Friday Squid Blogging: Sinuous Asperoteuthis Mangoldae Squid

Great video of the Sinuous Asperoteuthis Mangoldae Squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on August 9, 2019 at 4:12 PM124 Comments


gordo August 9, 2019 5:12 PM

You can easily secure America’s e-voting systems tomorrow. Use paper – Bruce Schneier
As it emerges non-internet-connected election systems are actually connected to the internet
By Iain Thomson in Las Vegas 9 Aug 2019

Black Hat While various high-tech solutions to secure electronic voting systems are being touted this week to election officials across the United States, according to infosec guru Bruce Schneier there is only one tried-and-tested approach that should be considered: pen and paper.

It’s the only way to be sure hackers and spies haven’t delved in from across the web to screw with your vote.

“Paper ballots are almost 100 per cent reliable and provide a voter-verifiable paper trail,” he told your humble Reg vulture and other hacks at Black Hat in Las Vegas on Thursday. “This isn’t hard or controversial. We use then all the time in Minnesota, and you make your vote and it’s easily tabulated.”

Gunter Königsmann August 9, 2019 6:52 PM

@Anders: they all fall the first time.
Which means:
For many aspects of e-government Estonia is the first country that uses it. And the first time something is rolled out in such a big scale there will be many bugs. Even with problems being noticeable by many? Most? Users I would therefore say it is a success.

Patriot August 9, 2019 7:15 PM

Using AI in the classroom–it’s an interesting topic with serious implications for privacy.

One of the best things about going to school in America (K to 12) is that you don’t have to really care.

AI in the classroom has become a major selling point in certain schools, especially in training schools (ones that offer education on the weekends and in the evenings). I wonder: when does proper supervision end and invasive surveillance begin?

For example, AI can detect mood and attitude via facial expression.

**ALERT, ALERT Mother! Father! You are receiving this text message as a warning that your son does not have an excited, involved, and engaged attitude (EIE) towards his lesson. He has only raised his hand once in the last 17.0256 minutes, and the height of the hand raising does not compare favorably with that of other students.

Drive-By Idealogue August 9, 2019 10:06 PM

Curiously this /. post is the first time I ever recall not being able to comment anonymously at all (rather than just throttled if posting multiple comments, which started a few years back).

The comment I wanted to post was-

@(other)AC: “Freedom of Speech, what’s that? I guess an old concept”

I’m on the idealistic side of pro-free-speech and anti-state-sanctioned torture.

Computer are cool, interesting times I had the (mis)fortune of being born into.

Just like people seem to have come down on the side of state-sanctioned-torture is ok in some situations, it seems people are also coming down on the side of repression-of-free-speech is ok in some situations.


I do however find the inexplic4bilities the overall situation 2 curious 2 ignore…

name.withheld.for.obvious.reasons August 9, 2019 11:01 PM

Given the controversy surrounding the current press by government to assert primacy respecting access to our data, documents, conversations, and information I have a three post thread to drop on you all. This made up warrant-proof encryption theatre must be answered. I will contradict Steve Gibson in that I believe his focus is technological whilst mine argument is more philosophical.


The assertion that government has ownership of my or your data is codified in Presidential Policy Directive 20 is an assumptive convolution of limited government. The sovereign conveys to government specific authorities, roles, and objectives in support of the Union. From the sovereign, then state, the federal government is deliberately designed with a restrictive contour of/on authorities and roles. The formation of the federal government as designed is not permissive, implied or derived in law is not permitted without principal law—a modification to constitutional law.

It has been in the last twenty years that this concept is being turned on its head. The tenth amendment to the United States Constitution is clear, unless enumerated the government doesn’t have any authority or role without enumeration and specificity. How is it that the federal government currently issues and executes from general warrants, collects all electronic transaction records (not naming the person, place, or thing), and sneak and peak physical intrusions? It is under the construct of the “Continuity of Government” that some claim to superiority over the sovereign is achieved. Our representative democratic republic has become malevolent and adversarial to the citizen and thus has broken the explicit contract that maintains OUR constitutional efficacy and OUR Union. The federal government has breached the explicit legal and contextual (spirit of law) contract that binds the citizen to the government and the government to its citizenry.

For a pretext; for explanatory purposes I have developed two allegories for the encryption debate; the first example is based on a proprietary (developed this a few years back) asymmetric cypher-text for producing secured paper documentation called PAPER GOOD PRIVACY. I include a use case regarding the use of my PAPER GOOD PRIVACY systems. The second example defines a paper company that I developed for use with my PAPER GOOD PRIVACY, the paper product line name is CRYPT-COPY-PAPER.

tfb August 10, 2019 6:03 AM

Perhaps this isn’t quite security, but anyone paying attention in the UK learned something interesting yesterday evening: if you want to take a great chunk of the UK’s electrical power grid offline, you need to be able to force two power stations offline at once. Chances are that a lot of them share the same computer systems with the same vulnerabilities, of course, making this easier.

Anders August 10, 2019 8:34 AM

@Gunter Königsmann

Estonian ID card has been out almost 20 years by now.
Enough time to iron out the child diseases, wouldn’t you think?
Sorry Gunter, this is a PR product, not something that
is actually designed to be user friendly from the scratch.
I can tell you countless stories how in any organization you
always find some computers where getting ID card working is
just enormous pain_in_the_ass.

CallMeLateForSupper August 10, 2019 9:50 AM

@name.withheld. …
“(developed this a few years back) […]”

Sorry. No. Proprietary crypto is at best a curiosity and at worst snake oil, Thanks for playing.

Clive Robinson August 10, 2019 12:12 PM

@ CallMe…, Name.Witheld…,

Proprietary crypto is at best a curiosity and at worst snake oil

All crypto algorithms are “proprietary” untill subject to “peer review” and indepth testing.

However experience has taught me that original thought is worth looking at for two reasons.

Firstly it opens up new possibilities. Secondly even when totally bad it usually gives up new methods and insight.

Oh and whilst people are running around worrying about “Post Quantum Crypto” there is a rather more important and immediate problem that is facing us,

All consumer devices have the security end points on the device where the communications end points are. This means that even the most secure of communications applications running on consumer devices are very easily rendered usless because an attacker can simply get at the “plaintext User Interface”. Thus such devices can not ever be secure.

Which means consumers can not have the right to privacy with the electronic devices available to them. That’s not a “Future might be” as with “post quantum” it’s very much a here and now very definate real and persistent issue and has been for quite some time.

Which means for consumers to have privacy they need a non electronic device, that moves the security end point off of the consumer electronic devices that are also communications devices, which these days is rapidly approaching all of them. This is because the “System on a Chip” (SoC) devices available for IoT and most other consumer devices come with comms on the SoC as standard.

Thus we need to look into crypto systems that do not need consumer electronic devices to work. The simplest of such options is “Pencil and Paper Crypto”. We know that the One Time Pad (OTP) and One Time Codes (OTC) are considered “theoretically secure” and thus if used properly “practically secure” as well.

Thus Paper and Pencil codes and ciphers that are theoretically secure are of interest to consumers that want to establish their right to privacy.

Further the sooner they become used then the sooner this “back door” / “front door” / “golden key” nonsense can be consigned to the trash can of bad history again.

Drive-By Idealogue August 10, 2019 12:22 PM

@name…: Our representative democratic republic has become malevolent and adversarial to the citizen and thus[…]

Depending on your gender, skin color, religion, sexual preference, choice of food or medication, or whatever, you might be of the opinion this is not such a new development as your narrative suggests.

Whomever August 10, 2019 12:54 PM

Which means for consumers to have privacy they need a non electronic device, that moves the security end point off of the consumer electronic devices that are also communications devices

I’d say they at least need a device that hasn’t been targeted and which can no longer easily communicate or become compromised wirelessly. For example a mobile with it’s cellular/wifi/Bluetooth disabled physically presents a much harder target for an end-run attack. But, it also complicates messaging. The ability to easily send and receive messages would need to be facilitated somehow other than the disabled wireless protocols.

This could be done with computer vision. A second, connected, device could facilitate sending and receiving cipher text. The cipher text could be transferred to the air gapped device via QR codes or some other visual encoding. The air gapped device decrypts, displays, and allows an encrypted response to be composed. Then, the connected device would “read” cipher text back using the same visual encoding and send to a recipient.

A lot of mobile phones have hardware accelerated QR readers built in. The trick would be getting one that isn’t already owned by your adversary, loading the requisite software onto it, and disabling it’s wireless capabilities.

I’m not sure how well it would hold up against side channel or rubber hose attacks. Also, I don’t know how hard it is to truly disable the wireless stack in an iphone or android. Surely someone has attempted it or at least documented which pieces would need to be damaged/disconnected. But, the software would be relatively simple to build using existing libraries.

. August 10, 2019 2:11 PM

@ CallMe…, Name.Witheld…,

Proprietary crypto is at best a curiosity and at worst snake oil

Yeah, right. That’s why all those ransomware attacks are no big deal. It’s proprietary so anyone can just break it and get their files back. If they want to succeed, then they should really submit all their ransomware crypto to some jackass committee to be “peer reviewed” before unleashing it.

vas pup August 10, 2019 2:39 PM

@Clive recent on the subject from previous week answering your question:

Russia explosion: Five confirmed dead in rocket blast:

“Rosatom said the accident occurred during tests on a liquid propellant rocket engine.

The three injured staff members suffered serious burns in the accident.

Authorities had previously said that two people died and six were injured in the blast at the site in Nyonoksa.

[!!!]The company told Russian media that its engineering and technical team had been working on the “isotope power source” for the propulsion system.”

Alejandro August 10, 2019 2:49 PM

Speaking of proprietary crypto, the other day I was reading logs and noticed an odd port 443 connection to something called QUIC, which to be honest I had never heard of.

QUIC stands for QUICK UDP INTERNET CONNECTIONS which is a Google PROPREITARY encryption protocol on port 443 UDP which essentially substitutes for TLS on Google Chrome, Youtube, Gmail and some other Google apps. A technical review tends to indicate at least to the average user it isn’t quicker than TLS. An interesting part is, most firewalls do not recognize it all, so it becomes invisable and thus unblockable. The QUIC protocol runs on Port 443 UDP, so without going into a full-blown rant, I will say if you should decide it’s something you don’t want it’s easy to defeat by blocking port 443 UDP at the router or indvidual computer.

I did and do not see any degradation of service at all.

Isn’t that something….Google has their own opaque encrytion protocol to make the internet …better?

(But, for whom?)

Clive Robinson August 10, 2019 6:24 PM

@ Whomever,

I’d say they at least need a device that hasn’t been targeted and which can no longer easily communicate or become compromised wirelessly.

Where are they going to get it from?

Not being funny but there are probably more people now, that don’t know how to program a VCR than since they were first invented.

Consumer technology has changed so fast that few outside specialist occupations now know how to use things like the command line any longer. So older technology that has not got overly complex OS’s full of vulnerabilities/backdoors and SoC devices with comms interfaces is not in the average consumers abilities let alone available to them.

