Page 4 of 13
I experienced a new TSA security check at Phoenix Airport last Thursday. The agent took my over-three-ounce bottle of saline, put a drop of it on a white cardboard strip, and then put a drop of another liquid on top of that. Nothing changed color, and she let me go.
Anyone know what the test is, and what it’s testing for?
Iscon uses infrared light rather than X-rays. I have no idea how well it works.
And Rapiscan has a new patent:
Abstract:
The present invention is directed towards an X-ray people screening system capable of rapidly screening people for detection of metals, low Z materials (plastics, ceramics and illicit drugs) and other contraband which might be concealed beneath the person’s clothing or on the person’s body. In an exemplary embodiment, the scanning system has two scanning modules that are placed in parallel, yet opposing positions relative to each other. The two modules are spaced to allow a subject, such as a person, to stand and pass between the two scanning modules. The first module and second module each include a radiation source (such as X-ray radiation) and a detector array. The subject under inspection stands between the two modules such that a front side of the subject faces one module and the back side of the subject faces the other module.
Eye movements instead of eye structures.
The new system tracks the way a person’s eye moves as he watches an icon roam around a computer screen. The way the icon moves can be different every time, but the user’s eye movements include “kinetic features”—slight variations in trajectory—that are unique, making it possible to identify him.
Interesting new technology.
Squarehead’s new system is like bullet-time for sound. 325 microphones sit in a carbon-fiber disk above the stadium, and a wide-angle camera looks down on the scene from the center of this disk. All the operator has to do is pinpoint a spot on the court or field using the screen, and the Audioscope works out how far that spot is from each of the mics, corrects for delay and then synchronizes the audio from all 315 of them. The result is a microphone that can pick out the pop of a bubblegum bubble in the middle of a basketball game….
[…]
Audio from all microphones is stored in separate channels, so you can even go back and listen in on any sounds later. Want to hear the whispered insult that caused one player to lose it and attack the other? You got it.
“Protecting your daily in-home activity information from a wireless snooping attack,” by Vijay Srinivasan, John Stankovic, and Kamin Whitehouse:
Abstract: In this paper, we first present a new privacy leak in residential wireless ubiquitous computing systems, and then we propose guidelines for designing future systems to prevent this problem. We show that we can observe private activities in the home such as cooking, showering, toileting, and sleeping by eavesdropping on the wireless transmissions of sensors in a home, even when all of the transmissions are encrypted. We call this the Fingerprint and Timing-based Snooping (FATS) attack. This attack can already be carried out on millions of homes today, and may become more important as ubiquitous computing environments such as smart homes and assisted living facilities become more prevalent. In this paper, we demonstrate and evaluate the FATS attack on eight different homes containing wireless sensors. We also propose and evaluate a set of privacy preserving design guidelines for future wireless ubiquitous systems and show how these guidelines can be used in a hybrid fashion to prevent against the FATS attack with low implementation costs.
The group was able to infer surprisingly detailed activity information about the residents, including when they were home or away, when they were awake or sleeping, and when they were performing activities such as showering or cooking. They were able to infer all this without any knowledge of the location, semantics, or source identifier of the wireless sensors, while assuming perfect encryption of the data and source identifiers.
And you thought fingerprints were intrusive.
The Wright State Research Institute is developing a ground-breaking system that would scan the skeletal structures of people at airports, sports stadiums, theme parks and other public places that could be vulnerable to terrorist attacks, child abductions or other crimes. The images would then quickly be matched with potential suspects using a database of previously scanned skeletons.
Because every country has a database of terrorist skeletons just waiting to be used.
Still minor, but this kind of thing is only going to get worse:
The new research shows that other systems in the vehicle are similarly insecure. The tire pressure monitors are notable because they’re wireless, allowing attacks to be made from adjacent vehicles. The researchers used equipment costing $1,500, including radio sensors and special software, to eavesdrop on, and interfere with, two different tire pressure monitoring systems.
