB battery in my checked baggage, which meant all laptops had to be as carry-on.

I guess we will be returning to the old days of removable batteries. The laptop itself has to go in the hold, but the battery must be carry-on.

Sony, Lenovo, Apple, you guys listening here, new market opening up, removable batteries are going to become the rage again ;-)

Funny old world ain't it.

Desmond BrennanMarch 28, 2017 5:44 AM

(1) a lot less quantity of explosive is needed in the cabin...as it can be skillfully applied closed to the fuselage, and the charge could be directional. The random placing in the hold would mean a lot more bang needed

(2) they may well have specific threat actors in mind ...and the issue may be down to adequacy of screening (that includes more than just technical) at certain airports

Overall tho ...there's not enough clarity around airline security...and rigorous thinking ...is likely absent/uneven

Clive RobinsonMarch 28, 2017 6:27 AM

I suspect quite a few people have missed one aspect of this.

Yes nearly 40,000 people will be killed on US roads this year but the general public view is "So what?" because of one or two common misconceptions such as "It ain't going to be me because I'm an XXXX driver" or "It was their own fault due to their YYYY driving skills".

The thing about aircraft is the same as "ICBM" or "Long Gun" fear, you feel you are vulnerable where ever you are. That is you will have the aircraft "crash and burn on you", not that you will be a passanger on such a flight. Since 9/11 an aircraft has gone from being a great way to get from A to B into a mad man's tool to bring death and destruction upon us all, in the minds of politicos and MSM journalists.

Rational and logical thought is not very persuasive when people are subject to "Oh My God, Think of the children" in quite visceral ways.

As for using it as a way to "favour US airlines" this is not the first time this has come up. Have a look back to a threat a decade ago and what quite partisan behaviour the TSA etc showed. Back then it was British Airways and Air France that got the brunt of the behaviour, whilst the US airlines were uneffected.

Clive RobinsonMarch 28, 2017 10:30 AM

@ D-503,

Re: manufacturers. Sandisk says their SD cards are "X-ray proof". But I haven't seen anything about tolerances, so my question still stands.

The simple answer is that "X-ray proof" is laws of physics wise, not true. We know how to make X-ray lasers and they can do one 5hit load of damage not just to electronics but just about everything.

What they manufactures realy mean is that under a given assumption, and then within a reasonable probability your data will not get altered. If you are a thin tail or fringe condition on the probability graph then "tough luck", they might just give you a refund if you push hard enough.

The assumption is the level of X-rays used by the machines they are aware of. Providing it's subject to that level or less for a short enough time then a "new" device will retain the data within a probability curve. However this does not say how much it "stresses" the memory component.

It's a bit like firing water at a sheet of metal if it's "low, slow and infrequent" then you will not see any damage, but even low&slow given sufficient time will rust away the sheet metal damaging it. Likewise fast and fine will under sufficient preasure cut through a sheet of metal just like a laser or plasma cutter.

From what I've been told in the past the X-ray scanners are run at low output to give longer usage life on the "tube" and detector. However the power supply is sufficient to drive it at very much higher output or for a continuous time, incase a high density object is placed between the scaner source and detector...

MichaelMarch 28, 2017 12:06 PM

In the meantime, safety regulations were previously moving towards mandating that all the large lithium batteries have to be in the cabin for easier overheating detection before spontaneous combustion…

Given that the number of explosives attacks outside the immediate war zones over last five years seems lower than the number of phones that decided to burn in public without any external reasons, the probability of dying horribly on the affected flights has probably gone up. Still low, of course.

VikasMarch 28, 2017 2:26 PM

Let's start with the assumption that there is a real threat with laptops in the cabin. (I understand that this might not be the case at all.)

Assuming this is true, I believe that we (meaning all of us who travel, or impact those who travel), are confusing "assasination" with "terrorism". In other words, why should we assume that potential terrorists care about the specificity of a target, as opposed to the generality of carnage and newspaper headlines?

So, if laptops are banned on flights to the U.K., and I had planned to take a laptop bomb on my flight to London, why would I not just take a flight to Berlin, or Paris, or Amsterdam? Frankly, as a very frequent flier, based in Europe, I am now worried about flying from these sanctioned airports to any city other than London.

Which makes me wonder why France and Germany and other responsible European governments have not followed suit on the ban. What are they seeing (or not seeing) differently?


compsciphdMarch 28, 2017 3:15 PM

Further point, one can get through security to the gate with a laptop or tablet. Its only at the gate that you aren't allowed to board with a tablet or laptop.

Threat Model: person goes through security with tablet (or has a confederate on a different flight to a non restricted country go through with the tablet) and then puts it on and wears it onto the plane. Unless one is forced to go through a second screening (as Israel many times forces people to do) to get onto the plane (which also neuters the need for the ban), I don't see what this does besides makes life annoying for legit users. the terrorist will still makes the plane go boom.

