Risk Technology: Gadgets and online services are becoming security risks.
written on: February 28, 2006
This has always been an argued topic..whether technology is allowing more disadvantages than advantages?
Though I lean more often towards the technology side because I like what technology enables... for this article's purpose I am trying to explore the critical or disadvantageous side of things with some gadgets, online services, and the technologies.
The GPS...
GPS is for global positioning system, which is a set of technology and protocols which enables gadgets supporting it to find your position or actually the gadget's position relevant to a city, state or country, give you directions to a destination, and with some gadgets like 'skyscout' find where a star or planet is located on the sky from your position.
The critical factors:
Firstly, the most obvious thing is that this gives you the position of a gadget. Hey! that should be the idea, what's wrong with that... its only helping me.
Yes, simple enough this enables a new person to the city, who we will assume as a bad guy with your address, find directions to your place the fastest just by buying a GPS, or still worse notes down directions to your place from online free services like Google maps or Microsoft's "local".
If that's acceptable, here's more better technology.
New online services have come up in recent months which enables you to track a person by his mobile device.
All you need to do is register with the online service with the person's mobile number, borrow the device from the person for a while so that without his consent you can reply to the online service's confirmation SMS and delete the message from the inbox and outbox. All with the disguise that you borrowed the mobile device for making a call.
Once the confirmation is received the tracking system gets enabled, and on a website you can see a map with an indication of where the device is or indirectly where the person is. This could be a security risk, or sometimes slightly better... just a piracy risk.
It doesn't cost the person anything. Though it might cost you little for registering on the online service. Basically, the service was started for the demand of tracking children or family or friends in times of need.
Mobile broadband group which controls standards of services on mobile phones say that they recognize the vulnerability and have asked the operators to send tracking reminder messages at random times very often to the user of the device, so that if the person gets to see atleast one of the reminders, he can reply to the message to disable the tracking.
But risks are still there.. its possible with today's technology to intercept messages sent to a particular device and do something with it, rather than allow the message to be read in real form by the recipient.
Another service, I heard about last was ... some company is testing a service which tracks all mobile phone signals in an area to analyze the amount of road traffic in that area ... assuming that everyone driving has a mobile phone. Critics were saying, "Who knows whether they are tracking only number of phone signals or reading and taping my calls already.. that's privacy interference".
The RFID magic:
Its called Radio Frequency Identification, and is also a tracker technology, initially developed for only short distance tracking like movement of products within a supermarket. If you didn't know, its a small device which can be attached like a tag to product packages in stores to track the movement of products through the store.
Technologists claim, with this technology super markets can track what items a customer picks up, what display areas he/she often visits, and what's their buying or more often moving pattern within the store. This information can allow store owners to reorganize the store in a better way, to encourage customers visits mostly unvisited display areas, or buy what they want quickly and checkout.
A major critical factor is, customers may not like the idea of somebody tracking their movements in a store. Come on, after all you are there to buy something, and if someone is watching you walk to every place and know what items you are picking up, or dropping back, isn't it hacking privacy... if not security risk.
There were numerous protests, and the stores kindly resented from using the technology.
But then, the technology was still so attractive and cheap, people wanted to sell it out to the shipment guys, the package delivery guys, and all sorts of people to allow digital tagging of items which can be then easily moved into shipment terminals, carriage services, etc., So, the technology now allows tracking many things other than products in superstores.
What the heck, one person Amal Graafstra even implanted an RFID chip in his hand and tried enabling many applications, one of them is like an announcement system in his corridor telling him how many emails he has received when it recognizes he is entering...He later wrote a book RFID Toys
The critical factors:
Although the use of the technology is constantly growing even with doubts about the real value of data that it gives over normal barcoded tags in shipments, the RFID technology operates on radio frequency waves and is not prone to be tracked globally. This is not an advantage though, for globally positioning tracking bad guys can always use the big daddy GPS.
RFID works only short distances or sometimes just inches away from a source which requests information from the chip. Could be seen more often like a replacement for barcoded prodcuts, where you still show the RFID tag near a screening unit.
