Ummm⌠whereâs the story?
Itâs a Beschizza post. Donât expect meaningful content.
I like to pretend itâs secretly a critique of journalistic practice, analagous to Dadaismâs critique of art theory - the absurdity and inanity of it all is supposed to make you question your assumptions about the overarching medium as a whole.
In all honesty though, odds are itâs just the radiator wine speaking.
Well, when I originally saw the article, it only linked to an old BB post, so there was practically no content at all. At least now, there is a link to an outside source.
Mmmmmmm⌠radiator wineâŚ
Link works fine for me and the story is pretty interesting. Makes me wonder how you would design a good deadman switch for wiping devices.
Knowing bureaucracies, Iâll bet between seizing a device and actually examining it could be weeks or months. So, suppose the phone doesnât find itself to be at certain GPS coords every few days? If you didnât input the vacation command, then itâs a brick. Feasible?
That strikes me as very feasible, and probably pretty effective as well. The only flaw that immediately jumps to mind is adding the insult of having your phone wiped to an injury that lands you in the hospital, or otherwise unable to keep the deadman switch from triggering. That seems like something easily resolved by a trusted friend or, better yet, encrypted backups of anything you really care about on there.
Actually, shielding bags are a recommended if not standard procedure for evidence handling of wireless devices, so they do not have to be switched off and lose memory content, nor can be accessed remotely.
A possible countermeasure is locking up the device if it is alive but offline for too long. Maybe chime, ask for a PIN, and if not available, switch self off. Or rely on responses from body-area network, or require a RFID hand implant.
The wipe-self-if-not-online approach of the secure disk is also a solution. A possibility is having it encrypted with a long key that gets unlocked with a PIN or reasonably short passphrase, gets forgotten if tampering is detected, and is backed up somewhere off the device and immune to physical search (perhaps in a different country, it is after all just a piece of binary data).
The magic here is in seeking the proper balance between wiping itself accidentally and not wiping itself when needed. Many design approaches can be borrowed from the fields of nuclear weapons, where when they have to go off they HAVE to go off but they absolutely must not go off otherwise.
[quote=âGlitch, post:3, topic:42663â]
Itâs a Beschizza post. Donât expect meaningful content.
[/quote]but it so looks so nice on the new useless frontpage.
See, thatâs one of the elements that suggests Dadaism. It may be absurd, but at least it is superficially appealing visually speaking.
Law enforcement agencies will use this to justify their use of Stingray technology, or at least they would, if anyone actually made them justify their actions and acquisitions.
Funny how the same cops who have become so adept at spying on others and stealing their data canât remember to turn on their own body cameras half the time.
Didnât we see this in Breaking Bad? Magnets, bitches!
Actually, a standard procedure for data destruction in military, itâs being said, is to shoot the disk from your sidearm. Perforate or shatter the platters, preferably when they are spinning, if your command post is about to be captured.
I can see an assembly with a few shotgun shells in short barrels, mounted on the disk, enclosed in a cinderblock (to absorb the projectile energy) and a steel box (to keep the projectiles and cinder fragments inside and keep the thing portable). The same, with a little slower but possibly sufficient speed, can be done with thermite, the cinderblock then serves as a thermal insulation that keeps the unleashed hell where it belongs.
I assume itâs pretending to be romantically interested with the aim of defrauding someone out of all their money. It happened to me all the time in high school.
According to Mike Rogers âyou canât have your privacy violated if you donât know your privacy is violatedâ. Seems like we need a similar standard here, your investigation cannot be hurt if you donât know what evidence was lost.
And thatâs differentiated from dating how?
[quote=âhowaboutthis, post:11, topic:42663â]
or at least they would, if anyone actually made them justify their actions and acquisitions[/quote]
Do you not?
The nastiness and creativity you could bring to the design seems to be limited mostly by your tolerance for false positives. If you have backups/donât care/really donât want the feds getting it, you have a number of neat options. If the occasional hitting-an-edge-case-and-wiping-your-phone would ruin your day, youâll have to back off a bit.
I see a few major strategies, each with room for greater or lesser risk taking and greater or lesser sophistication:
-
RF: Your modern cellphone has a fair few radio receivers listening for a variety of signal types on a variety of frequencies. If the signal level drops too much, or the SNR goes nuts, youâve probably just been shoved in a faraday cage. The sophisticated attacker might add faked RF noise (some cell sites, plausible looking APs, etc.) to their shielded bag, so you might go further and collect background data on what your phoneâs real âhabitatâ actually looks like in RF terms, and also terminate on excessive deviation from that.
-
Motion: Your modern cellphone is quite likely to have accelerometers and a magnetometer. Short of rather hairy board-level attacks, your phone will know whether it is moving, not moving, at least roughly what its orientation is with respect to gravity and the earthâs magnetic field(or a clever fake, if the shielded bag also includes Mu-metal and a small local field). Up to you exactly how often, and in what detail, you expect these values to change; but âyour pocketâ and âevidence lockerâ probably donât move in the same way.
-
Network environment: Your adversary either has to cut RF communications (which kicks you back to #1) or simulate them with some degree of sophistication. If your phone is seeing what should be a usable signal; but is unable to actually communicate, you have reason to suspect that something is up. Especially conveniently, SSL/TLS is specifically designed to allow robust authentication of remote hosts, so the simulation either has to be fairly limited, in order to forbid useful communication, or so complete that the device is no longer isolated from remote commands over encrypted channels.
-
Optical sensors: Your phone is likely to have a camera or two and some sort of light sensor for backlight adjustment. You can look for abnormal periods of unbroken darkness or light, or get more specific about expected visual details.
-
Power. If you keep the key somewhere volatile, a smartphone wonât let the attacker delay too long before any forensic attempt will be nice and futile.
-
Time: The onboard RTC wonât keep brilliant time; but should be enough to allow you to track any of the above stimuli to at least an hour or two, likely a second or two, of the actual duration. Good enough to implement a âwipe unless at least M of N conditions occur within X daysâ, with values to taste, failsafe.
Phones certainly arenât designed for it, so most of them are far easier; but if you are willing to deal with the false positive risks you should be in a good position to make attempting to seize your phone for forensic purposes about as much fun as defusing a land mine with an internet connection, GPS, and a bad, bad, attitudeâŚ
Hmm. Dunno about that. My trusted friends arenât particularly reliable. And vice-versa.
Oh dear.
Oh the pain around here is becoming unbearable.