If countries like the UK and Australia pass legislation making encryption backdoored etc, how long do you think it will be before they pass legislation making all consumer equipment in effect back doored. As it is it’s getting hard to buy consumer entertainment equipment without Internet connectivity of various forms and with blue tooth etc. With many vendors adding microphones and even cameras both of which can “dial home”, privacy in the home is becoming effectively Orwellian.

Whilst there are people around who can program 8bit and 16bit microcontrolers that are capable of doing various forms of encryption, but without having in built off system communications. The chips are getting less and less common. You can now buy for the same price fully functional 32bit SoC devices in the 2USD price range that not only have the RF comms hardware built in they can also run *nix virtually out of the box. You see them poping up all over the place in IoT devices.

Which means that a generally available consumer device will be either backdoored or easily “owned”. Thus of little or no value privacy wise.

If we are to retain any measure of privacy then it is the ordinary consumer we should be assisting, not the specialist. Because specialists are very few and far between thus a very small fraction of the general population. Therefore specialists are effectively of no concern to SigInt agencies, unlike the general population under the modern paradigm of “collect it all”.

Clive Robinson August 10, 2019 6:33 PM

@ vas pup,

The company told Russian media that its engineering and technical team had been working on the “isotope power source” for the propulsion system.”

This gets curiouser and curiouser… If we carry on following this story fairly soon we are going to see White Rabbits with gold watches and little bottles marked “drink me”…

Clive Robinson August 10, 2019 6:42 PM

@ Zaphod,

Long time no hear, I trust you are well?

With regards,

UK power outage – cyber attack? Dry run?

It might be, but I would be more inclined to consider poor maintenance and lack of upgrades to cover increased demands from new homes etc, causing in effect a “cascade fail”. That then can not come back again due to “cold circuit current inrush”.

Whilst I would not rule out Cyber attacks, the UK was one of the first countries to take the threat seriously thus have regulations in place that are a little more robust than a paid for consultants check list that many other Western Nations still have…

Clive Robinson August 10, 2019 6:52 PM

@ Anders,

I commented on this new Boeing bad software story last week.

The fact that the software design and implementation on two different Boeing aircraft both show a lack of “quality control” is rather worrying.

Thankfully even though I live not that far from one of the busiest airports in the world (LHR), I am not under any flight paths.

GrationalNid August 10, 2019 7:45 PM

Worth noting the UK national grid’s automatic load-shedding did exactly what it was supposed to when faced with two large suppliers suddenly offline at, quite inconveniently, the same time. And so close in time to each other that the normal fast-demand generators could not be spun up quickly enough, and geographically close enough. Quite inconvenient indeed.
The interesting bit is that, if a theoretical cyber attack, one attacks only two sources to force the grid to do what the grid has to do anyway. The unpredictable bit was how much of the U.K. load would need to be shed in very few minutes to restore balance before other sources became ready for taking a load. TRIAD sources would be at least 15 minutes.
Public statements by national grid seem to be quite carefully avoiding saying that the actual failures lie outside the grid.

gordo August 10, 2019 9:17 PM

@ Clive Robinson,

the modern paradigm of “collect it all”.

Which means to say “track it all”, “tap it all”, “share it all”, “break it all”, “fake it all” and “direct it all”.

Clive Robinson August 11, 2019 6:22 AM

@ gordo,

Which means to say “track it all”, “tap it all”, “share it all”, “break it all”, “fake it all” and “direct it all”.

Which as a consequence leads on to,

    “Control you all”

The consequences of which fall into the three broad categories of “surfdom”, “flight” or “fight”.

As we see from the nightly news eventually the first gives way to the other two. The second can also be described as from “frying pan to fire” and only lasts as long as there are places to run to.

History shows that ultimately war will occur be it at home as civil war or abroad against some other nation as a war of conquest and enslavement.

People then say “never again” untill of course it all happens again. As was observed by Wendel Philips at the begining of 1852,

“Eternal vigilance is the price of liberty; power is ever stealing from the many to the few. The manna of popular liberty must be gathered each day or it is rotten. The living sap of today outgrows the dead rind of yesterday. The hand entrusted with power becomes, either from human depravity or esprit de corps, the necessary enemy of the people. Only by continued oversight can the democrat in office be prevented from hardening into a despot; only by unintermitted agitation can a people be sufficiently awake to principle not to let liberty be smothered in material prosperity.”

I guess that today would not surprise Alphonse Karr, who in effect wrote history’s epitaph with,

    Plus ça change, plus c’est la même chose

Ismar August 11, 2019 6:53 AM

Problem with wars, revolutions and such is that they get exploited and hijacked just allowing the ruling set to get replaced (or renewed if you will) by another one which might be wearing blue instead of red shirts. And so the cycle continues in an ever increasing frequency of change until the whole system disintegrates , leaving a very small minority to reboot itself into yet another epoch maybe on another planet in the far reaches of the universe.
Wow, this sounds like a beginning (or even an end) of a SciFi novel ????

Anders August 11, 2019 7:41 AM

I’d better use ordinary smartphone.
Same capabilities but nothing suspicious when someone opens
the parcel.

I’m pretty sure China does the same thing for some time now.
They manufacture the smartphones, install hacking code, ship the container.
They hack everything on the route, at the endpoint hacking code deletes itself,
phone switches off and is going to warehouse/shop on sale.

SpaceLifeForm August 11, 2019 12:23 PM


“Which means that a generally available consumer device will be either backdoored or easily “owned”. Thus of little or no value privacy wise.”

My working assumption is that all electronic devices are backdoored, and even if I have root, I assume someone else has root also.

So, Faraday Cage required whether paper involved or not.

Maybe a combination of sound and visible light could work between two devices that are considered already backdoored as long as one is in the cage. Maybe.

Curious if you can point out something that I am overlooking with using sound and light vs using paper.

Scenario is using sound and light to comm between the two devices with one in the Faraday Cage as an alternative to paper.

It’s not really a completely new concept, as after all, face-to-face communication use sound and light. And maybe paper.

vas pup August 11, 2019 12:53 PM

Gadgets can be hacked to produce ‘dangerous’ sounds, says researcher

“Many modern gadgets can be hacked to produce deafening and disorienting sounds, research has revealed.

Security researcher Matt Wixey found a range of devices had little protection to stop themselves being turned into “offensive” low-grade, cyber-weapons.

Mr Wixey tested laptops, mobile phones, headphones, a PA system and several types of speakers.

The weaknesses could cause physical harm, harass individuals or disrupt larger organisations, he said.

Annoying tones

Mr Wixey, who is a head of research at PWC’s cyber-security practice, said he conducted the experiments as part of PhD work into the ways that malware can directly cause physical harm.

He sought to find out if the volume and speaker controls of the devices could be manipulated to make them produce harmful high and low frequency sounds.

Custom-made viruses, known vulnerabilities and other exploits were used to subvert the devices and make them emit the dangerous sounds for long periods of time.

“Some attacks leveraged known vulnerabilities in a particular device, which could be done locally or remotely in some cases,” he told the BBC. “Other attacks would either require proximity to the device, or physical access to it.”

In one attack, Mr Wixey used a program that scanned local wi-fi and Bluetooth networks for vulnerable speakers which it then sought to take over. Any compromised device would then be made to play the weaponized sound.”

My take: I’ll find such frequency which put person into deep sleep mode, then person could not be any potential danger.

Sherman Jay August 11, 2019 1:53 PM

For a couple of years now I (and I believe most of us) have been increasingly convinced that we are all constantly under the microscope of the big greedy tech entities and gov’t (gov’t may be slightly less likely depending on our socio-political footprint).

While everyone posting here has provided many good and valuable ideas on secure communication using our compromised ‘devices’, I posit that if you use steganography to hide a text message in an image (using an appropriate size image and concise text), you can attach that to an E-mail (attached or better: in-line) and be relatively certain it will be secure from all but the most intense scrutiny. If you are truly ‘concerned’ you might encrypt the text before encapsulating it into the image with the steganography. Of course, the E-mail should have an innocent message related to the image to further reduce suspicion.

Or, as an old friend used to say with a big grin, “time for the cups and string network”

Sherman Jay August 11, 2019 2:00 PM

@vas pup,
I don’t doubt or mean to belittle your article or that research into dangerous sounds. I find it quite interesting and a little ‘disquieting’.

However (with a dose of serious sarcasm), I find dangerous, harmful sounds being emitted by my radio and television everytime I watch or listen to MainStreamMedia News broadcasts!

Zaphod August 11, 2019 2:28 PM


In rude health, thank you Clive.

I can’t help thinking that the more frequent infrastructure failures in the UK in the last couple of years have been due to external influences.

Mind you, my foil hat has been blowing off my head more too, so who knows. I trust those employed to know do in fact know.


SpaceLifeForm August 11, 2019 3:15 PM

My working assumption is that all electronic devices are backdoored, and even if I have root, I assume someone else has root also.

Incredible timing.

Well, how can one Faraday Cage a cable?

Lots of Tin foil on both ends?

And why is there a backdoor?

Ok, maybe not a true backdoor, but why is the connected ‘fake device’ trusted without authentication?

Nah, it’s a backdoor.

Smells like this is how Graykey would work.

It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.

MarkH August 11, 2019 3:47 PM

No, Not Again!!!

A little elaboration of the Wired story linked by Ismar at the top …

[Usual proviso: the attacks are practical against certain revision levels of the named products, and not others.]

The company/brand is Dormakaba or Kaba. The products are sold as high-security coded access (combination) locks. They are indeed used by customers who seek very high levels of protection.

The locks are quiescently “asleep,” and are powered (and must boot up) when the operator attempts to enter a code. In at least some models, the data used to authenticate an entered code is stored in a serial EEPROM.

Researcher Mike Davis found that he can extract the authentication data, and thereby construct a successful access code, by power analysis during the interval when the lock is booting (when code entry begins). The CPU must extract the authentication data from the EEPROM, and the serial data stream is effectively echoed as noise on the electrical contacts.

The models used for ATM cashboxes and pharmacy safes have some kind of electronic port (perhaps for maintenance) which is accessible when the locked door is closed. A digital oscilloscope is sufficient to capture the power trace for analysis.

The lock can then be opened by a hacker without leaving any apparent disturbance.

The government model doesn’t have this port, so doing the analysis requires some destructive (but not very difficult) opening of the lock … essentially, prying open its display screen.

However, this government model is

used in settings as sensitive as the Pentagon, the National Security Agency, the Central Intelligence Agency, Air Force One, and even to protect launch codes on US nuclear submarines

Sweet Jesus! Doesn’t anybody THINK? This type of vulnerability is not only very well known, but has been public knowledge for a very long time.

Sherman Jay August 11, 2019 4:15 PM

@vas pup,
Thanks for the links, good articles.

We ARE quite vulnerable. I had heard years ago that a strong sub-sonic acoustic tone could cause everyone in range to become quite irritated and/or anxious. I think I read that some ultra-sonic tones cause severe headaches (years ago the old ultrasonic alarms in liquor stores used to bother me). And, I know that flashing lights at ~13 flashes per second can trigger epileptic seizures in some vulnerable people.



