Schneier on Security

Clive Robinson • December 3, 2021 9:41 AM

Have we not been through this just a short while ago?

One reason aluminum foil is not as effective as it could be is “slot antennas” and “Fractal Antennas” as I’ve mentioned before.

In fact without care it is extraordinarily easy to turn a sheet of aluminum foil into a slot antenna.

To fold it at the edges you realy should “roll tightly then crush” rather than “fold and crimp”.

Part of the problem is that whilst aluminium as a metal is a good conductor, it’s oxide which easily forms is infact one of the best electrical insulators we have (though it’s thermal conductivity is high). It’s frequently used in high power radio frequency equipment for device mounting.

Also whilst aluminium metal is very soft,aluminium oxide is very hard and very dificult to machine.

I actually use slugs of anodized aluminium inside silver plated coils to change their inductance as they can in some circumstances work better than ferrite materials (other metal oxides)

[1] Slot antennas traditionaly are the inverse of a dipole. That is a half wave length narrow slot in a sheet of metal with the feed being across the slot. However an infinately large sheet of metal is impractical so many slot antennas are cuts in boxes or cylinders that form cavity resonators,

https://www.antenna-theory.com/antennas/aperture/slot2.php

But not all slot antennas look like slots,

https://www.dhars.org.uk/members_pages/G3VCG/HF-Sleleton-slot/

[2] Fractal antennas are wide band antennas and are still not at all well understood. Some can look like a piece of modern art made with car springs…

https://en.m.wikipedia.org/wiki/Fractal_antenna

[3] Alumina or aluminium III oxide,

https://en.m.wikipedia.org/wiki/Aluminium_oxide

Clive Robinson • December 3, 2021 12:27 PM

@ Who?, Ted, Winter,

What about putting multiple layers of aluminum foil inside a box and even protect it with something hard like polycarbonate sheets to make it more resistant to multiple uses?

Ask yourself the question,

“Where does the energy go?”

If you think about it, “wave guide” is a box lined with metal, it very efficiently transports the energy from one end to the other.

Then think about a microwave oven, it is a metal box at the end of a short piece of waveguide with a magnetron at the other dumping between 0.5-1.5kW of power into the system.

They tell you quite rightly you should not use a microwave when it is empty, because there is nothing to absorb the EM energy and turn it into heat that will not just cook the food but let the excess energy escape as convected heat.

If you put a mobile phone in a metal lined box the EM energy will bounce around untill either it is absorbed or it escapes out of the box.

Most likely with aluminium foil it will escape via a “slot radiator” where the lid and body of the box join…

To stop this with microwave ovens they cheat, they turn the broad lip of the box into a transmission line when the door is closed. It becomes a shorted 1/4 line that just happens to reflect the energy back in opposition therefore looks like a very high impedence the same at the odd harmonics. However at the second harmonic it is now a shorted 1/2 wave at that looks like very nearly a short circuit as it does at the even harmonics.

All of which is greate at the single frequency the microwave oven is designed to work at.

However at other frequencies that transmission line will take the EM energy out to the door edge where it will be a “slot antenna” and it will radiate outwards quite effectively.

It’s what amused me about the Ed Snowden story and supposadly putting the journalists mobile phones in the microwave oven…

If it was me I would have put them in the freezer conpartment of the mini-bar and chatted about nonsense for half an hour or so to wait for the electronics and importantly the battery to get very cold. Though the thermal insulation inside a fridge, generally is very good at muffling sound which the metal walls of a microwave do not do anywhere near as well.

Clive Robinson • December 3, 2021 1:15 PM

@ Ted, Matt Blaze, ALL,

Which almost goes to show that one would really need to test everything.

Importantly “at all frequencies” not just a tiny number of “spot frequencies”.

One of the reasons EMC test houses use prober spectrum analysers is that they contain “tracking generators” that make such all frequency testing relatively painless.

It’s something I do from time to time and I’ve access to a proper test TEM Cell / RF anechoic chamber that is about the size of a “white van” of the Ford Transit variety.

I also have a walk in Faraday Sheilded “cage” that is also anechoicaly lined (quit cosy in the winter, stinking hot in the summer).