Thomas_HMarch 28, 2017 4:07 PM

@Snarki:

The ban on laptops in the cargo hold is a consequence of a global ban by the International Civil Aviation Organisation on transporting lithium batteries, due to the fire risk. Curiously, that little tidbit of information was (very conveniently) left out of all of the news items I've seen and read about the "carry-on laptop"-ban...

So yeah, it looks like a disguised economic sanction...or just plain racist bullying of Middle Eastern countries. That the UK takes part is likely just May kissing Trump's behind...gotta keep the "special relationship" alive after all...

zMarch 28, 2017 4:18 PM

Tõnis, "Homeland" came out of G.W. Bush's Orwellian response to September 11, 2001. I mean this in the true sense of the word "Orwellian," since in 1984, they chose the names of their main Ministries (Departments in the U.S.) to further their propaganda. If the Department of Homeland Security were created at any other time in history, it would have been called something like the Department of Domestic Security, which just doesn't have that nationalistic appeal they were going for.

rickMarch 28, 2017 5:48 PM

The fact they are Mulsim countries is a bit misleading. The fact that it's ten specific airports makes it hard to come up with a reason.

MikeAMarch 29, 2017 10:51 AM

@z I always assumed that the choice of "homeland" was an intentional dog-whistle to those who are comforted by the word, similarly to those who were comforted by "Geheime" in the name of another such agency.

"And they've hardly bothered us since then" (Tom Lehrer)

Tamara BensonMarch 29, 2017 10:18 PM

Regarding the comments that said a bomb in a Cargo Hold is just as bad as one in the Cabin, I feel the same way.
With authorities stating that this ban is because certain countries have less acceptable security--why believe the Cargo Hold is
any safer? With or without -eh-hem- oversight?

I hear the "complexity of the bomb" arguments; I'm just not convinced that's a compelling reason to ban laptops in the Cabin from 7 countries.

I joked tonight about it all being about selling Arabs and Africans in flight laptops, but it's hard to believe that our MBA's are that Evil. Well, kinda hard...

I agree with the commenter who mentioned the hacking of the in flight Wifi network. That worried me--that really scares me. From what I've read most planes are flying Unix boxes, and when Flight side and Entertainment side are not separated there is the potential for a breach. The commenter provided the links, sorry don't know where that comment is just now.
Maybe to Security, a Laptop looks like it's easier to use to hack the in flight Wifi, though I think we all feel that an Ipad or any other smart device that can get to Wifi is just as dangerous.

I know these problems are very hard to solve, and seem impossible to solve on some levels, but these kinds of oddly irrational bans and rules look like someone missed Logic Day at the Mental Gym.

If there's evidence of a specific threat, tell us. Then we won't think our Government is irrational and/or misleading us.
T

oxygenMarch 29, 2017 11:54 PM

@Chemists cc: @Clive Robinson, @MarkH, @anyone else who knows about planes

Isn't the cargo-hold generally depressurized? How might that effect the consequences of "random" runaway LiOn fires enflight?

WaelMarch 30, 2017 12:07 AM

@oxygen,

Isn't the cargo-hold generally depressurized?

It's pressurized, otherwise the floor would have to be a lot stronger to handle the difference in pressure between passenger and cargo areas.

Now on the relationship between fire and pressure, hmmm: I forgot my thermodynamics, but if the cargo area isn't heated then the temperature at cruise altitude could go down to negative 80F.

The thing is if the plane breaks down at this altitude, temperature and speed, the passengers won't even realize what happened. Close to instant death. They won't be screeming while falling down. That's what "I" think.

ATA23March 30, 2017 5:26 PM

As a mainly ata23 avionics eng I just have to lol when I read comments about hacking nav tru the panasonic IFE.
Im sure csi cyber and scorpion know how to accomplish it in a snap. but hey the world is made of holly-wood.

Cargos are usually heated and pressurised. Heated is relative though. Can range from full ac down to only the hot air from avionics compartment cooling. Also the cabin floor is not at all airtight and guess where the galley/lav exhaust fans go?

The cargo has usually a halon extinguisher system, but if the rivets are blown out, the fire wont be your concern...

Clive RobinsonMarch 30, 2017 6:37 PM

@ ATA23,

I just have to lol when I read comments about hacking nav tru the panasonic IFE.

It would appear that PACs IFEC systems have had and in some cases still had problems three months or so ago,

http://boingboing.net/2016/12/21/panasonics-in-flight-enterta.html

Unfortunatly there is little or no technical information just the vague,

    It's the latest vulnerability identified in in-flight systems, which have been a frequent source of significant vulnerabilities. IFE's are theoretically on separate networks from critical aviation systems, but this convention isn't always rigorously followed (as is often the case with airgapped networks, the immediate value of cross-connecting them often overrides the theoretical, down-the-road risks of doing so).

