Stingray countermeasures

A Stingray is a cell tower lookalike device.  It broadcasts its presence and nearby phones connect to the Stingray thinking it is a legitimate tower.  The Stingray can then log each phone or act as a man in the middle to incercept call metadata, text messages, or even call contents.

There are a number of public databases of legitimate cell towers.  For example, http://opencellid.org  Some databases are government, for example, the FCC license database, while others are crowdsourced.

It should be possible to modify a phone to only connect to towers which are legitimate by checking the purported tower ID against a cached copy of the database for the local area.  A stingray could, of course, use the id of a real tower, but that would disrupt communications in the whole area. This might not prevent the Stingray from logging the presence of such a phone, since the Stingray could hear the protocol handshake with the legitimate tower.

It should also be possible for a phone to passively listen for tower broadcasts, and to compare the tower ID against the database,  An unknown ID might be a new legitimate tower or it might be a Stingray.

It is likely quite difficult to get at and modify the low level radio software in a commercial smartphone, but there is a complete open source suite of cell infrastructure software at http://openbts.org

That code could serve as a starting point for a software defined radio device for detecting and tracking Stingrays.  One could make a box with a red light on top which lights up when there is an unknown tower in the area.

In some areas, use of Stingray devices requires a warrant, but this is not universal.  The courts have also determined that use of location data from legitimate cell towers does not require a warrant

.

.

PIN Escrow

The FBI has dropped their request to require Apple to write code to unlock the terrorist iPhone.  Supposedly a third party offered a way in.  Yesterday the FBI said they did get in, so they no longer need Apple’s help.

For those whose first instinct is to distrust the government, this looks like the Justice department realized they were going to lose in court and hastily discovered a way out. “Never mind”.  This preserves their option to try again later when public opinion and perhaps law would be more on their side.  I am a little reluctant to think Justice would outright lie to a federal judge, but it wouldn’t be the first time.

This morning on NPR there was a different sort of heartbreaking story.  A woman and her baby were murdered, and there might be evidence on the woman’s phone, but it can’t be unlocked.  So what to do?

My idea is “PIN Escrow”.  Everyone should have a letter written with a list of their accounts and online passwords, to be opened by someone in the event of death or disappearance.  Everyone should have a medical power of attorney and so forth as well, to give a family member or trusted friend the power to act for you in the event of a sudden disability.  Just add your smartphone PIN to the letter,

In the alternative, one could write an app that encrypts your pin with the public key of an escrow service and sends it off.  This facility could even be built into the OS, with opt-in (or even opt-out, after a sufficient public debate), so it would automatically track changes.  The government could operate such a service, or it could be private.  There could be many such services.  Some could be offshore.  Some could use key-sharing for the private key, so PIN recovery could not be done in secret.

Let’s leave it up to individuals whether they want someone to have the power to unlock their phone in the event of an emergency.

From a security perspective, a PIN escrow service would be a dangerous and attractive target, so such a thing would have to be well designed in order to be trustworthy.  It should be kept offline, with no network connection.  The private key should be in a hardware key module.  Several people would have to collude in order to unlock a key, and there ought to be hardware safeguards to prevent bulk PIN recovery.

This is not a general back door for government surveillance, it wouldn’t grant remote access to a phone.  It wouldn’t be useful for hacking into criminal’s or terrorist’s phones (if they are smart), but it might help in cases where the phone owner is the victim of tragedy or accident.

And if you change your mind about having your PIN escrowed?  Just change your PIN.

 

Apple v FBI

I’m beginning to build up a full head of steam.  The first step seems straightforward.  I’m going to write my congressman.  It may not have much effect, but if enough of us write, it might.

Here’s my letter to Massachusetts Senator Elizabeth Warren.  I’ll be sending similar letters to Sen. Ed. Markey and Rep. Katherine Clark.

2016, March 16

The Honorable Elizabeth Warren
317 Hart Senate Office Building
Washington, DC 20510

Dear Senator Warren:

I write about the Apple FBI affair.  Please oppose any attempt by government to weaken the security and privacy of all Americans by demanding security “backdoors” in our technology or to require the conscription of Americans or American companies to weaken their own security.