The pressure sensors contain unique IDs, so merely eavesdropping enabled the researchers to identify and track vehicles remotely. Beyond this, they could alter and forge the readings to cause warning lights on the dashboard to turn on, or even crash the ECU completely.
More:
Now, Ishtiaq Rouf at the USC and other researchers have found a vulnerability in the data transfer mechanisms between CANbus controllers and wireless tyre pressure monitoring sensors which allows misleading data to be injected into a vehicle’s system and allows remote recording of the movement profiles of a specific vehicle. The sensors, which are compulsory for new cars in the US (and probably soon in the EU), each communicate individually with the vehicle’s on-board electronics. Although a loss of pressure can also be detected via differences in the rotational speed of fully inflated and partially inflated tyres on the same axle, such indirect methods are now prohibited in the US.
Paper here. This is a previous paper on automobile computer security.
EDITED TO ADD (8/25): This is a better article.
Worked well in a test:
For the first time, the Northwestern researchers used the P300 testing in a mock terrorism scenario in which the subjects are planning, rather than perpetrating, a crime. The P300 brain waves were measured by electrodes attached to the scalp of the make-believe “persons of interest” in the lab.
The most intriguing part of the study in terms of real-world implications, Rosenfeld said, is that even when the researchers had no advance details about mock terrorism plans, the technology was still accurate in identifying critical concealed information.
“Without any prior knowledge of the planned crime in our mock terrorism scenarios, we were able to identify 10 out of 12 terrorists and, among them, 20 out of 30 crime-related details,” Rosenfeld said. “The test was 83 percent accurate in predicting concealed knowledge, suggesting that our complex protocol could identify future terrorist activity.”
Rosenfeld is a leading scholar in the study of P300 testing to reveal concealed information. Basically, electrodes are attached to the scalp to record P300 brain activity—or brief electrical patterns in the cortex—that occur, according to the research, when meaningful information is presented to a person with “guilty knowledge.”
The base rate of terrorism makes this test useless, but the technology will only get better.
In what creepy back room do they come up with these names?
The federal government is launching an expansive program dubbed “Perfect Citizen” to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.
The surveillance by the National Security Agency, the government’s chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn’t persistently monitor the whole system, these people said.
No reason to be alarmed, though. The NSA claims that this is just research.
It’s operational:
The idea of hyperspectral sensing is not, however, merely to “see” in the usual sense of optical telescopes, infrared nightscopes and/or thermal imagers. This kind of detection is used on spy satellites and other surveillance systems, but it suffers from the so-called “drinking straw effect”—that is, you can only view a small area in enough detail to pick out information of interest. It’s impossible to cover an entire nation or region in any length of time by such means; you have to know where to look in advance.
Hyperspectral imaging works differently. It’s based on the same principle as the spectrometry used in astronomy and other scientific fields – that some classes of objects and substances will emit a unique set of wavelengths when stimulated by energy. In this case, everything on the surface below the satellite is being stimulated by sunlight to emit its unique spectral fingerprint.
By scanning across a wide spectrum all at once across a wide area, it’s then possible to use a powerful computer to crunch through all wavelengths coming from all points on the surface below (the so-called “hyperspectral cube”, made up of the full spectrum coming from all points on a two-dimensional surface).
If the sensor is good enough and the computer crunching powerful and discriminating enough, the satellite can then identify a set of points on the surface where substances or objects of interest are to be found, and supply map coordinates for these. This is a tiny amount of data compared to the original “hyperspectral cube” generated by ARTEMIS and crunched by the satellite’s onboard processors, and as such it can be downloaded to a portable ground terminal (rather than a one with a big high-bandwidth dish). Within ten minutes of the TacSat passing overhead, laptop-sized ROVER ground terminals can be marking points of interest on a map for combat troops nearby.
Sidebar photo of Bruce Schneier by Joe MacInnis.