My reading about Faraday Cages is that if a cable goes through the continuous wall of the ‘cage’ that can act as an antenna and can conduct any Electro-Magnetic Pulse right into the cage and damage what is inside. Also, most literature indicates a Faraday Cage is not grounded, thus if you ground any conductive cable going through the cage, that is likely to compromise the isolation system of it.

I welcome anybody with better info to correct me if I’m wrong.

Wael August 11, 2019 4:18 PM


Well, how can one Faraday Cage a cable?

You mean something for DEWSWEEPER? Easy: Faraday Tube it, with some minor modifications.

It all started going downhill when the mobo would allow firmware update from OS […] Give me my jumper and floppy please.

Sure, here ya go! But what’re you going to do about UEFI?

SpaceLifeForm August 11, 2019 4:20 PM

@Sherman Jay

I hear noise on radio (tuned to FM), if smart phone close. Like no more than a foot.

There is no noise unless phone is close.

Sherman Jay August 11, 2019 4:36 PM


I have used a ‘transistor’ radio on the a.m. band to ‘snif’ out RadioFrequency signal leakage from all kinds of electronic equipment including computers. Others have made sophisticated posts here on Schneier about using special equipment to ‘decipher’ the data flowing in the computer using those leaked signals. We live in a constant sea of RF signals. Luckily, most are low intensity and relatively benign.


Thanks for the better info on Faraday Cables. I was unaware of those.

RF can be tricky stuff, above a certain frequency, conductors can become insulators and insulators can become conductors (metallic wave-guides for certain microwaves).

(quick add ceramic impregnated fabric under the tin-foil in my hat! lol)

MarkH August 11, 2019 4:56 PM

Why Little Boys Aren’t Allowed to Play with Matches

Russia has done it again! These are the same guys who gave us Mayak, with Earth’s worst zone of radioactive contamination (in a populated region, no less).

The same geniuses who generated electricity (and still do!) using RBMK reactors with instabilities never tolerated in the West for civilian power generation, housed not in robust radiation containment structures but rather in simple industrial buildings. Gosh, what could go wrong?

They’re at it again! This time, it’s an accident testing a nuclear rocket engine in the Arctic. Luckily, the public health effects might be quite small, unlike the Mayak and Chernobyl inflictions of mass radiation casualties (far exceeding the public health effects of any other nuclear accidents).

But seriously, nuclear rocket motors? There’s reason to believe that the intended application is a cruise missile! We can hope that it’s not meant to fly over land, but woe to anyone whose boat or ship is underneath when a completely unshielded* nuclear reactor flies overhead.

It’s known that:

• the accident took the form of an explosion

• five persons are acknowledged to have died

• the nearby city of Severodvinsk reported elevated radiation readings

• pharmacies sold out of medicines containing iodine as the public scrambled to protect itself

• casualties were brought to a Moscow hospital in ambulances with door seams sealed by tape, and crews wearing contamination protection suits

Supervision by grown-ups is badly wanting here …

  • In the middle of the 20th century, the U.S. investigated a nuclear-powered bomber plane, abandoning the idea when it was realized that wherever it flew, it would leave a swath of intense radiation exposure along its flight path. The shielding needed to protect the public would be far too heavy for an aircraft.

Sherman Jay August 11, 2019 5:05 PM

My understanding (based on research from multiple sources) is that a Faraday cage must be continuous metal with no gaps that an EMP could enter through. There are some references that say if a metal mesh screen is used, it must have holes small enough that they block the wave-lengths of an EMP (or other undesirable RF signal)

Thus, looking at the ‘faraday tube’ in the link you sent. I am concerned that the ‘eye-bolt’ penetrating the cap might act like an antenna for any EMP or RF signal. And, wouldn’t the end caps need to have a continuous metal element inside that contacts the foil shield in the tube when closed?

Wael August 11, 2019 5:13 PM

@Sherman Jay,

Thus, looking at the ‘faraday tube’ in the link you sent.…

This tube is for different purposes. The right tube is a shielded tube that connects two faraday cages.

And, wouldn’t the end caps need to have a continuous metal element inside that contacts the foil shield in the tube when closed?

These are some “minor modifications” 😉

VinnyG August 11, 2019 5:16 PM

re: Clive Robinson re: “options”
Robert A. Heinlein, one of my all-time favorite SF authors, wrote: “A slave cannot be freed, save he do it himself. Nor can you enslave a free man; the very most you can do is kill him!” Since I am much to old to run (“flight”) and adopt a new culture and probably language (even if there was somewhere to run to that would guarantee my individual liberties, which there clearly is not,) and since I’d make a really terrible slave, there aren’t many options left for me in your scenario…

Wael August 11, 2019 5:39 PM

@Sherman Jay,

(quick add ceramic impregnated fabric under the tin-foil in my hat! lol)

If I’ve said it once, I’ve said it like three or four times: Tin foil hats are no good. Choose a different weapon… like a pressure cooker or a depleted uranium hat. It’s not difficult to find the full list of arsenal on this blog: Salad Bowl, Graphite fly swatter, straightjacket, Cookie can, …

65535 August 11, 2019 6:06 PM

@ Alejandro

I have seen QUIC talked about on various sites [and probably this site]. Last time I looked at useage numbers including Wipipedia I noticed it was used on only 3 percent of sites – but if you use Google or youtube those are huge sites and you maybe a user or victim.

“As of July 2019, 3.2% of all websites use QUIC…”

ht tps://

Did you block both inboud and outbound sides of UDP port 443?

Alejandro August 11, 2019 7:19 PM


I block QUIC at the router (port 443 udp) so I believe that would be both in and out bound. On my personal devices I block outbound port 443 UDP. That works.

I read somewhere since Chrome has about 60% of the browser market, and QUIC is the default, it’s quite prevalent. BUT, I must admit my logs don’t seem to be showing much 443 UDP traffic blocked, with the exception of Apple devices where it comes up a fairly often. (youtube?)

I still haven’t figured out that part.

While it’s true QUIC has been around awhile, I wasn’t really up on it until recently. Some people have concerns about the proprietary nature of the protocol (not secret, but secretive), that it’s essentially invisible to firewalls most of which are not programmed to see it and, of course, it’s the google. Last, despite claims of amazing speed, users don’t see the difference if it’s blocked and traffic reverts to TLS, etc.

gordo August 11, 2019 10:42 PM

@ Clive Robinson,

Regarding your third broad category, the “fight”, this also from Wendel Philips:

Corruption does not so much rot the masses: it poisons Congress. Credit-Mobilier and money rings are not housed under thatched roofs: they flaunt at the Capitol. As usual in chemistry, the scum floats uppermost.

So much so, that US courts have ruled “soft bribery” legal. See, for example, Citizens United, etc.,

. . . and, regarding agitators, again, Wendel Philips:

The agitator must stand outside of organizations, with no bread to earn, no candidate to elect, no party to save, no object but truth — to tear a question open and riddle it with light.

Or as Leonard Cohen put it more recently:

There is a crack, a crack in everything/ That’s how the light gets in

Keep up the good work.

AL August 12, 2019 12:17 AM

QUIC will become mainstream.
“The HTTP-over-QUIC experimental protocol will be renamed to HTTP/3 and is expected to become the third official version of the HTTP protocol, officials at the Internet Engineering Task Force (IETF) have revealed.”

I’ve used QUIC from the beginning, before it was the default in chromium browsers. In cases of video, like YouTube, I’ve never thought video should be transported TCP. For what I do, the more stuff they can get to work on UDP, the better, because it’s quicker.

Alejandro August 12, 2019 1:35 AM


“…if you don’t trust Google”?


If you trust Google, what are you doing here?


Alejandro August 12, 2019 1:44 AM


I get udp and video is a good combination. Regardless, I come up with:

Dual_EC_DRBG/NIST deja vue all over again.

Clive Robinson August 12, 2019 1:46 AM

@ Ismar, MarkH,

With regards the Kaba electronic lock issue, the majority of electronic locks suffer from this problem.

Worse you don’t have to use actual wired connections to the lock to do it (it just makes life simpler). What you can do –and I’ve done it some years ago– is use “EM Field probes”. The reason this works is that any wire carrying a current has charges flowing through it the current is a measure of charges moved in a unit of time. The charges have a force between them that is assumed to extend to infinity and as they interact you get a combined field the magnitude (scalar) of which is defined by Coulombs Law ( Fe = Ke.(Q1Q2)/r^2, where Fe is the force and Ke is Coulombs constant ~0.9×10-9 Fe is electrostatic force).

Put more simply from the current you can calculate both the electric field and the magnetic field around the wire at any given rate of charge movment. As the charges move their rate of change gives rise to an EM field which Maxwell’s equations describe which also is assumed to go off to infinity. The only real limit on the range is the “noise level” in a given bandwidth ( noise power Pn =4kTB, where power is usually expressed as V^2/R in circuits). Where Pn is given as -174dBm/Hz, however there if further background noise to be added including the microwave background noise from the “big bang”… Thus the actual background noise is effectively the sum of all noise powers at a given point in space and the direction (thus vector) they are comming from. As it is quite dificult to make “isotropic” probes most probes have a non uniform pattern the easiest to visualize being the “doughnut” shaped dipole which has –in theory– an infinate loss at the poles, but is usually around -30dB which means usefull directivity can be fabricated by the use of multiple probes to either enhance the desired signal or null out undesirable interfering signals. But importantly some noise types are considered either random or not coherent with the desired signal, which means repeated averaging synchronised with the desired signal “lifts it from the noise”.

There are other tricks where you can unstretch noise pulses or signals. Overly simply if you know your desired signal has an actual shape –which would be the case withs a series of repeatedly used CPU instructions– then by use of a matched filter you can bring the individual component parts of the signal together in time thus getting a much stronger signal to detect. The use of two matched filters setup to detect the “ones” and “zeros” seperatly can then be fed into another algorithm to get further information enhancment over noise.

All of this was known back in the 1980’s but we did not have the Digital Signal Processing (DSP) capabilities back then that we do now. It was the 1990’s and the use of “smart card chips” that brought things to a head and the various forms of “pasive” “power analysis” techniques were developed.

However back in the 1980’s I was going my own way on this. I had been doing personal research in my own time on how high level EM fields from RF sources like walkie-talkies effected very low power CMOS CPU’s such as the 1802 and their support chips. As part of which I discovered some interesting facts, two of which are relevant to security of things like this electronic lock. The first is that at low powers an EM signal passing through active digital logic gets cross modulated by the digital circuits, and by carefull selection of frequency you could get signals from individual PCB traces to be enhanced over others. Secondly at higher levels you could cause individual signals to be changed, thus it was possible to cause a running program to change it’s actions based on a signal you modulated onto the RF carrier, thus you can actively inject faults of your chosen type from outside the casing of electronics. I did not make myself popular by demonstrating this on an early “electronic wallet” and on a “Pocket Slots Game” for a major Casino and gaming company (both products thankfully failed in the market). The argument from the powers that be being “nobbody would do this” which kind of defied logic as I’d already done it… So I moved on to another employer who was designing “digital locks” and yes they are susceptible to all these attacks and quite a few other very much more primitive ones such as the “ring magnets” from magnatrons causing solenoid actuators to falsely engage thus bypassing the lock electronics entirely.