First, regarding backdoors. I hold a PhD in Electrical Engineering and have worked with computer systems and computer security for over 40 years.  I am coauthor of the well-regarded book on E-commerce systems “Designing Systems for Internet Commerce.”  In other words, I know quite a lot about this area.  There is simply no way to create a backdoor that does not also reduce the security of the system for everyone.

Second, speaking as an ordinary citizen, I do not know how the courts will rule on the government’s request to use the All Writs Act to compel Apple to write software to unlock the San Bernadino iPhone, but my own view is that the constitution does not and should not allow it.

The government is being deliberately disingenuous when it claims this case is only about one terrorist’s phone. I have no sympathy for the killers, but the privacy and security of everyone is at risk should the government prevail.  Should that happen, I expect you to propose and support legislation that outlaws backdoors and forbids the conscription of individuals or companies into the government’s service.  This has happened before.  In 1980, Congress passed the Privacy Protection Act of 1980 which corrected the overreach of government in Lurcher v. Stanford Daily.

Sincerely yours,

Lawrence C. Stewart

Smartphone Security

Zdziarski’s Blog of Things has an article about possible enhancements to iOS security, in the wake of the Apple vs FBI affair.

Another idea is one I’ve mentioned before: Duress Passwords

If you are asked to unlock your phone, you could use a different finger, the duress finger, and the fingerprint sensor could appear to accept it, but erase the phone.  If you enter the duress password, the phone could erase itself or, perhaps, just start recording what is going on and uploading it to the cloud.

Another idea are Landmine Passwords.  These are passcodes whose purpose is to defeat brute force searches.  If you avoid landmines within hamming distance one or two of the correct passcode you would have litle chance of hitting one while trying to enter the correct code, but any searcher would be very likely to hit one before hitting the correct passcode.

The obvious missing feature

I think there are great opportunities for sensible people to make money doing usability analyses of web based systems.

Let me give some examples of well intentioned systems with the obvious feature left out.

Email addresses

I have a Capitol One credit card, and in my user profile, there a place to enter an email address so they can send me stuff.  (In another post I will rant about email addresses further)  Recently I happened to log in to set up alerts for spending and so forth.  The email notifications were disabled because, they said, the email address I had entered had been refused.  Yet the address was actually correct.

This is not unknown.  We had a crash a while back of our cloud email server, and we didn’t notice for hours, so it is possible mail was bounced.

There was no way to tell the Capitol One system “test it now please”.  Instead, I had to change the address to a different one.  This made them happy even without a test.  I suppose I could then change it back, but how much time do I have to spend working around a bad design?

Phone numbers

Many sites require phone numbers.  They have no uniform way of entry.  Some have free form fields, but limited to exactly 10 characters.  Some forbid hyphens.  Some require hyphens.  Some have exactly three fields, for area code, exchange, and number.  Is it really that hard to parse a variety of formats?  Do they really think making me keypunch my number is helping their image?

Notifications

I have my bank account and credit cards set up to send my text notifications when there is activity. One bank only allows notifications for amounts above $100.  Why does that even make sense? They can handle small deposits, but they can’t handle sending a text for a $10 charge? At least the text on the page explains the limit.

A credit card company has the same feature, but allows texts for any transaction amount, except $0! If I want notificications on all transactions, what limit value should I use?  I telephoned, and the agent suggested $0.01.

I’m getting to be a curmudgeon when things like this offend me.

 

Notifications – unclear on the concept

Tthis is a post about organizations trying communicating with their customers but getting it wrong.

I have signed up for various notifications, typically by text or email.  Tragically, sometimes organizations manage to use these in a way that makes me think they are idiots.

  • I just received a text from my local library that a book I’ve had on hold forever has come in.  The problem is that I picked it up last night.
  • I got an email from my Honda dealer that my minivan is due for service – two days after the service was done, by them.
  • I get both emails and texts from Target that my store credit card payment due date is coming up — even though my balance is zero.

To me these seem like violations of a  simple and obvious design principle:  don’t send a notification that is moot.  All it does it point out to your customer that your systems are broken.  And that means that your organization is clueless and really should not  be trusted with my business.