Clive Robinson • December 3, 2021 1:42 PM

@ Jordan Brown,

How tightly do you have to wrap it around your head? Do you have to shave off your hair?

Well actually you do not want it,

1, To touch your head.
2, Have any gaps.

Whilst you could use a metal bin / trash can for the first requirment.

The second kind of means not so much the shaving of hair, but the need to cut off the head at the neck. Which lets be honest could be,

1, Counter productive.
2, Distinctly messy.

Clive Robinson • December 4, 2021 10:26 AM

@ Ted, ALL,

How can a user even detect this? What level of user do you have to be?

To answer it backwards,

The only sort of user you have to be is one who is observant about recharging their phone when it is turned off (which should be the way you recharge electronic gizmos if you want your battery to survive longer).

To do it, you need to keep an eye on the percentage charge. When it gets to say 50% left make a note of the time turn the phone off and put the phone on charge. When the charge light says “charged” make a note of the time and turn the phone back on again and make a note of that time.

Keep an eye on those times in a spread sheet or just a note book. the “time before charge” will slowely go down and the charge time will slowly get longer as the battery ages. However if either suddenly jumps then something has changed with your phone.

The hard part is working out what has changed… But any sudden change is an indicator that something has changed with your phone so untill you know why act with caution or if you think you are a “person of interest” like say a journalist, treat the phone as “radio active”.

I treat my mobile phone as a “spying servant” at the best of times. That is I do not take it anywhere security work etc related and discuss little more than the weather. The riskiest thing I do with it is probably post to this blog.

Clive Robinson • December 4, 2021 12:18 PM

@ Ted,

Now the question is are you going to forward the link to any of your class mates or even lecturers?

First rule of electrical safety,

Electricity and water are a dangerous combination that kills or injures thousands each year

@ ALL,

Actually though, pure water does not conduct, but it has such an afinity for mineral salts that do when in solution it’s impedence can be very low, tap water is full of mineral salts it’s why it tastes disgusting in oh so many places.

For those living in the US where there are now effectively no enforced water quality standards, you have my sympathies and can only suggest a reverse osmosis purification filter, if you can not safely collect and store rain water.

Clive Robinson • December 4, 2021 3:20 PM

@ Ted,

Cut and paste let me down… What you see is a text message I was editing immediately prior… Not the block of text I know I highlighted from your post and could swear I cut to clip board…

Just as well I was not texting a romantic partner… lord alone knows what trouble that could bring.

Whilst I do write the odd bit of poetry, lets just say they are not Shakespearean sonets, but of a more well I’ll leave it to your imagination but they are above the typical “Roses are red, violets are blue, flesh is pink, oh what a lovely hue” level 😉

Clive Robinson • December 4, 2021 8:25 PM

@ vas pup,

Do our IT/security gurus have their tips on the subject?

Yes but they are not wise for someone in an abusive relationship to do as it could get them hurt.

The first thing that people have to realise is that like all stalkers a cyber-stalker does not view what they are doing is wrong, even when they are fairly forcefully taught it is so by legal action etc. It should be treated like the incurable mental disease it is which is problematic as our justice systems are predicated on the notion that punishment works as a deterant not just during but after punishment comes to an end.

The Police do not want to know about cyber-abuse for the same reason they do not want to know about domestic abuse. They know they can not stop it as long as the person being abused has any contact in any way with the abuser…

I know this sounds like victim blaiming but it is not, it’s an unfortunate acceptance that they can not change the abusers behaviour.

So what can a victim do? Well first they must realise that they are the only variable they can control in the relationship. So they have to decide what they are going to do in a cold hard way.

Abusive relationships are almost always about “power” disguised by the abuser as something else, usually made to look like it is the victims fault. The “I can not trust you” and similar arguments followed by the accusation of things like “you do not tell me…” are not going to get any better if the victim trys to tell the abuser things, in fact in many cases it will actually cause an escalation as it is handing over even more power to the abuser. Thus a downward spiral builds up…

The victim has to arive at the unfortunate conclusion that technology is just a tool that is available for abuse.