Which brings me around to why electronic locks have “electrical ports” on the side. Well these types of electronic locks run on batteries and even with the best brains in science[1] we have not solved the problem of “self discharge” in batteries… Likewise the electronics has reliability issues with storage and the like. Then there is the human factor of falling under busses or getting disgruntaled and holding people to ransom.

Thus such ports can be used to provide power when the battery fails or is not replaced in a timely fashion, or to do a factory reset when humans fail. Also as modern microcontrolers have lots of capabilities and memory all sorts of time related functions can be programmed and such things as usage logs can be read out. Developments in RFID and NFC technology means that a lot can now be done with just a simple coil just under the surface of a plastic casing. A bidirectional serial interface over power design can be done with a “single wire” interface like I2C or the system used with the likes of iButtons and Java-Buttons which you can buy fairly inexpensively[2] which are often seen as “key-fob” devices for alarms etc.

If you are a designer of electronic locks, trying to get the radiated EM field down of your security functions can be quite difficult, especially if you are not trained in TEMPEST / EmSec design… One solution is to “externalise it” to what is in effect a Hardware Security Module (HSM) that you then put in your design.

As I mentioned above, back in the 1990’s there were a lot of issues with Differential Power Analysis and similar attacks on Smart Chip Cards. Which means that the industry around them had to pull their socks up and sort the issues out, which they have “sort of”. Thus you can now buy more secure Smart Chip Cards in a form that is used in Subscriber Identity Modules (SIMs) in mobile phones and other security devices. These can be built into a lock instead of a flash ROM, and programed in such a way that the Smart Card chip does the security function of checking the user entered combination, it simply sends back to the host microcontroler a “go/nogo” signal to indicate if the lock should draw back the bolt or not.

You can get quite a bit of functionality in Smart Cards these days and no doubt @Thoth can provide more details on what to watch out for when using them.

[1] There has been some quite well funded research into how to design high security locks for nuclear repositories. The minimum time specification is it has to still work correctly after a hundred years of not being used… So far, as far as I am aware nobody has come up with a battery that even gets close…


65535 August 12, 2019 1:48 AM

@ Alejandro

“…it’s true QUIC has been around awhile, I wasn’t really up on it until recently. Some people have concerns about the proprietary nature of the protocol (not secret, but secretive), that it’s essentially invisible to firewalls most of which are not programmed to see it and, of course…”- Alejandro

That propriety Google aspect is not good and worse is the fact that some routers don’t see it. I am a bit concerned myself. I have talked to people in the firewall area early this year and they are recommending blocking udp port 443 for now. I have tried it and not seen much difference. Now we should determine which routers are not blocking QUIC and why.

“…it’s the google. Last, despite claims of amazing speed, users don’t see the difference if it’s blocked and traffic reverts to TLS, etc.”- Alejandro

Yes, that is my understanding also.

MrC August 12, 2019 2:52 AM

@ Alejandro:

I don’t trust Google, and I don’t use Chrome. So it’s not a problem for me.

My point was: If you’re going to trust Google enough to use Chrome in the first place, you might as well trust Google enough to honor Chrome’s setting to turn off QUIC.

Clive Robinson August 12, 2019 2:56 AM

@ MarkH,

@vas pup, @Wesley Parish and myself have been discussing the Russian missile test explosion and radiation burst over on the previous couple of Friday Squid pages and the US Pluto and Tory projects,

Such an engine was shown to work in the US (Tory) and it had the capability of keeping a “hypersonic cruise missile” up for months, thus turning it into the capabilities of a globe spanning ICBM for less cost than an IRBM at the time.

The US Pluto / Tory projects were cancelled after seven years not because of the very real danger they represented but due to a fear that Russia would be forced to develop it’s own system and there was then unlike ICBMs no known way to stop such hypersonic missiles even thought of (and it’s highly doubtful we’ve made any progress on that front since).

One of the lessons many have either not learned or have forgoton is the great asymmetry between the US and Russia. The Russians had a dangerously pragmatic approach where safety/security of nuclear devices was very low on the list of priorities with simplicity / reliabilty much higher. The opposite was and still is true of the US and to a certain extent other Western nations that developed nuclear weapons. The problem is that other than a few “field artillery” type nukes such as the Davey Crockett it appears that less than thirty percent of US nukes were actually likely to function if deployed. Figures for Russia nukes are likely to have been much better, however, the early Russian delivery systems we now know had a habit of blowing up on the launch pad…

Whomever August 12, 2019 2:56 AM

Which means that a generally available consumer device will be either backdoored or easily “owned”. Thus of little or no value privacy wise.

I agree but also suggest physically disabling the radios in the “secure” device (the one dealing with plain text in my proposal).

Even if the device were compromised ahead of setting up the scheme, you would still get some measure of security by making exfiltration of the keys harder. A pre-installed microphone/speaker protocol, for example, could still defeat the air gap. But, if your adversary didn’t pre-install that capability in the device before you disabled it’s radios you would still be “safe” with the caveat of physical security.

You could probably set this up with a raspberry pi and a camera on top of any existing messaging app. I just think it would be easier to manage if you use an old or cheap mobile phone.

If we are to retain any measure of privacy then it is the ordinary consumer we should be assisting, not the specialist.

Did the idea make sense in capturing the intent to push the endpoint one step past the primary/connected device? I do agree with your predictions of class unrest given the total absence of private communication/thought/action. But, in lieu of securing everyone’s smart phone, what can we do? For example, if you assume that even Moxie’s Signal protocol affords no protection because the endpoint it runs on is compromised, your only options are to move or secure the endpoint. I agree that it is impossible to secure a modern computer or mobile phone. I’m more hoping that there’s a way to separate “the baby from the bath water” with regards to that situation. Pad and pen are a lot more cumbersome and would still require good physical security (perhaps Bruce’s playing card scheme with a copy of cryptonomicon near other legitimizing classic sci-fi novels being the exception to that).

Maybe another way of articulating this would be to enumerate the ways data could be transferred bi-directionally between two modern phones and rank them in terms of difficulty. Easiest would be the cellular connection, followed by wifi, NFC, and Bluetooth. After that I think speakers and mic would be easiest. Next would be the screen and camera. Past that you might be able to leverage unused/overlooked SOC “features” or things only available to processes in Intel’s “trust zone” or whatever they’re calling it. Past that maybe leakage could be done through modulating backscatter of other signals or something tricky with the GPS. I’ll assume there are others as well. Note, part of the difficulty here is getting a receiver in place and picking which data fo send as bandwidth is significantly lower down the list.

Given that situation, most root kits will utilize the easiest methods first and only support fancier exfiltration in special cases. To my knowledge no one has the means to automatically fall back across such disparate technologies. So, if nothing else, using the camera/screen scheme would necessitate individualized targeting; which is not nothing. And, if the targeting occurs after this is set up, the air-gapped device becomes a very challenging target.

MarkH August 12, 2019 3:18 AM


I found a claim (from a commenter here, several years old) which seemed to suggest that a rotary-dial Kaba model had a sort of generator inside, obviating the need for a battery to power the electronics!

I’ve no idea whether that’s factual, but it would be kinda cool …

Clive Robinson August 12, 2019 4:11 AM

@ SpaceLifeForm,

Curious if you can point out something that I am overlooking with using sound and light vs using paper.

Unfortunately yes…

You are not unconditionaly stopping the communications end point on the first device, you are extending it to the second device via the “light channel”.

Years ago somebody over at the Cambridge Computer Labs came up with the idea of displaying a grid of coloured dots on a computer screen and then using a mobile phone type camera in an external device. In other words they were using light as a communications channel. I kind of upset them when I pointed out the channel was not an “air gap” or anything else gap.

The way they communicated information was that each dot would be one of four colours thus giving 2bits per dot. I pointed out that infact they had forgoton luminence of the dot as a side channel. That is whilst to a human eye a dot might appear red, to the camera it was red at one of many luminence levels. Thus it was possible to send the equivalent of an extra four bits per dot by changing the luminence slightly such that the human eye might not easily pick it up but the camera could if a form of differential encoding was used.

As with many of my observations in life on security, it was not exactly welcome news to the system designer…

As it turns out even if you fix the luminance problem when the dots are generated, you can simply turn the dot on and off very rapidly to achive a similar effect to variable luminance (think how Class-D audio amplifiers work or many Switch Mode Power Suplies).

Thus the problem you have with the light channel as with any side channel you do not directly control is the ability to hide a “covert side channel” inside it.

Which brings us back to,

My working assumption is that all electronic devices are backdoored, and even if I have root, I assume someone else has root also.

You ultimately have to apply that philosophy to both ends of the light channel.

The advantage paper and pencil have is several fold,

Firstly even if a side channel could be established, what advantage does it give an attacker? the second device being a piece of paper is not amenable to being programmed, and if you are using sensible OpSec it will be destroyed immediately after it’s use for a single communication.

Secondly the bandwidth of pencil and paper is very very low, thus any coresponding covert channel would have an even lower bandwidth. Effectively the only covert channel that could be established would be a time based one. Due to the vagaries of humans and their need for tea/coffee time based covert side channels would suffer from not just time disruption but also messages could be grouped before transfer or transfered out of order. Thus such a channel would need an inordinate amount of Forward Error Correction (FEC) which would cut the bandwidth by several more orders of magnitude. So whilst not impossible the data rate would be down at best in the bit/week or slower rate.

Thirdly, on the assumption you use a One Time Pad with the message armoured against modification prior to encryption and you follow OpSec rules messages can not be faked or altered, they simply fail. Which brings us into the “error correction” domain, which in a security environment can be a bit complex. But the simple advice of “Fail hard and long” breaks any time based covert channels and “Resend from plaintext” where you encrypt the message under a new pad and send it again breaks other forms of attack.

So for the first two reasons alone, it’s fairly safe to say that an attackers communications channel stops on the first device.

Clive Robinson August 12, 2019 4:38 AM

@ Mark H,

… which seemed to suggest that a rotary-dial Kaba model had a sort of generator inside, obviating the need for a battery to power the electronics!

Energy does not spontaneously appear, the generator is simply an inefficient transducer for converting one sort of energy into another.

People have sugested other internal energy sources such as “clockwork” but that to runs down unless you rewind it. Likewise dropping magnets through coils under gravity and similar.

The problem is what happens when an incorrect combination is entered. You’ve run the energy supply in the lock to the generator down and eventually the lock will not function.

This would leave open the possibility of hand crank or on the back of the rotary dial etc. In other words the generator is driven via a shaft from outside. However that gives rise to other security issues such as the shaft being bent or broken, or over cranked such that the generator over volts and burns out it’s self or the lock electronics.