So we have some people saying that there is no connection and others saying there might be if...

The problem I have is people have way too much faith in data diodes as "magic" solutions to problems. Data diodes are actually very limited in what they can do, and it basically boils down to "no reverse data channel" (ie the equivalent of just cutting the inbound or RX channel wiring).

However for the WiFi Internet communications side of the IFEC to work it needs both the outbound and inbound data circuits to be in place not just in the IFEC but also down through the communications system that links eventually to the Internet. In all probability the link from the aircraft to a ground station is "shared" with other systems.

Thus whilst it may not be possible for PACs IFEC system to directly talk to the other systems using that link, it may well be possible for a user of the IFEC to put so much data onto the link that it in effect causes a denial of service attack on the other systems.

Thus without rather more technical information there is no way to say that such a DoS from the IFEC is not possible. Which means we have no way to judge if your "LOL" is a belly laugh, or a hollow laugh...

oxygenMarch 30, 2017 7:52 PM

@ATA23

The cargo has usually a halon extinguisher system, but if the rivets are blown out, the fire wont be your concern...

Good point! So would you say it's safer to have poorly manufactured batteries in the hold rather than the cabin?

FigureitoutMarch 31, 2017 1:07 AM

Clive Robinson
The problem I have is people have way too much faith in data diodes as "magic" solutions to problems
--They aren't actually isolated in your scenario then? They got the isolation wrong then?
(ie the equivalent of just cutting the inbound or RX channel wiring)
--No, wrong. It's more than that. Simply cutting an RX line, you could still technically reprogram an MCU and remap pins to use a different line for RX or TX if there's more than one port to use or the ports are flexible like that. Placing a data diode on that line, it would take "extraordinary circumstances" or extremely high voltage/current to breach the gap and make a receiver a transmitter and a transmitter a receiver. When you shield it, RF-wise, optically, put some physical deterrents, that's about as good as you'll get on consumer devices that get used in the real world. Someone breaks in...if it's not physically guarded, it's not important enough.

Tamara BensonMarch 31, 2017 1:23 AM

@Clive

Clive thank you for giving much better insight into the plane Wifi issue.
Forgive me, I really don't understand in flight Wifi tech--but I do know Unix and other OS's, and I do get the Diode reference.

Stupid question:
So do you brilliantly mean that on a plane there is an UP channel (either from ground or Satellite?) to the Plane and the same thing for a DOWN channel from the Plane? So whether or not a Plane can separate it's Nav systems and it's Entertainment systems, the PLANE is using the same UP and DOWN "Channels" for both systems?

That's one hell of a big picture view for me, so thank you. Correct me if I misunderstood.
And of course we trust that Airlines and Security are working to keep that shared Channel free of trouble. (fingers crossed)
But obviously as you described that is quite difficult.
I guess I simply assumed that Nav info was basically staying on the plane, but now that you mention it, it's probably being transmitted up and down as well. Oh dear it hurts to think. said Pooh.

I truly don't want to sound like all the paranoid we have around us, much of it justified, but....
but one thing that honestly bugged me last night was realizing that on 9-11 there were phone calls from some of the planes that were jacked. I've never once been able to make a call from an in flight plane since then, before then I never had a cell phone. Did something change over the years? My cell appears to be in flight sleep mode every time I'm on a flight now, and I never buy their wireless services. Sorry for the off topic weird question. But it seemed to fit into the question of the how Planes communicate with the ground or satellites.

Thank you, appreciate your insightful answers,
T

Clive RobinsonMarch 31, 2017 4:28 AM

@ Figureitout,

They aren't actually isolated in your scenario then? They got the isolation wrong then?

No it's that people see them as a "magic bullet" when they are not.

From a logical perspective people view them higher up the computing stack than they are, hence my "the equivalent of just cutting the inbound or RX channel wiring". As you probably know most protocols require feedback for error detection, correction and most importantly "flow control".

It's very very likely in most uses of a commercial data diode the source can send at a much much higher rate than some down stream point in the communications path. Think a LAN connected source computer linking to another host that bridges data down to a WAN link. If the data diode goes in the LAN then it will alow a very high data rate that exceeds the WAN data rate capability. The fact that the source computer does not see any rate limiting feedback means that things will go horribly wrong and data will be lost.

To prevent this quite a number of data diodes are not true diodes, they pass back error correction and flow control signals. As I've mentioned a couple of times in the past you can do "Fault Injection attacks right back through a system via the transparancy to error correction".

Thus if you have two source computers each behind a LAN data diode, even though they can not send data to each other, they can by sending data bursts block the WAN link thus stoping the other sources data getting sent or sent in a timely manner.