It does not matter if the abuser is your partner or the state they abuse because they can as it gives them power over an individual and they will fight tooth and claw to keep that power.

The second thing to realise is “convenience is your enemy”. Any technology that makes it more convenient for you to “interact” socially makes it a lot easier for you to be abused. There is no solution to this issue it’s inherent at a very fundemental level of the way “interactive” systems work.

A broadcast system is asymetric, thus not actually interactive it’s sometimes a little dificult for people to understand. But a radio program is sent out to hundredds of thousands or millions not to individuals and any response by individuals has to be conciously made by them by a different technological route.

There are four important things to note from this,

1, You don’t have to listen.
2, You don’t have to react.
3, You don’t have to respond.
4, You don’t have to communicate.

Unfortunately “interactive” systems take most if not all of those options away from you.

That is if you need an interactive system for one social asspect, it is unless you take fairly stringent “OpSec Measures” open to all to interact with including an abuser once they are aware of it.

So if you are to gain the advantages of “interaction” you have to be able to ensure it remains “secret” from a potential abuser.

Keeping such “secrets” from certain types of abuser is well neigh impossible.

Once such a “secret” is known or even just assumed then the abuser will start to work towards using it as a tool of abuse as that gives them the power over the victim they desire.

To stop this you only have two choices,

1, Maintain good OpSec.
2, Forgo interactive systems.

The problem with the first option is “Second party betrayal”. Whilst you can maintain “secrecy” about your use of an interactive system, can you say the same for those you interact with or through? The simple answer is no, not a chance as they are not the ones at risk. So one way or another eventually the interactive system becomes known to the abuser.

Which means the only safe thing is to not use interactive systems or use them in a way that limits or stops the abuser being able to use them.

One such is to use “pagers and payphones”. A pager is a broadcast system and is non interactive unlike SMS. If used properly it does not betray your location. This then alows you to find a randomly located “payphone” if you do need to communicate interactively. Whilst the number of the payphone can be blocked to many people, some abusers who have access to SS7 information directly or indirectly can find the phones location. There are ways to limit this by the use of “reflectors” but it will take to long to explain how in this response.

Unfortunately there is a weakness in the system a cleaver abuser can take advantage of. Paging systems work as wide area cell systems. That is the message sent to your pager gets sent from individual transmitters in a pattern in time that can be used by an abuser if the victim responds or responds quickly. It will take to long to explain how in this response.

A similar system is semi automated marine telephony but with a catch. A ship listens on a standard broadcast frequency for a message. If one for the ship is received then the ships operator decides if to enter into “interactive” communications, if they do then their position can be given away. There are ways to limit this but it will take to long to explain in this response.

One interactive system that is difficult but not impossible to track back is “pirating satellites”. The US military put a bunch of satelites up quite a few years ago that act as “transponders” rather than as “repeaters” the result is quite a few in various South American countries illegaly use what is in effect an “open access” system.

There are other transponder based satellites that are available for some to use legaly, but could be used illegaly. It would take way to long to explain in this response, and it is beyond the abilities of all but communications specialists to do sufficiently covertly.

However the general point is the correct use of “broadcast systems” of which there are many, can with care and good OpSec, stop or limit abusers ability to get the power they want over a victim ONCE direct access has been broken.

And that at the end of the day that is,

The first and only step a victim can take to stop abuse, is direct access has to be not just broken but stay broken for ever.

And the victim must assume that at some point an abuser will not just try but succeed in getting contact back, so the victim must have severall “fall back” plans in place to ensure that contact can be quickly broken again.

This sort of mentality required to do this requires great mental strength and is unlikely to be found in most people. Further to do it without assistance requires quite specialized knowledge very very few posses.

So it is a very hard problem to solve, even for State level actors trying to protect certain types of people.

It’s also a problem that is getting harder and harder each day. Because the “power to abuse” can be extrodinarily profitable not just for mentally diseased individuals but corporations and states who see great advantages in such power and care not a jot about the harms, or worse see the harms as an actual benifit.

Clive Robinson • December 5, 2021 7:00 PM

@ SpaceLifeForm, ALL,

Does anyone make a Faraday bag to cover a car?