Delay is also important.  I have my Bank of America profile set so that I get texts notifying me of ATM withdrawls.  I should get them when I do a withdrawl, but never at other times.  Often, these arrive within minutes, but sometimes, they take 6 hours or so to arrive.  The immediate feedback ratchets up my confidence that I would find out immediately if fraudulent activity were to occur.  The delayed feedback?  They are having the opposite effect.  I obviously cannot trust BofA systems to notify me of activity in a timely way.  Should I trust them for anything else?

 

Baking Bread

 

 

Cathy has been experimenting with gluten free bread recipes.  She has all manner of different flours and ingredients now: rice, potato, tapioca, corn, amaranth, sorghum, xanthan gum, etc.

Yesterday the power went off here in Wayland, probably because a tree branch fell on the lines due to the heavy, wet snow.  We got about 8 inches of the stuff, and I broke the drive belt on the snowblower again.

Anyway, the power goes off, and Cathy says “The bread has finished rising. We need to bake it now.”  Well, the oven is not on one of the transfer switch circuits, so we can’t run it off the generator.

Not a problem!  We recently got a new oven at the Boston Building Resource Center, and we saved the old one, because, well, you never know.  I already took the front trim glass off the old one to replace the glass of the new one, which shattered one day.  (The Gaggenau EB984 is an awesome oven, but they don’t make them any more, and parts are getting expensive.)

I wired the old oven onto the generator output and we baked the bread with the oven on the floor of the mudroom.  Yes I know the generator should be more outside than shown below.  I had to move the car first, which I did a few minutes after this photo.

Win says “That’s sort of crazy, you know.”

I will get an extra L14-30 plug so this will be easier next time.
IMG_0616 (2)

IMG_0617 (2)

Refugees

I am ashamed of my Massachusetts governor Charlie Baker.  He has joined the chorus of (typically) Republican politicians who want to turn away helpless women, children, and families from our doors because of the remote chance that among them is a terrorist.

This is pandering of the worst sort. Pretty much everyone in this country is a refugee or descended from one,  My mother came here in 1939 on the run from Nazi Germany. This is different how?

It is too bad, really, until today, I kind of liked him.

 

Old photo comes in handy

 

I took this photo on June 12, 1999 when the house was being built.  This was an HP C40 digital camera, with an awesome 576 × 436 0.3 Megapixels.  It seemed high-tech at the time. Today the insulation people showed up, as followup to an energy survey, to add insulation inside the floor under a luggage storage nook we have.  It is insulated, but unheated, and they recommended adding additional air sealing to keep the cold air from spreading out through the between-floors space.

This photo is looking up from the front porch.  In the lower left, you can see the upstairs radiant heating tubes under the living space, but NOT under the unheated storage area.  In order to add air sealing, the workers were going to drill into the floor from above, and I needed to check whether they would risk drilling into the tubing.  By looking at this old photo, I could tell where it was safe to drill.

You can also see that the floor joists are open trusses, with 2×4 plates and zigzag webs. This mean the entire floor space is open, so it is important to have an air barrier between heated and unheated space.

Unfortunately, this justifies my pack-rat instincts, to save 16 year old photos, but sometimes it is useful.  I took video (analog!), film photos, and digitial photos of walls and ceilings, in case I ever needed to know what was in there and where.

 

Veranda roof outside study

When WD40 Isn't Enough

About two weeks a year, it gets hot enough and humid enough here in Massachusetts to push us into turning on the air conditioning.

For the first few years of the century, after the house was built and we moved in, everything was fine, but in recent years not so much.  We have different AC zones, and separate systems for each.  Each year, typically, one or two of the units don’t work.  Not work as in blow hot air instead of cold.   I then go outside around back and discover that the fan in the outside unit isn’t spinning.  Until last year, I’ve always been able to fix this problem by reaching through the grill and unsticking the fan with a screwdriver, or in the worst case, by taking the fan and motor off and whaling on it with a hammer. Evidently, enough moisture gets into the motor bearings over the winter to seize them beyond the motor’s starting torque’s ability to spin.