Which means in the case of the nuclear repository lock the primary requirment of “Must always open on correct combination entry” fails.

It’s also the same primary requirment for military use safes. Where being able to get at the contents or verify the contents are still there, is a primary requirment. Which means the likes of “relockers” and other similar anti burglar techniques can not be used.

MarkH August 12, 2019 5:34 AM


My mental picture, was that each turn of the dial would generate electrical power, the energy source being the muscular action of the person entering a combination.

It’s rather a Rube Goldberg design (or, if you prefer, Heath Robinson), but I think feasible. Presumably the generator output would be used to charge a capacitor from which the circuitry would be powered.

In their time, Thomas Edison and Henry Ford were not only American heroes of innovation, but also friends.

I once read that Edison’s house had a fence with a turnstile gate through which visitors had to pass. When Ford came to visit, he remarked to Edison that he should lubricate the turnstile, as turning it required a strong push.

Edison replied, “don’t tell anybody, Henry, but every person who passes that turnstile pumps a gallon of water into a cistern in my attic.”

BTW, my understanding is that in US nuclear command and control system design policy, negative controls are given priority (for obvious safety reasons). The cost of an unauthorized or unintended nuclear strike exceeds the cost of an authorized but failed strike, by an astronomical ratio.

In keeping with this, the requirement that the lock fail to open on incorrect combination entry might well supersede the requirement that the lock open on correct combination entry.

A final thought about batteries … in many applications, their life is much less than that of the electronic systems of which they are part, and over the years many battery types have contained toxic materials which can pose disposal problems.

One of my industrial clients has faced big pressure from its customers to eliminate batteries altogether, though in practice it’s quite difficult to do (only one of their fielded systems is battery free).

Converting mechanical energy to run circuitry — even under very restricted conditions — is an awfully tough thing to make practical in most applications, but the quest to eliminate batteries has motivated us to consider it a couple of times …

Clive Robinson August 12, 2019 6:21 AM

@ Whomever,

You could probably set this up with a raspberry pi and a camera on top of any existing messaging app.

And that’s where it stops being “ordinary consumer” usable.

You can look up on this blog or Github “Tin foil Chat” (TFC) that will give you the qualities we desire. It’s one of the best examples around designed and built by Markus Ottela when at the University of Helsinki, Finland, it’s still up on GitHub and just reading the documents alone should give you a good idea not only what it can do but the various parts involved and the work required to get it up and running. That is unfortunately “it does not work out of a shrink wrapped box” which is what the majority by far of those who would want to use such security would need it to do.

The other problem is unlike an old mobile phone, calculator or similar, carrying it across a border is asking to be stopped and asked awkward questions. Because it does not look like something you would find in a travelers luggage. It’s why I suggested a while ago that for the optical data diodes and light pipes TOSLINK components [1] be used As these are comparitively much more common as they are used in the recording and other entertainment industry equipment also home studio and more up market home hifi using seperates. They solve not just noise issues, but ground loop, and galvanic issolation issues, that occure quite frequently in outside events run by generators or across floors in multi story buildings. Such bits if made to look like “USB to Optical” parts can be more easily passed especially if “music software” is on the computer etc.

I even suggested that making them commercially as USB to TOSLINK converters would actually make them a product with more than one market to sell into. Which would help with the “shrink wrap packaging” issue.

[1] TOSLINK or Toshiba Optical Link also called “Optical Audio” is based on the Sony / Philips Digital Information Format (S/PDIF) protocol. Quite a few high end “HiFi Seperates” and “Studio Equipment” have the interface as standard on them,

Clive Robinson August 12, 2019 10:38 AM

@ AL,

For what I do, the more stuff they can get to work on UDP, the better, because it’s quicker.

The reason it’s quicker is lack of error correction and sequence correction in UDP -v- TCP.

So either the application has to be tolerant of errors, ommisions and out of sequence packets or some form of error correction is needed. This can be done one or two layers up in the stack preferably with a large window tolerant protocol or Forward Error Correction (FEC) has to be added to every packet at the source which usually tripples the sent data size.

What you do and how you do it depends on the underlying network reliability and round trip time. The last time I checked UDP reliability it had way better than a 1e10-4 error rate which is kind of at the point you consider removing error correction in error tolerant protocols (ie if a packet is lost it fills in with the average of the packets before and after on uncompressed audio and video).

The trick these days is comming up with a data compression algorithm that is fault tolerant. Fractal type compression has proved better than other types of compression in this respect.

The advantage of short path length is that with a suitable window algorithm lost packet re-send is still a viable option provided more than three times path latancy is acceptable.

However at the other end with long path delays and error rates worse than 1e10-2 FEC is often the most optimal way to go despite the large increase in data bandwidth required.

Sherman Jay August 12, 2019 1:25 PM

Thanks for the protective headgear advice. If I add a diode to my hat foil, maybe I’ll at least be able to receive radio signals. It reminds me that at, the official headgear of members of the Church of the Flying Spaghetti Monster is a metal colander. Are they all doomed to surveillance by everyone?

On a more serious security note, my little local computer clinic organization endorses Linux. However, we make a very clear distinction between the trust earned by the worldwide Open Source GNU linux community and the dangerous, secretive, spyware world of Gloogle, Chromed, Androids, Gmale and even the Chromiumium browser.

Wael August 12, 2019 2:07 PM

@Sherman Jay,

dangerous, secretive, spyware world

That’s right! Keep wearing that Kevlar-armored straitjacket

If you’re not wearing a straitjacket, then you’re not paranoid enough

1&1~=Umm August 12, 2019 2:55 PM

@Sherman Jay:

“… and the dangerous, secretive, spyware world of Gloogle, Chromed, Androids, Gmale and even the Chromiumium browser.”

Do you include the evil that is Ubuntu and it’s telemetry in that list?

Sherman Jay August 12, 2019 3:32 PM

@wael –
I apologize for what may have seemed a stupid, insensitive, sexist reference. I couldn’t think of any other recognizable alias for the gloogle mail service at the time.

Now that I’ve had some time for my fevered brain to cool off, I had an idea.

Someone could come up with an onion-router type of E-mail protocol that would (might) prevent tracking. It would route the message through a dozen participating peer-to-peer computers all over the world before delivering the message to the ‘encoded’ end addressee. And, wait for it — you could call it ‘chain-mail’. 🙂 (after all aren’t we actually revisiting the middle ages?)

Of course, those cameras on the lamp posts probably relay all the video and audio to Ammazon, too! Perhaps the visitor knows it is really all ‘smoke’ and mirrors?

Most (really all) security oriented IT sites I have visited in the past year or more have all been posting instances of IOT (or should that be ITIOT) devices being hijacked by the vendor for their own profit and the destruction of privacy of the consumer.

And, a friend asked me why his notepad-like app on his android phone had to be updated every few weeks. I didn’t want to even try to address all the problems brought up by his question.

EvilKiru August 12, 2019 3:39 PM

@Clive: Re Kaba locks

How about an electronic lock where the key provides the power? That way you don’t need a battery that lasts 100 years. Instead you need to make sure the battery type is still available for purchase in 100 years.

Wael August 12, 2019 4:03 PM

@Sherman Jay,

I apologize…

None needed!

It would route the message through a dozen participating peer-to-peer computers all over the world

May be doable if you get your ISP out of the way, perhaps by using a network of BT, WiFi, direct links from peer to peer. You’d still need to think about “spook peers”, honeypots, etc… also, your end devices need to be air-gapped (going back to Faraday cages and Faraday Tubes.) In other words: you protected your data-in-transit with that mechanism, but you’d still need to protect it at rest and in-use.

SpaceLifeForm August 12, 2019 5:33 PM

@Clive, @Wael, @Sherman Jay

Disregard the Lightning cable attack That was just an example of untrusted/backdoored electronic equipment.

Here’s my usage scenario in (a bit) more detail.

(well, a bit per week)

The usage scenario: People need to comm securely. But devices are not trustable because they are already backdoored, and likely have hidden radios besides the obvious WIFI/BT/NFC.

But, we want it to be usable by consumer.

So, two devices, both assumed to be backdoored.

Device1, Device2

Device1 has net. Device2 in Faraday Cage.

No cable between D1 and D2. No Faraday Tube.

D2 can comm with D1 thru the light/sound holes in the Cage.

D2 on battery only.

But the builtin backdoors in D2 can not comm thru the cage via radio frequencies. (yes, I realize that light is EMR like radio, but have they really put SDR in cellphones? That can deal with light? Don’t believe so.)

Yes peer to peer involved in my design.

But, need more input to shoot down this idea.

Wael August 12, 2019 5:57 PM

@SpaceLifeForm, @Sherman Jay, @Clive Robinson,

D2 can comm with D1 thru the light/sound holes in the Cage.

What’s the nature of communication that D2 establishes with D1? Make D2 untraceable by using D1 as a network browser, for example? And how is D1 going to respond back to D2, over the same light channel?

But the builtin backdoors in D2 can not comm thru the cage via radio frequencies

What about backdoors on D1: why aren’t you concerned about them?

Perhaps a detailed sample use-case would help (elaborate on “communications”.)

Clive Robinson August 12, 2019 7:36 PM

@ EvilKiru,

How about an electronic lock where the key provides the power?

The problem is that involves pins connected to the circuitry which makes it vulnerable.

You can look up the “USB-Killer” device. Put simply if you can generate a high enough voltage at a low enough impedence you can dump considerable energy into the circuit, that it was never designed to handle.

Whilst you can try to limit the inrush of energy, it has to go somewhere. As neither capacitors or inductors disipate energy –only store it– any protection circuit needs resistance that is physically small with fast rise times. The down side is physically small resistors have a very small energy disipation. This means either a complex system of graded low pass filtering into capacitively coupled loads to stretch any rise time to the point that active semiconductors such as transorbs (equivalent of back to back zener diodes) that have nano second rise times, can start switching the energy away from the sensitive circuitry.

But what ever you do, you do end up with a series resistance in the protection circuit that acts as a “back stop” That unfortunately under normal usage conditions disipates a big chunk of the energy. The net result is instead of say using a three volt battery in the key you would have to use twelve volts. Which means that there would be 3I power consumed by the lock circuitry and 9I power disipated in the series resistance of the protection circuit… Which at 12I drawn from the Key Battery is not good for it’s life expectancy…

Having designed circuitry with very fast rise times and quite high energy (think cascade UV triggered spark gaps and water dielectric capacitors) to quite literally explode fine silver / copper wire like tubes into high preasure plasma. Basically more “box bashing” precision mechanical for optics than electronics, that also just happens to have some electrical components built in for instrumentation protection. Not a patch on Sandia National Laboratories Z machine that goes to the edge of fusion, but sufficient grunt for people to be somewhere not close to the business end when fired. Which has given me some appreciation of a number of the issues involved with “poor man’s EMP”…

SpaceLifeForm August 12, 2019 8:05 PM

@Clive, @Wael, @Sherman Jay

A couple of more bits.