I've yet to see an academic or security industry paper about this method of attack and how you solve it.

@ Tamara Benson,

So whether or not a Plane can separate it's Nav systems and it's Entertainment systems, the PLANE is using the same UP and DOWN "Channels" for both systems?

Yes, it can be, if the aircraft owner decided to do things that way.

But the problem is a bit more subtle than that, because you can induce the fault as long as there is commonality somewhere.

If you think about it on a LAN the traffic and error control is shared. Thus the source computer does not need to send at the full LAN capacity to fully use the LAN bandwidth. If the packets it sends are the same size as the error message it produces then it only needs to send at half the bandwidth of the LAN, if smaller then it gets an even better advantage. But it's actually worse than that due to the CDMA process, if you turn that off on a network interface --as you can on some NIC hardware-- or it's blocked by the data diode you can turn the NIC into a jammer on the LAN.

Thus even if the navigation system does not use the aircraft to ground down/up link with it's rate limitation issues I mention above the IFEC can effect it by blocking the LAN.

There are ways you can limit the problem but it adds extra complexity which if not done correctly can cause other problems that are difficult to diagnose.

OdalchiniMarch 31, 2017 8:28 AM

Qatar Airways offers free paptops on U.S. flights.
You give them your laptop to check in the hold, they loan you a laptop and you use data from your USB stick. Ha! Theft of your data? Trojans installed on USB stick? The possibilities are endless. And the exciting in-flight guessing game: how far will your laptop get through the baggage system before it's stolen?

laughing about something someone told meMarch 31, 2017 10:23 PM

@Odalchini wrote
'And the exciting in-flight guessing game:'

or no guessing required for

'There are two types of luggage; carry-on and lost'

Tamara BensonMarch 31, 2017 10:44 PM

@Clive

Thanks, I am having to learn new things to understand your answers.
And it scares me that someone like me might have been hired to do this kind of security setup, and done it wrong.
I was not, to make this clear, but that still scares me.
I've been offered other jobs that asked almost as much, and I groaned, realizing.

What's happened today is very interesting and perturbing: CNN had a gov report on more platitudes about it's ban that suggested that they knew of bombs being planted in removed harddrives in laptops. A very placating, needed, reassurance of their logic.
Horse Manure.
Hope someone is keeping us all safe,
T

Scan-XApril 4, 2017 5:01 PM

I have worked in aviation security for 17 years and the rational in New Zealand since 2002 is the removal of any "large" electronic device from carry on for separate screening to give the screener a clearer image to work with.

Its easily done and only to the unprepared an inconvenience.

FigureitoutApril 10, 2017 1:07 AM

Clive Robinson
No it's that people see them as a "magic bullet" when they are not.
--Not a magic bullet b/c nothing is, magic isn't real, but a very powerful tool. For a particular channel, they will most likely force a side-channel attack that may leave other kinds of evidence and loss of stealth.

It's very very likely in most uses of a commercial data diode the source can send at a much much higher rate
--That's a design flaw w/ the system in the first place. You can slow that down at the source w/ delays.

To prevent this quite a number of data diodes are not true diodes
--Yeah well, then they are screwing up the isolation. These sound like attacks downstream from the data diode.

Bill StewartApril 15, 2017 2:05 PM

(Minor point, and while I'm replying to the Cryptogram that just came out, most of the comments were a couple weeks ago - oh, well.)

The US TSA did NOT start checking shoes after Reid's shoe-bombing attempt. They'd been doing it for a while already, just more randomly, and used Reid as an excuse to make it mandatory everywhere. The problem they'd been addressing before was that men's shoes often have metal stiffeners in them, which aren't visually obvious but set off the metal detectors, which interferes with traffic flow while they make you back up, send your shoes through the x-ray, and go through the metal detector again.

This was especially obvious in Hawaii, where a large fraction of travellers wear flip-flops instead of heavier shoes. Some TSA people would let everyone leave those on and only make the folks with heavier shoes take them off proactively, or only if they beeped. Other TSA people had more fun being bullies and make everybody take them off even though it was pointless. I was often an edge case - Teva sandals are non-metallic, but Birkenstock buckles have enough metal that sometimes they set off the metal detectors depending on how aggressively they're set.

JoshMay 21, 2017 9:23 AM

In my recent travel from SFO to LA, I removed my laptop (as I often do when I travel, but in was not required here)to go to the Xray machine. After it went through another TSA asked to take my laptop for further inspection and placed it on another screener. It went okay after the test.

When I reached LA to use my laptop, all my desktop files did not show and can't even signon to use my laptop. Note: It was working while I was in San Francisco to the time I reached the airport. Also, traveled from Michigan to SFO and stayed in SF for a week..no laptop problem.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.