Schneier on Security: Tagged physical security

Entries Tagged "physical security"

Page 21 of 24

Stealing Cars with Laptops

While automakers and locksmiths are supposed to be the only groups that know where and how security information is stored in a car, the information eventually falls into the wrong hands.

Slashdot thread.

Posted on May 5, 2006 at 6:50 AM • View Comments

Computer-Controlled Fasteners

It’s a really clever idea: bolts and latches that fasten and unfasten in response to remote computer commands.

What Rudduck developed are fasteners analogous to locks in doors, only in this case messages are sent electronically to engage the parts to lock or unlock. A quick electrical charge triggered remotely by a device or computer may move the part to lock, while another jolt disengages the unit.

Instead of nuts and bolts to hold two things together, these fasteners use hooks, latches and so-called smart materials that can change shape on command.The first commercial applications are intended for aircraft, allowing crews to quickly reshape interiors to maximize payload space. For long flights, the plane may need more high-cost business-class seats, while shorter hauls prefer a more abundant supply of coach seats.

Pretty clever, actually. The whole article is interesting.

But this part scares me:

A potential security breach threat apparently doesn’t exist.

“I wondered what’s to prevent some nut using a garage door opener from pushing the right buttons to make your airplane fall apart,” said Harrison. “But everything is locked down with codes, and the radio signals are scrambled, so this is fully secured against hackers.”

Clearly this Harrison guy knows nothing about computer security.

EDITED TO ADD: Slashdot has a thread on the topic.

Posted on April 3, 2006 at 12:57 PM • View Comments

The San Francisco Bay Guardian is reporting on a new crime: people who grab laptops out of their owners’ hands and then run away. It’s called “iJacking,” and there seems to be a wave of this type of crime at Internet cafes in San Francisco:

In 2004 the SFPD Robbery Division recorded 17 strong-arm laptop robberies citywide. This increased to 30 cases in 2005, a total that doesn’t even include thefts that fall under the category of “burglary,” when a victim isn’t present. (SFPD could not provide statistics on the number of laptop burglaries.)

In the past three months alone, Park Station, the police precinct that includes the Western Addition, has reported 11 strong-arm laptop robberies, a statistic that suggests this one district may exceed last year’s citywide total by the end of 2006.

Some stories:

Maloney was absorbed in his work when suddenly a hooded person yanked the laptop from Maloney’s hands and ran out the door. Maloney tried to grab his computer, but he stumbled across a few chairs and landed on the floor as the perpetrator dashed to a vehicle waiting a quarter block away.

[…]

Two weeks before Maloney’s robbery, on a Sunday afternoon, a man had been followed out of the Starbucks on the corner of Fulton Street and Masonic Avenue and was assaulted by two suspects in broad daylight. According to the police report, the suspects dragged the victim 15 feet along the pavement, kicking him in the face before stealing his computer.

In early February a women had her laptop snatched while sitting in Ali’s Café. She pursued the perpetrator out the door, only to be blindsided by a second accomplice. Ali described the assault as “a football tackle” so severe it left the victim’s eyeglasses in the branches of a nearby tree. In the most recent laptop robbery, on March 16 in a café on the 900 block of Valencia Street, police say the victim was actually stabbed.

It’s obvious why these thefts are occurring. Laptops are valuable, easy to steal, and easy to fence. If we want to “solve” this problem, we need to modify at least one of those characteristics. Some Internet cafes are providing locking cables for their patrons, in an attempt to make them harder to steal. But that will only mean that the muggers will follow their victims out of the cafes. Laptops will become less valuable over time, but that really isn’t a good solution. The only thing left is to make them harder to fence.

This isn’t an easy problem. There are a bunch of companies that make solutions that help people recover stolen laptops. There are programs that “phone home” if a laptop is stolen. There are programs that hide a serial number on the hard drive somewhere. There are non-removable tags users can affix to their computers with ID information. But until this kind of thing becomes common, the crimes will continue.

Reminds me of the problem of bicycle thefts.

Posted on March 31, 2006 at 1:06 PM • View Comments

Cubicle Farms are a Terrorism Risk

The British security service MI5 is warning business leaders that their offices are probably badly designed against terrorist bombs. The common modern office consists of large rooms without internal walls, which puts employees at greater risk in the event of terrorist bombs.

From The Scotsman:

The trend towards open-plan offices without internal walls could put employees at increased risk in the event of a terrorist bomb, MI5 has warned business leaders. The advice comes as the Security Service steps up its advice to companies on how to prepare for an attack. MI5 has produced a 40-page leaflet, “Protecting Against Terrorism”, which will be distributed to large businesses and public-sector bodies across Britain. Among the guidance in the pamphlet is that bosses should consider the security implications of getting rid of internal walls.