Brief Digression on AC

Air conditioners work by expanding a high pressure gas or fluid like freon through a nozzle into a low pressure gas.  As a consequence of the ideal gas law, the expanding gas gets cold.  It is then run through a heat exchanger inside the house, where the cold gas absorbs heat from the room air. (There is usually a fan to push the room air through the radiator fins of the heat exchanger.  The expanded gas is then piped outside to a compressor.  The compressor squeezes the working fluid, which according to the gas law, heats it up.  Because heat was absorbed from the room, the compressed gas is now hotter than it was originally.  It is then run through the outside heat exchanger, when a fan blows warm outside air past it to absorb the heat from the (hot) compressed gas.  (I am using “gas” and “working fluid” interchangeably here.  In fact, I think freon is one of those things that turns into a liquid at high pressure, so there is a phase change involved as well.)  if the outside fan doesn’t work, then the there is nothing to cool off the compressed gas, and the whole outside unit eventually gets so hot that the thermal overload switch in the compressor shuts it off.  This is why fixing the outside fan fixes the whole AC.

End digression

Well last year, one unit’s fan wasn’t spinning, but wasn’t stuck either.  There are only three reasons why that could be: no power, bad motor, or bad capacitor.  I was able to measure that the power was present, and it was cheaper to replace the capacitor, and that fixed it.  Except that my measurements seemed to indicate there was nothing wrong with the old capacitor.  I had fixed a loose push-on connector, so I wrote off the experience.

This year, same problem, same unit.  The motor was not stuck, but wasn’t spinning either.

Brief digression about induction motors

Electric motors work by having a spinning magnet (the rotor) driven by a stationary magnet (the field).  Now the magnets are going to want to line up north pole opposite south pole, and stay that way, so there also has to be something that makes “north” spin. Some motors have the rotor or the field be a permanent magnets with the other being an electromagnet, while other motors have electromagnets for both field and rotor.  If the rotor is an electromagnet, there will often be brushes to supply power to the rotor.  An induction motor is kind of strange, in that both the field and the rotor are electromagnets, but the power for the rotor is supplied by induction, with no physical connection.

A three phase induction motor is fairly easy to understand. The field has three windings, fed by the three phases.  They are rotated with respect to on  another by 120 degrees.  As the current in phase “A” dies down, the current in phase “B” is picking up, and as a consequence the direction of North in the field windings rotates by 120 degrees.  With three phases, you get a nice rotating field, and the rotor follows it, with just enough lag to generate an induced current in the rotor to create the rotor magnetic field.  A single phase induction motor is different, the field merely reverses 120 times a second.  If the rotor is spinning, then it will keep spinning, but there is nothing to get it started!  To solve this problem,  single phase induction motors have a capacitor.  The capacitor is connected in series with another field winding that is rotated with respect to the main winding.  Due to the properties of capacitors, the current in this starting winding will be advanced with respect to the current in the main winding.  This gives enough of a rotating field to get the rotor started spinning.  In fact, if you have an open circuit starting capacitor, you can sometimes start the motor by hand by giving it a spin yourself.

End digression

Because it seemed really unlikely that the new capacitor failed over the winter, I resolved to replace the motor.  The problem was that I could not get the fan off the motor shaft!. The steel shaft was pretty well rusted together with the steel fan hub into a single glob.  Repeated application of WD40 and hammers and so forth did nothing.  By suitable pounding, I could move the fan axially towards the motor.  By supporting the fan and pounding on the shaft, I could move it back, but hammering on the shaft was mushrooming the end of the shaft, so there would be no way to get the fan off.  The usual tool for this problem is a gear puller, but a two-fingered gear puller won’t work with a three bladed fan.  I have some nice pipe wrenches with which to twist the shaft against the hub, but the fan was too close to the motor for the wrench to fit, and the motor shaft didn’t come out the other end of the motor.

My solution to this is somewhat destructive!  I used my angle grinder with a metal cutting wheel to take the motor apart.  By grinding off six rivets I was able to get the back of the motor off, but there was nothing to grab with the wrench.  I then used the cutting wheel to cut all the way around the fan end of the motor housing, at which point the field assembly came off, revealing the rotor.  I could then grab the rotor with one wrench and the fan hub with the other and twist them apart.

Taking apart the fan motor
Taking apart the fan motor

This whole exercise was destructive and messy, and no doubt a new fan would be less trouble overall, but it sure was fun.