In the scenario, it’s an armoured payload/packet, and expires in a day.

And no content.

Wael August 12, 2019 9:29 PM


And no content

In that case, I wouldn’t worry about it. Just don’t send multiple packets with the same “no content” payload… it’s considered poor Securitymanship.

Wesley Parish August 12, 2019 10:38 PM

@Clive Robinson, et alii

re: nuclear-powered cruise missiles, etc

They do have one problem – when they make a strike, they are going to scatter a pile of radioactive debris over the target. Which makes them “nuclear” even if they’re not armed with a nuclear warhead. Fantastic of course for universal area denial – no one gets to enter said area unless they want radiation poisoning to whatever degree they enjoy ;( And not forgetting the heavy metal environmental damage locked up in the shielding …

I’ve also made my considered views on the intelligence of the morons who designed the “tactical” nuclear weapons, quite clear:
War On Terror Just Blows Me Away

(To get at least one of the jokes, you have to know why Santa never made it into Darwin in 1974.)

Clive Robinson August 13, 2019 3:50 AM

@ Wesley Parish,

And not forgetting the heavy metal environmental damage locked up in the shielding …

That would not be a problem…

Because there is no shielding around the reactor in such designs.

So as the thing flies over your head it sprays neutrons into everything. Whilst non organic structures remain intact, the organics especially the “meat sacks” get a good grilling…

So effectively it does not need a warhead, it just flies backwards and forwards at hypersonic speeds across nations or even continents spreading death but not destruction along it’s flight path, as what might be seen as an endless neutron bomb…

As such once up to a certain speed and the reactor up to a nice rosy glow, there’s nothing realy stopping it for not just hours, or days or weeks but months…

There is the quote from the Bhagavad-Gita Hindu sacred text that Oppenheimer made infamous, that would make appropriate reactor start words,

    Now I am become Death, the destroyer of worlds

In effect as it flies the four horsemen of the apocalypse are brought together in it’s foot print,

    They were given power over a fourth of the earth to kill by the sword, famine, and plague and by the wild beasts of the earth.

The latter being the bacteria and roaches that are about all that will survive and thrive in what remains after the famine and plague of radiation sickness. In effect the lucky ones being those who die by the sword, because it is a quick death in comparison.

Clive Robinson August 13, 2019 8:54 AM

@ SpaceLifeForm, Sherman Jay, Wael,

D2 can comm with D1 thru the light/sound holes in the Cage.

Some time ago I said “air gapping” was an insufficient term and we needed to consider “energy gapping”.

As we should know energy travels from a source in three basic ways,

1, Conduction,
2, Convection,
3, Radiation.

Whilst the traditional “air gap” will stop the first. The second has usually been considered to slow to change to give usefull bandwidth (an unsafe assumption). The “air gap” in it’s traditional form does not stop radiant energy, and it generally does not stop mechanical conduction and subsiquent radiation of sound.

Over the years “networking” using CDMA type techniques has been developed and commercially exploited not just for conduction in cables but by radiation of radio frequencies, infrared light and high frequency audio.

There are two issues with all communications,

1, Acknowledgement.
2, Error correction.

But these become quite accute in multiple access and CDMA systems.

Thus in simple terms for reliable communications the source needs an “ACK” or “NAK” from the sink to ensure the reliable transport of data.

Which means “two way communications” that is,

A, D1 sends a data packet.
B, D2 receives the packet.
C, D2 processes the packet.
D, D2 sends ACKs/NCKs.
E, D1 receives the ACK/NAK.
F, D1 processes the ACK/NAK.
G, D1 goes to A or sends FIN.

Note steps C and F, the “processing time” gives an opportunity for “jitter” which in turn can hide a covert channel.

With traditional symetric crypto algorithms unlike asymetric or One Time Pads, there is generally a short key between 100-300 bits. Each bit sent back by D2 in the jitter on sending it’s ACK/NAK halves the search space on a brut force attack.

The advantage of OTP type systems is that D2 would need to send back as many key bits as there are message bits and that would be obvious to an observer even in a covert channel because of the time taken.

But a further point with OTP systems they can work in two ways.

Firstly is the traditional “cipher” method where each bit of key material effects the state of the coresponding message bit (ie XOR function or modulo ADD in a field).

The second is the less obvious mapping function in a code. Traditional codes are index numbers into a meaning dictionary, where you have two halves to the dictionary “meaning-code#” and “code#-meaning”. Due to the complexity of printing up such codes in the past the mapping function became invarient for the lifetime of the code which could be years. In essence the code can be viewed as a “simple substitution cipher” which most know is quite weak.

In the past this was got around by “super encipherment” of the code numbers, which had a similar effect –but not quite in all cases– of randomly remapping the dictionary. True random mapping would have the same security as a One Time Pad, that is,

    All mappings would be equally probable.

This has the same downside as the OTP in that the amount of randomising data for the dictionary has to be the same size as the mapping size for each and every message sent. With an 8,000 word dictionary you would need 13 bits per word or 106496bits / 13312Bytes which is wastefull. Which is why super encipherment with an OTP is prefered.

The other advantage of a code is “compression” that is with an average word length of six characters in a dictionary you need an average of ~30bits per word which is over double the 13bits needed for the code number[1].

With “spelling lists” on *nix boxes or running a whole bunch of text files together using “cat(1)” then “tr(1)”, “sort(1)” then “uniq(1)”[2] commands in a simple shell pipeline to make your own “spelling list” does not take much effort. Likewis doing the same in a simple python script to make an easy to use dictionary. You can also print it out in say 64 words per column with a blank line to group into 16words and eight columns per page which double sided makes an eight page booklet and also calculating an index / code number in binary fairly easy if you do it as a concatenation of page(3bits) : side(1bit) : column(3bits) : group(2bits) : word(4bits) then convert to hexadecimal. Or similar for decimal with ten words per group, five groups per column, eight columns per page, and eleven double sided pages in the booklet. Importantly don’t forget to make the first word “{NULL}” as this makes certain remapping into smaller message sets easier[3].

[1] I’m not going to go into the use of variable length codes based on word use frequency. Because they are hard enough to get your head around for the average person let alone use for pencil and paper systems. Further as with the likes of ZIP they tend to work best if dynamically generated. But as can be seen from Morse code that is based on letter use frequency there are considerable savings to be made.

[2] The unix command uniq(1) actually has an advantage for making “code books” in that instead of just outputing a single column of words if you use the “-c, –count” flag it can output a two column table where the second column is the word and the first column is the words frequency in the body of text files you use. You can also use the “-i, –ignore-case” to stop other issues which tr(1) can do as well Thus you can write a simple script or Python program to only output the most frequently used words.

[3] With an OTP if the source encrypts {NULL} –which is zero– it sends the same value as the OTP value to the sink. On decrypting to {NULL} the sink just silently drops it. Thus if you have a binary alphabet of 2^5 –0 to 31– you csn easily map it into an alphabet of 26 printing characters. If you modular ADD a plaintext binary char with the 26 char OTP and the result is “greater than 25(Z)” you encrypt a {NULl} and send that instead, you then try the same plaintext binary char with the next OTP char if it’s less than Z you send it or repeat untill it does[4].

[4] This is one reason why when generating OTPs from True Random Generators (TRNGs) you will limit the likes of single value run length and apply certain other rules. The fact that you are using a limited set does not effect the strength of the OTP because you are still randomly selecting from that set thus all messages remain equiprobable within that reduced set.

vas pup August 13, 2019 12:28 PM

@Clive: Thank you! This one about Norway penitentiary system.

Clive, new article from BBC:
For better or worse, small but incredibly influential groups can change the course of political debate. But is this leading us to hold more polarized views?

This part could be interesting for Bruce I guess:

“Social scientists have historically explained polarization as the result of irrational thinking. Surely, any reasonable, although mis-informed, person will accept when they are mistaken, the argument goes. Someone who stubbornly sticks to their wrongly held beliefs when presented with evidence is, you would think, clearly acting irrationally.

But a recently published study challenges that common-sense theory. In fact, polarization could happen in populations of perfectly rational people when you consider the limitations of the human brain.

One issue with studying rational and irrational beliefs is that no human can be said to be completely rational. It is also hard to predict when someone might react rationally or irrationally, or to control that behavior in an experiment. So, a group of researchers from the US, Japan, Belgium and South Korea worked with computer models of agents who they programmed to act either rationally or irrationally.

“These agents were assigned an opinion, but could change their opinion after interacting with other agents,” says Jiin Jung, co-author of the paper and researcher at Claremont Graduate University in California, US. If they were all acting rationally, you would expect them to share their opinions and sometimes to alter their views if they found that others’ arguments were stronger than their own.

The agents were made to behave rationally or irrationally by manipulating their memory. Some of the agents were given perfect recall, while others were given a more fallible memory.

“Those with unlimited memory could remember any type of argument from any perspective,” says Jung. “Those who could forget were split into some who randomly forgot and others who forgot weak arguments or old arguments.”

“Agents with unlimited memory did not become polarized,” says Jung. But no human has a perfectly infallible memory. What is more interesting is what happens when we account for the fact that our attention spans, memories and energy to debate can change.

“If we are rational with a limited memory span, that causes the bipolarization of opinion in a group,” says Jung. “Even though we are completely rational, our society can become polarized because we forget the arguments of others.”


“Persistence and consistency in support of minority opinions is key to being influential. “Minorities that have a consistent behavior style or risk their own self-interest have the most influence,” says Jung.

[!!!]”“When people feel uncertain they use strong values to define themselves,” says Gaffney. “When people are highly uncertain of themselves and their motivations, different types of leadership become more attractive, like autocratic leaders in democratic societies.” Authoritarian leaders often play on this uncertainty, says Gaffney, using rhetoric like “We’re losing who we are”.

““It’s sad because when people are uncertain about their place in the world, they try to find a group that is very radical, that has an authoritarian leader that has a clear norm and clear boundaries,” says Jung. “When people are uncertain about who they are, positivity and negativity are less important – so they’re not necessarily thinking about whether their actions are good or bad.” This is particularly the case around marginalized groups, Jung adds. “Oppressed people see the majority as bad, so the minority must be good.”

vas pup August 13, 2019 12:39 PM

Hong Kong protests: Police defend use of ‘disguised’ officers:

“On Monday, in a news conference that was at times heated, Deputy Police Commissioner Tang Ping-Keung defended the use of the “decoy officers”.

“I can say that during the time when our police officers were disguised… they [did not] provoke anything.” he said. “We won’t ask them to stir up trouble.”

“Our operation… is targeting extreme violent rioters,” he added. Mr Tang said police were responding to protesters who had used slings and hurled petrol bombs.”

My take: this comment above is very important to set up a paradigm of using undercover LEOs: they should NOT be instigators of crime activity for other people which is ENTRAPMENT.

E.g. undercover female police officer on sting operation on prostitution should NOT initiate contact with potential solicitor of her service, but wait until was asked for her service. In former case it is pure entrapment, in latter – legitimate LEO activity where prostitution is illegal.