Open-plan offices are increasingly popular as businesses seek to improve communication and cooperation between employees. But MI5 points out that there are potential risks, too. “If you are converting your building to open-plan accommodation, remember that the removal of internal walls reduces protection against blast and fragments,” the leaflet says.

All businesses should make contingency plans for keeping staff safe in the event of a bomb attack, the Security Service advises. Instead of automatically evacuating staff, companies are recommended to gather workers in a designated “protected space” until the location of the bomb can be confirmed. “Since glass and other fragments may kill or maim at a considerable distance from the centre of a large explosion, moving staff into protected spaces is often safer than evacuating them on to the streets,” the leaflet cautions. Interior rooms with reinforced concrete or masonry walls often make suitable protected spaces, as they tend to remain intact in the event of an explosion outside the building, employers are told. But open-plan offices often lack such places, and can have other effects on emergency planning: “If corridors no longer exist then you may also lose your evacuation routes, assembly or protected spaces, while the new layout will probably affect your bomb threat contingency procedures.” Companies converting to open-plan are told to ensure that there is no significant reduction in staff protection, “for instance by improving glazing protection.”

Posted on March 31, 2006 at 5:14 AM • View Comments

Secret Doors

Creative Home Engineering can make secret doors and hidden passageways for your home.

Pull a favorite book from your library shelf and watch a cabinet section recess to reveal a hidden passageway.

Twist a candlestick and your fireplace rotates, granting access to a hidden room.

Who cares about the security properties? I want one.

Posted on March 27, 2006 at 11:50 AM • View Comments

New Kind of Door Lock

There’s a new kind of door lock from the Israeli company E-Lock. It responds to sound. Instead of carrying a key, you carry a small device that makes a series of quick knocking sounds. Just touching it to the door causes the door to open; there’s no keyhole. The device, called a “KnocKey,” has a keypad and can be programmed to require a PIN before operation—for even greater security.

Clever idea, but there’s the usual security hyperbole:

Since there is no keyhole or contact point on the door, this unique mechanism offers a significantly higher level of security than existing technology.

More accurate would be to say that the security vulnerabilities are different than existing technology. We know a lot about the vulnerabilities of conventional locks, but we know very little about the security of this system. But don’t confuse this lack of knowledge with increased security.

Posted on March 22, 2006 at 5:15 AM • View Comments

Blowing Up ATMs

In the Netherlands, criminals are stealing money from ATMs by blowing them up (article in Dutch). First, they drill a hole in an ATM and fill it with some sort of gas. Then, they ignite the gas—from a safe distance—and clean up the money that flies all over the place after the ATM explodes.

Sounds crazy, but apparently there has been an increase in this type of attack recently. The banks’ countermeasure is to install air vents so that gas can’t build up inside the ATMs.

Posted on March 10, 2006 at 12:26 PM • View Comments

Kent Robbery

Something like 50 million pounds was stolen from a banknote storage depot in the UK. BBC has a good chronology of the theft.

The Times writes:

Large-scale cash robbery was once a technical challenge: drilling through walls, short-circuiting alarms, gagging guards and stationing the get-away car. Today, the weak points in the banks’ defences are not grilles and vaults, but human beings. Stealing money is now partly a matter of psychology. The success of the Tonbridge robbers depended on terrifying Mr Dixon into opening the doors. They had studied their victim. They knew the route he took home, and how he would respond when his wife and child were in mortal danger. It did not take gelignite to blow open the vaults; it took fear, in the hostage technique known as “tiger kidnapping”, so called because of the predatory stalking that precedes it. Tiger kidnapping is the point where old-fashioned crime meets modern terrorism.

Posted on February 27, 2006 at 12:26 PM • View Comments

Security Problems with Controlled Access Systems

There was an interesting security tidbit in this article on last week’s post office shooting:

The shooter’s pass to access the facility had been expired, officials said, but she apparently used her knowledge of how security at the facility worked to gain entrance, following another vehicle in through the outer gate and getting other employees to open security doors.

This is a failure of both technology and procedure. The gate was configured to allow multiple vehicles to enter on only one person’s authorization—that’s a technology failure. And people are programmed to be polite—to hold the door for others.

SIDE NOTE: There is a common myth that workplace homicides are prevalent in the United States Postal Service. (Note the phrase “going postal.”) But not counting this event, there has been less than one shooting fatality per year at Postal Service facilities over the last 20 years. As the USPS has more than 700,000 employees, this is a lower rate than the average workplace.

Posted on February 3, 2006 at 6:19 AM • View Comments

Car Thieves Adapt

Because automobile security devices are so effective, some car thieves are breaking into people’s homes in order to steal the keys.

He said modern cars with electronic keys and immobilisers were putting car thieves out of business—but the thieves were adapting.

If a car thief wants to steal a modern car, they need the keys.

Posted on December 23, 2005 at 6:21 AM • View Comments

←Previous 1 … 19 20 21 22 23 24 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.