Sort of but you have to finish it…

It’s called a “shipping container” basicly a large welded steel box open at one end, with doors added.

You need to modify it so that the doors compleate the internal conductive surface.

I think though I better make one thing clear, the energy of radio signals is “not in the wire” but “around the wire”. Look up Maxwell’s equations and Pointing vectors for the nitty gritty maths, but for a simplified explanation look up “skin effect”.

Which means that at the radio frequencies that count, even aluminium foil has two distinct sides that are effectively issolatrd from each other. So assume you have a tube of metal like the outer of a piece of coax RF “current” flows doen the inside surface in one direction where it arives at the antenna. Any impeadence mismatch will cause some of that current to be reflected. It can in many cases take either the inside or the outside of that metal tube to return.

If inside you get what is called a “Voltage Standing Wave Ratio”(VSWR) if on the outside you get what is called “Common Mode Current”.

The important thing to note is that most “radiation” occures where the effective EM current is highest.

So to stop radiation you have to stop EM current in the outside surface. To do this you have to compleat the inside surface and “choke” the outside surface.

That is you make the inside as lower impedence as possible, and any gap, break, or path to the outside surface as high as possible.

Oh and for this kind of work you can not use the tricks they do with microwave oven doors. Because those impedence tricks are highly wavelength selective so change their impedence from very close to a short circuit impedence to very near an open circuit impedence and back again as you increase frequency.

So berilium copper fingers/fringes on the inside, copper wire tube around flexibal plastic gasket in the gap and ferite slab over the gap towards the outside with further berilium copper fingers/fringes on the outside. With those fingers/fringes properly braised or welded to give a continuous surface connection.

Whilst it does not sound easy it can be done and if “thoughtfully designed in” is easily capable of “mass production”.

But if you want to just “buy” and money is no object, there are EMC “TEM Cells” large enough to drive small cars into…

But as these are eye wateringly expensive in most cases for EMC testing an “Open Air Test Site”(OATS) is used for anything larger than one person can shift by themselves.

Clive Robinson • December 6, 2021 4:49 AM

@ Neill,

RE shielding – how about used toner from laserprinters, that contains lots of fine metal powder?

I know next to nothing about the composition of toner for photocopiers and printers other than it is in a plastic carrying medium that melts and fuses to the page, but which can be removed again fairly easily with a solvent and heat[1].

What I do know is that as a powder it is very very fine and thus has at the very least physical dangers to humans. Also if it is combustable such finesse would potentially make for an explosive “dust mixture” in air as does non dairy creamer and various fine flours used in cooking.

The fact it can be easily manipulated with high / static voltage suggests it is very probably is a fairly strong insulator with certain electron shell issues that enable it to be held by a charge (think strands of hair on balloons etc).

One way to test it’s RF properties in a “garage laboratory” would be to put a very small sample in a microwave oven and see what effect it has on it. Making sure you follow the appropriate safety procedures…

My gut feeling is however it would not be of much use.

[1] It’s the way some people make their own T-Shirt designs.

Clive Robinson • December 6, 2021 6:50 AM

@ Neill,

there are YT videos where you mix toner with oils to make a ferrofluid

The last time I used “ferrofluid” in security work, was back in the late 1980’s when designing electronic locks for the various “hospitality” industries.

It was used to optically read the magnetic stripe on ISO Formate “bank cards” that we used as the “keys”.

Beyond that with some “party tricks” where you make what looks like oil turn into a spikey solid at the press of a hidden switch I’ve not thought much about them.

But,

should you bury a cellphone in the powder or ferrofluid?

I’d say neither, not because it might or might not work, but because either way it would at the very least be,

“Messy Messy, MESSY”

And near imposible to clean up if any small mistake was made.

But also think about what the effect of evaporation of the carrier fluid would do… appart from that any oil would smell and organic ones would go rancid via oxidizing and that is realy not a nice smell at all, as well as turn into a rather foul waxy fluid as humidity in the air gets absorbed in, just yuk yuk yuk on all sensory fronts.

However as a “garage experiment” it could be fun if safety precautions are taken.