Major Variola August 13, 2019 2:16 PM

PacificBlu closes giant squid (jibia) processing plant due to Squid Law

PacificBlu announced on Friday the definitive closure of one of its giant squid (Dosidicus gigas) processing plants and the stoppage of part of its fleet, which means that 367 workers will be left without work in the Bio Bio Region, mostly in Talcahuano and Hualpén.

As explained in a statement, the measure is due to the entry into force of the Law of the “Jibia” (giant squid).

vas pup August 13, 2019 2:39 PM

What’s more powerful, word-of-mouth or following someone else’s lead?

“Researchers from the University of Pittsburgh, UCLA and the University of Texas published new research in the INFORMS journal Marketing Science (Editor’s note: The source of this research is INFORMS), that reveals the power of word-of-mouth in social learning, even when compared to the power of following the example of someone we trust or admire. The same research found, however, that both word-of-mouth and following someone else’s lead are two of the most powerful dynamics in influencing others through social learning.”

SpaceLifeForm August 13, 2019 5:41 PM

@Clive, @Wael, @Sherman Jay

D2 (in cage) is for the armouring/encryption.

Remember, D2 is an untrusted, assumed backdoored device.

D1 is for transport over the untrusted and assummed backdoored network.

And D1 is also assumed to be an untrusted, backdoored device.

No handshakes involved.

It certainly can fail on network transport side. But, if you have no net, moot point.

It’s not a ‘session’. And no handshake between D1 and D2. Think UDP, not TCP.

And the ‘no content’ is never re-used.

The comms between D1 and D2 are only over light AND/OR sound.

Sancho_P August 13, 2019 6:11 PM


Probably I don’t understand your intent:
D2 (in cage) is for the armouring/encryption.
Remember, D2 is an untrusted, assumed backdoored device.

¿So D2 is the (caged) encryptor, but untrusted?
And D3 would be a machine you are preparing text / secret stuff?

¿Why should caged, untrusted, backdoored D2 not send ciphertext and plaintext simultaneously via whatever to D1 and the world?
¿Or plaintext plus key?

Clive Robinson August 13, 2019 7:07 PM

@ vas pup,

For better or worse, small but incredibly influential groups can change the course of political debate.

Politics is just the current incarnation of this problem.

It’s one of the reasons I have a distinct lack of faith in economists and similar predictors of human behaviour.

There is often a number of quite simple reasons people become “irrational actors” and it boils down to “distortion of their Point of View (POV)” either intentionally or not,

1, Lack of information which distorts their POV.
2, Over trust in individuals which distorts their POV.
3, Incorrect interpretation of minimal information which distorts their POV.
4, Not wishing to, or lacking the ability to confront a source of information that has some level of trust.

Are just some of them.

As I’ve mentioned in the past when an event happens that is witnessed by N people, the reality is there is atleast N+1 points of view where at least one is not known.

The one least likely to be known is what we like to call “the actual truth”, and a little thought on the matter shows that it is not possible to know the actual truth but at best some aproximation to it.

Even in science we have “measurment error” that can distort findings[1], and more subtly limits of meaure[2] so what chance do ordinary mortals have?

It’s also why one witness to an event can move the “apparent truth” or “agreed truth” away from the “actual truth”. We even have a saying that reflects this of “With each retelling the tale grew taller”. Take something like the colour of a coat. Most people would agree with “red” in broad daylight, but what about lower light levels? Then “dark blue” might be “black” or “dark green” or even “charcoal grey” depending on who says it first. Thus with retelling what was blue becomes green etc.

Thus there is no reason “to lie” just tell a slightly different verion of the “apparent truth” others will quite happily go along with it and usually end up actually believing it.

The reason people don’t then like to change their mind back is it makes them look unreliable or even dishonest. Something defence lawyers rely on as a trick to exploit to discredit witnesses in the eyes of a jury.

Actual testing shows that “eye witness accounts” are usually not very reliable, and that witnesses will often only correctly identify individuals about one time in four, even getting the persons sex wrong way more often than you would expect.

[1] It’s why science likes to repeate experiments usually with different starting conditions to ensure any “law” is sufficiently robust and within certain limits (often called “linear behaviour”). As a mater of fact every time you stretch a spring even minimally you fractionaly change it’s properties due to amongst other things “work hardening”. However usually such a change is very small and below the threashold of measurment for an individual test. But as hundreds if not hundreds of thousands of actions of the spring show it eventualy fails in some manner and has to be replaced. As this is also fairly predictable we have the idea of “preventative maintainance” to stop amoungst other things aircraft dropping out of the sky.

[2] Limits of measure can actually be seen as well as reasoned out. If you take an object you can measure it’s dimensions with a “measure” that is of similar dimentions to the object. However if the “measure” is smaller than the dimension being measured then it has to be repositioned repeatedly, obviously this will cause errors. Likewise if a measure is larger than an object then an estimate has to be made. An example of both would be measuring the dimensions of fine wire on a 1500ft real with just a 12 inch ruler as the measure.

David of Australia August 14, 2019 2:56 AM

For our friends across the pond. Has anyone claimed, or attempted to claim their compensation from Equifax for ther collossal data breach?

JG4 August 14, 2019 7:13 AM

Hope that the entropy gradients are treating you well. Been busy or you’d hear from me more often.

Government, now with more power to deliver ineptly. “… and deserve to get it good and hard.” – H. L. Mencken

All-optical diffractive neural network closes performance gap with electronic neural networks

A room-temperature organic polariton transistor

Comments are worth the price of admission.

Big Brother is Watching You Watch

Facebook Paid Contractors to Transcribe Users’ Audio Chats Bloomberg (David L)

What Your Voice Reveals About You Wall Street Journal. Depressing:

Audio data from customer-service calls is also combined with information on how consumers typically interact with mobile apps and devices, said Howard Edelstein, chairman of behavioral biometric company Biocatch. The company can detect the cadence and pressure of swipes and taps on a smartphone.

How a person holds a smartphone gives clues about their age, for example, allowing a financial firm to compare the age of the normal account user to the age of the caller.

Facial recognition software mistook 1 in 5 California lawmakers for criminals, says ACLU MSN (Kevin W)

Google’s algorithm for detecting hate speech looks racially biased

VinnyG August 14, 2019 7:27 AM

@David of Australia re: Equifax compensation – A few weeks back, I navigated the process just far enough to confirm that I would be required to supply a cr@plo@d of the same kind of PII that Equifax leaked in the first place. Seemed like a terrible trade-off…

Clive Robinson August 14, 2019 7:45 AM

@ JG4,

I trust you are well, and hope things are going your way. With regards,

Facial recognition software mistook 1 in 5 California lawmakers for criminals

The software obviously was defective that is obvious. Because it should have identified 4 out of 5 Californian lawmakers “as” criminals to be even close to being correct.

Who? August 14, 2019 12:40 PM

A secret program, going on since at least october 2010, targets anything that stores information:

A product of the National Reconnaissance Office (NRO), Sentient is (or at least aims to be) an omnivorous analysis tool, capable of devouring data of all sorts, making sense of the past and present, anticipating the future, and pointing satellites toward what it determines will be the most interesting parts of that future.

vas pup August 14, 2019 2:09 PM

AI reads books out loud in authors’ voices:

“Chinese think tank iiMedia expects the market to more than double between 2016 and 2020, to 7.8bn Chinese yuan (£900m) a year.

It is now a simple process to use text-to-speech technology to quickly generate an audio version of a book, using digitized, synthetic voices.

But most people prefer audiobooks that are “professionally narrated” by authors, actors or famous public figures.

And now, advances in machine learning and speech-to-text technologies mean that digitized voices are becoming more lifelike.

For example, the company Lyrebird allows clients to create custom “vocal avatars” from just a one-minute recording of their voices.

On its website, it showcases its services with two audio recordings of former US President Barack Obama and current US President Donald Trump, created using machine learning.”

Good link inside to confirm last statement.

vas pup August 14, 2019 3:09 PM

Up to half of patients withhold life-threatening issues from doctors:

“Facing the threat of domestic violence, being a survivor of sexual assault, struggling with depression or thoughts of suicide are four topics that are difficult to broach with anyone. Including those who can help you. A new study reveals up to 48% of patients who feel they face one or more of these four threats do not disclose this critical information to care providers out of embarrassment, fear of judgment or the possible long-term implications of sharing such information.”

Not surprising results.

Yeah, any information you share could be subpoenaed from health provider, obtained by third parties by hacking provider’s computer or just leaked by negligence of provider’s staff.

Moreover, some information health provider required by law to report to government, then it is another possibility of usage not in your best interest or leakage as well.

As Ben Franklin stated: ‘Three could keep secret when two are dead’.

SpaceLifeForm August 14, 2019 8:41 PM


“Why should caged, untrusted, backdoored D2 not send ciphertext and plaintext simultaneously via whatever to D1 and the world?”

Good question.

Because D2 cannot broadcast from cage and there is no content.

There is no plaintext to leak.

The protocol between D1 and D2 is not secret.
Think UDP.

D2 cannot not leak metadata. Hopefully.

What you called D3 is Person1. P1 wants to awake Person2 P2. Nothing more than that.

Think Ping. But no Pong.

But PRIVATELY. No plaintext. No Content except garbage random crap to prevent replay attacks.

Yes, timestamps required.

But encrypted in one level of payload.

And nothing survives over a day.

So, do you spot any holes?

I really want to know.

I’m sure I am overlooking something.

But I have not fully described yet.

Alyer Babtu August 15, 2019 11:39 AM

Speakers can be turned/reversed into microphones for audio surveillance. Can display screens be turned/reversed into cameras for visual surveillance?

1&1~=Umm August 15, 2019 3:25 PM

@Bruce Schneier:

As facial recognition has come up today.

This article might be of interest, it is certainly creating a bit of a stink with Londoners who feel that the lack of warning signs as they go through a very busy public transport interchange is a violation of their privacy.

The system is operated by a private company who’s attitude is shall we say blasé at best. But importantly it appears from what is being said they may not have registered the system correctly with England’s Information Commissioners Office (ICO). Which if true means they have committed a crime…

Clive Robinson August 15, 2019 4:10 PM

@ Alyer Babtu,

Speakers can be turned/reversed into microphones for audio surveillance. Can display screens be turned/reversed into cameras for visual surveillance?

This question has been asked before 😉

A microphone in most cases is a bi-directional transducer, the real exception being the carbon granule microphone that is resistive and importantly does not use energy storage components (which give you the bi-directionality).

If you consider the case of the moving coil microphone and compare it to a moving coil speaker you will see that they are in effect identical with a coil in a magnetic field that can be the equivalent of a generator or motor simultaneously[1]. Likewise piezoelectric microphones and speakers are in effect identical being a piece of synthetic quartz with a metal contact on either side. Ribbon microphones are in effect another form of moving coil system and even capacitive microphones can be subject to movements of their plates when charged or discharged by an external signal.

