It would cost TSA a penny if they give it to the agent and ask him to flip it. Head left tail right.
Is it just me or did the person narrating sound like Bertram Gilfoyle?
Yes, I think I sat behind Big Steve on my last flight. I couldn’t see if he
was using the straw or not, but it was effective nonetheless…
I personally enjoy the Dicenomicon, available for many flavors of tablets, and in heavy use when it comes to our Saturday night gamefest. Odds or evens, folks!
You can be randomly selected from the pre-check line for additional screening as well. It happened to me last month – I got the dreaded SSSS mark on my boarding pass.
That how-to video is terribly irresponsible. Now terrorists will be able to create their own arrow randomizer to counter the TSA’s
Think about the use case. None of the attacks that you could use on it if it were being used for computer security can be brought to bear here.
Any attack that can be based solely on observing the output is a potential vector. You won’t be able to manipulate, but you can predict.
i dont understand what terrorist plot could have ever been foiled by making sure they aren’t able to choose which of two identical lines they join in the first place
I just googled it, and time, in milliseconds, is the default seed for the java random class. Since the implementation in the linked video calls a new random every time, that means a new seed every time. I don’t see a plausible attack vector here that would allow you to predict the outcome unless you could time your progress through the line with millisecond accuracy.
Apparently that’s what they were trying to do but they had some high profile cases where they let a convicted felon through the faster lane and some controversy developed so the cancelled the randomized fast-lane.
I would argue that it didn’t need to be random. It just needed to be more random then humans selecting 1-in-every-4-ish people to go to the regular line (selecting a likely ratio from the top of my head).
Also not sure it’s actually feasible to reasonably do random on an iPad without either a) calling out to a server (which would pose its own problems and attack vectors), or b) connecting some kind of dongle (which would be difficult to identify failure on unless the dongle self-deactivated when there was an issue with it).
I definitely agree that $47K is not outrageous for the development. Particularly once you consider the “threat” of on-going support.
I get it Every. Fucking. Time.
“Random” my ass.
Have you ever FOIAd TSA, FBI, etc. for files related to you? I’d be curious if it were me.
Billable maintenance hours?
[quote=“slybevel, post:32, topic:76138, full:true”]I get it Every. Fucking. Time.
“Random” my ass.
I think it might be an Aspie thing. I look nervous in unfamiliar social situations because I am nervous.
It is a known insecure algorithm. When dealing with security “I can’t think of a vector” doesn’t cut it. You demonstrate why it is not a problem, you don’t use hunches.
True enough. That said, for purposes of the demo, though it would have taken longer than just using random, you could, for example, paint over the camera lens and use the LSB of pixels on the camera. It still wouldn’t take >300k worth of work.
Like many programmers, I started out decades ago as a kid trying to learn how to make my own games. Of course, games make frequent use of random number generation. So I read about random number generation and I’ve seen this brought up so many times. “A pseudorandom algorithm isn’t good enough! It’s not true pure randomness! Even sampling the environment isn’t random enough unless you have full control over the environment, and if you do, then it’s not random enough!”
That’s ridiculous. Not just in games, but in most real-life scenarios.
Give one example of how anyone could exploit it, even if they had memorized the algorithm. Not likely. If you observe long enough to recognize a pattern, then get in line but keep moving around to a different spot in line as people are waved left or right, you’re going to look suspicious.
What would be much easier? Get someone on the inside who would simply overlook you and choose someone else if the arrow pointed the wrong way. Or just bring a gun or a bomb along… They never seem to find those when they’re tested.
The cryptographic purity of a random number generator is completely irrelevant in 99.999% of use-cases (other than cryptography). Anyone can come up with ways to cheat the system where the RNG doesn’t matter, but no one can come up with a way where it does matter.
It’s not a problem because it’s entirely irrelevant. If you’re randomly sampling people, then even with a hypothetical super-perfect randomization, people will get sent the wrong way. The only question then is how many. But that’s irrelevant since it only takes one for your system to have failed, and basic math says that will happen either way. Add in human nature and human error, and it’ll happen regardless, so it doesn’t matter what algorithm you use for something like that.
As with many of the things in my list, you have to assume that the TSA would ask “how could an intelligent terrorist with knowledge of the app use it to defeat the system?”
If the random generator is weak enough that a hacker work out the seed (possibly with a compromised agent recording a long list of responses), and then predict what future responses will be, then this app is 100% worthless. Either by timing his place in the line correctly, or working with a compromised agent, he could be sure to be shuffled to the no-check line.
In the case of the 10-minute-app described in the video, the random generator is that weak (even though it meets your criterion of “more random that humans”), because he didn’t even bother to use
java.security.SecureRandom. With the random function he used, it really is weak enough that future values can be predicted.
Yes, there is the “new seed every time” issue from above that makes it a bit more random, but that still isn’t good enough with a compromised iPad – you could add a virus that rebooted or interacted with the app at exactly the right moment, and you’d still be having the valid app, with all security checks, but it would be making predictable responses.
So you’re saying that even with the hardware compromised, and the agent using it also compromised, and a superpowered attacker who can somehow control time to the millisecond in order to position himself precisely in a crowded airport, a marginally better random function would save the day (and not, perchance, emit the ‘wrong’ random response)? That’s some powerful magic!