Now consider a camera and a display screen. The first obvious difference is a lack of lens on the latter. Likewise even though photo emissive semiconductor devices can work in reverse as photo detectors the scanning and drive electronics would make life at best difficult to use them as such.

I have in the past used near visable spectrum IR emitting diodes as detectors with bi-directional amplification in plastic lense telescopes to make two way communications but to be honest you do better with a half silvered mirror at the focal point as a beam splitter such that you can use a seperate emitter and detector.

[1] Look up “back EMF” from DC motors that is used in speed regulators. You can infact use a small speaker as both a speaker and microphone simultaneously. To do it you need a “one to two port” circuit which can be made with a transformer and two resistors. You can also do it with a “return loss bridge” or even the equivalent of a Wheatstone Bridge. However modern electronics and DSP make such circuits several magnitudes more sensitive than bridge type circuits.

Sancho_P August 15, 2019 6:08 PM

”I really want to know.”

And I really don’t know what you intent.
Backdoored D2 could send a “ping” whenever the malware wants, is that what you intent?
A ping as a secure information?

Alyer Babtu August 15, 2019 7:05 PM

@Clive Robinson

even though semiconductor devices can work in reverse as photo detectors the scanning and drive electronics would make life at best difficult to use them as such

Thanks. It seemed implausible, but with all the circuit wizadry around I began to wonder …

I will stand down my orders to put black tape over the monitor screen 🙂

Clive Robinson August 15, 2019 8:43 PM

@ Alyer Babtu,

I will stand down my orders to put black tape over the monitor screen 🙂

Don’t do that, the screen might not be able to see you… But that camera hiden in the smoke detector in the ceiling “Will see all” if you don’t use the black tape.

Also think about the Douglas Adams idea of “Peril Sensitive Sunglasses” that go totally black at the first sign of danger so the wearer does not see anything to stress them out.

There is now enough scientific evidence about the stresses and strains of not just the computer displays, but also the content.

Thus think about all the retinal and psychological damage that black tape is saving you from…

But also your insentive to turn it on goes fairly quickly to zero, so there is the carbon footprint that black tape is reducing.

Heck it might even encorage you to go out side and get a half hour of parambulative cardio excercise, and allow sublight to top up your vitamin D levels to stop depression and all sorts of other maladies…

So you stick with those health and environmental benifits of good quality black tape 😉

Alyer Babtu August 16, 2019 8:04 AM

@Clive Robinson

health and environmental benifits

All jesting aside, this is very true.

It would be a boon to eyes at least if a pratical display that worked purely by reflected light were developed.

vas pup August 16, 2019 12:57 PM

Is it possible to prevent speakers can be turned/reversed into microphones for audio surveillance by using of semiconducter in speakers electricity supply line which will let only one direction electricity passage, i.e. only TO speakers, not FROM them?

Sherman Jay August 16, 2019 1:10 PM

To all,
Congratulations, your ‘insane’ comments about monitors, black tape, speakers and microphones is truly proof of your sanity. I subscribe to the idea and hope that a good sense of humor is helpful in reducing stress and promoting a ‘sane’ perspective on our berserk world.

Also, while a good walk everyday is important for getting a sensible dose of ‘sunshine vitamin D’ in your skin and good for your cardio-vascular system. But, be very careful not to get to close to your neighbors’ ‘ring’ doorbell cameras or you might get flagged and arrested as a ‘porch bandit’ and certainly get a full identity dossier started from your image captured and run through facial recog. by the ammazon. Remember, law enforcement is now being ‘used’ (in more ways than one) to market these insidious devices to the complete detriment of our privacy and most of our security.

Sherman Jay August 16, 2019 1:20 PM

@vas pup,

I’ve used speakers as a microphone when a mic. isn’t avail. They work, but with limited frequency response and sensitivity dependent on size, cone compliance and resonant point, etc.

Regarding speakers used as microphones, I would suspect it all depends on the circuitry they are attached to. If it is an audio output circuit, it would be difficult (not impossible) to use the speaker(s) as microphones. But, I can’t be sure, especially when input/output jacks can now be in a number of configurations for both headphones/line/speaker out and mic. in.

Anyone with better info, we welcome it. Thanks.

Clive Robinson August 16, 2019 5:49 PM

@ vas pup, Sherman Jay,

Is it possible to prevent speakers can be turned/reversed into microphones for audio surveillance by using of semiconducter in speakers electricity supply line which will let only one direction electricity passage

First of the fact it works has nothing to do with the “direction of electricity passage”.

It has everything to do with the rate of change of the speaker coil around the magnet. Thr coil can be moved under two influences,

1, The electromotive force from the current flowing in the coil.

2, Any mechanical displacment force on the coil caused by prrasure on the cone/diaphragm.

That is it is acting as both a motor and a generator. Thus the current in the coil is the sum of the input current from the audio amplifier plus the displacment current caused by other sounds applying mechanical preasure on the coil.

It’s a little late in the day for me to derive a formular for this so I’ll leave it as an excercise for the reader;-) But all you have to do is starting with It=Ia+Im substitute equations for the amplifier current Ia and mechanical movment Im so it can not be that hard 😉 providing you remember that as complex numbers are involved you are dealing with vectors not scalars :-S

However you also need to consider that the junction of the Amplifier pull up and pull down devices and the terminal on the speaker cone are not at an electrically or time equivalent point (they have a lead that has inductance, capacitance and impedence, between them which acts like a short length of transmission line). Thus as with “standing waves” in RF transmission lines Ia propagates to the load that the speaker coil inductance is, thus some percentage will be reflected back towards the source of Ia. Likewise Im propagates from the coil where it was generated due to the rate of change of position of the coil towards the source of Ia. This propagation is why the signals can be seperated with a return loss bridge in the transmission line the speaker lead effectively is.

Interestingly when the mechanically induced signal Im gets to the junction of the amplifier pull up and pull down devices, it will also see the components used to generate feedback into the amplifer input to set it’s gain and frequency responce thus stability. That is the feedback circuit will feed back a fraction of the mechanical displacment current Im to the input of the amplifier…

In essence this is exactly what DC motor speed controlers in battery supplied drills etc do.

So in practice you can put a circuit between the input signal to the amplifier and the amplifer feed back input and extract a small fraction of the mechanical displacment signal Im.

The only way to stop Im propagating backwards is to make effective isolation that does not require feedback to maintain stability etc.

Wesley Parish August 17, 2019 1:46 AM

@Clive Robinson et alii

re: two-way screens

Judging from my (admittedly miniscule) knowledge of optics and biological optical systems, I would’ve thought any time you can differentiate output from one section of a screen from that of another section, you can differentiate objects in that “field of vision”.

To wit, if you have six sections on said screen, and you can get some output from each, differentiated by section, you can tell if light is being blocked at one section and not at another, and if the blocking object moves, you can tell that much.

To do more, you would need much more advanced algorithms, but that’s hardly a problem. Advanced optical algorithms are what the modern astronomical community lives on – from gamma and X-Ray to very-long-wave radio astronomy. It would not be hard to find the relevant algorithm to turn a screen into a “lens”. And unfortunately, probably not that hard to find the spare processing cycles to do that.

Clive Robinson August 17, 2019 5:12 AM

@ Wesley Parish,

I would’ve thought any time you can differentiate output from one section of a screen from that of another section, you can differentiate objects in that “field of vision”.

Yes and no. Hold up a thin piece of material that whilst quite opaque is not transparent. On any one point you see all the light that falls upon it from all angles. The result is the vector sum of all those photons. All sources of radient energy are in effect point source isotropic radiators with the maginitude droping in any direction as 1/(r^2). That is for any given angle of radiation the area it illuminates goes up by r^2. From this you can work out how far an isotropic light source has to be from a screen to illuminate the whole of it and at what intensity difference across the screen.

But even if the parts of the screen can show the magnitude they cannot show the directionality of the individual sources just the sum of the magnitudes at any given point. Whilst it is possible with just one close source to calculate at which point it is closest to the screen once the sources become more distant or the number increases this task becomes more and more difficult. A process most are grateful for when working in buildings because it very quickly alows isotropic point light sources to act together to provide near constant illumination on surfaces like desks etc from as little as 2m/6ft away (10ft high room 4ft high desk).

To get an image of any quality you need to get the directional component of the light sources. The easiest way to do this is with a fully opaque screen in front of the screen you are using for your observations such that no light falls upon it. You then make a very tiny hole in the totaly opaque screen. This only alows a very tiny angular range from each light source to fall on a very small part of the observation screen thus a very high component of directional information is obtained. Which is why you see the image not a general glow caused by a lot of sources from all directions.

Whilst the pin hole in the main does not bend the light passing through it the image resolution at any point on the observation screen is proportional to it’s size. That is the smaller the hole the smaller the angle of illumination is thus the greater the resolution. However the size of the hole also determins how much light from each source does reach the observation screen, thus the smaller the hole the less light there is. So you quickly get into a game of diminishing returns with a pin hole.

Thus you have to work out other ways. One of which is to use tubes that “funnel light” in only from certain directions and you can see this in nature in certain eye types. A more effective way is to bend light to bring it to a focus and this can be done with lenses or shaped reflectors. These maintain the directional information but gather light from very large areas and bring it down to very small areas thus giving light magnification. But the important point to note is the maintainance of the relative light angles. If they are not maintained you have at best fuzzy images rapidly degrading to just a directionless magnitude sum.

If you consider flat screen displays as a general rule they are designed to give the widest range of viewing angles possible which means the rule of reprocicity applies. That is the angle at which you can see the light emmitted is also the angle of light that it would be sensitive to…

In short you would need some way to focus the image onto the screen as the barest minimum requirment.

Clive Robinson August 17, 2019 1:50 PM

@ ,


The key paragraph to read in the article is this one,

    Receiver phased arrays, use variable phase delays from each pixel/antenna to constructively interfere signals from one direction only, light from other directions to a greater or lesser extent cancels out in the receive signal.

If you think about it, is syntherzising a tube down which light can only arive from a very narrow angular apature (the probs of which I described in my earlier posting). The tube is effectively scanned across the field of view as rapidly as required to get a suitable contrast image, thus the speed depends on the ambiant light level.

I actually designed a 3D camera to shove in nuclear reactors that kind of works in the reverse of this[1]. In a low light or dark environment you can rapidly scan a point of light such as a laser beam rather than a tube across your desired field of view. As there is only one “point source” reflecting the light back you don’t need to have directional information at the sensor to build up an image as the directional information is derived from the scanning head (think of a laser light show where the beam is scaned rapidly, there are now some quite expensive 3D scanners that work in this way).

[1] It just so happens the original John Logie-Baird TV camera worked this way but rather than using the line scanning of today it used a disc with thirty lenses set in a single turn of a spiral,

I used two spining bar reflectors the fastest that gave X-direction (horizontal) scanning the other Y-direction (vertical) scanning. The Z-direction (depth) was derived by using a bar of photo sensors under a special lense.

vas pup August 17, 2019 2:23 PM

@Clive Robinson • August 16, 2019 5:49 PM
Thank you for your detailed and clear explanation good s usually!

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.