But its radio frequency, and so the technology can well me engineered easily to allow better ranges like 500meters to a few kilometers of a transponder that could track the RFID tag. If that happens, this will be the tiniest equipment which people won't notice, and will enable easy tracking.
Continued in next page link:
>ID Systems: Finger-print identification, Iris identification, Body movement recognition
>Tiny cameras
>The biggest risk of all: The internet
>Map services on the internet
>End-Note
>Related Links & Quotes
ID systems: A lot of gadgets are invented with the purpose of making identification systems better and fool-proof.
Earlier we had these systems only in medical technology.. where blood samples or urine samples were to identify patients and their records.
Now, there are finger-print identification, iris (eye) identification, voice recognition, body movement recognition (by Nokia), even heart-beat rate identification for opening doors.
Identification systems are used by gadgets to verify that the user is authorized to access information or use the technology in the gadget or the building.
We will take up how to cheat them one by one..
Finger-print identification: You put your finger twice or thrice for the first time, to allow the gadget to analyze a pattern of finger prints, crossing lines, intersection points etc., The next time onwards you put your finger once, and the gadget very effectively recognizes you. You put any other finger other than one screened earlier, or you ask your friend to put his finger.. the gadget promptly reports failure in recognition.
That's all great.. I remember seeing a van damme movie years back, should be 1990's where van damme escapes from an island which is technologically made invisible and where a lot of undercover former FBI agents live and montior security of the world. Van damme painfully tears his skin on his thumb along with the finger print and wraps it around thermocol made like a finger and successfully escapes the island.... When its time for his fingerprint to be detected, an automatic lever put the thermocol wrapped with the skin on the scanner and the cheat is successful.
I think that's very much possible to do in real life.
Iris identification: Like the finger print, the eye's iris pattern, color, and iris aperture are said to make an unique combination for every human being.
I don't think god made our eyes and finger prints to be unique with effort. I really feel that its only because the species of humans are spread over vast distances... after descending from a believingly one parent couple for all.. Adam & Eve. we probably just don't find the match... be it the finger print or the iris.. Who has tested every man and woman in this world to say the fingerprints and iris are unique? I am sure there are exceptions to the uniqueness.
Anyway we will continue with the gadgets.
There are these gadgets which identify the parameters of the iris in the eye when you put your face in front of a camera, and verifies you. Very similar to the fingerprint system, you first go through a test where the gadget analyses a pattern and stores them, ready for the verification visits.
The problem with the system is.. there are arguments that the camera can only be a digital one which takes a 2D picture.
Firstly since its a picture, you could as well take a picture and show to cheat some basic level systems,
while for the very good systems, you can still cheat by using some kind of digital systems like beaming minute light waves to the camera representing fastly changing images of eyes to make a match....something like cracking credit card and ATM codes by junking and trying too many combinations.
Older but still in use systems: secret number verification, voice recognition
We don't need to discuss cracking of credit card or any number based identification systems, or voice based systems, because the possiblities are well known, and only because number identification, voice recognition systems, etc., are becoming easily hackable we are moving towards finger print and eye-iris based systems...quite logical isn't it.
Body movement recognition (by Nokia): Did you hear about this already.. Nokia is testing a mobile phone which constantly can track the body movements & walking style of a person carrying the mobile phone and enable or disable the phone if it doesn't recognize the movements to be the owner's movements.
This, Nokia claims might reduce largely the number of phones that are stolen, particularly since mobile phones are becoming compact and costly with more features making them important for the data contained.
Nice... I somewhat feel pretty sure that nokia won't pull this up... for the chances that the phone irritatingly disables itself, for failure to recognize even the correct person just because he wears shorts and walks lazily in the beach. :o)
Tiny cameras: Especially ones in mobile phones
Who doesn't have it these days.. Everyone is carrying a camera so tiny enough packed inside a mobile phone. Fine, as long as its in the mobile phones. But we missed something.. because of mobile phones, now the cost of tiny cameras and the related electronics are so cheap and becoming more smaller you could pack them soon literally inside your spectacles like in the film 'True lies'.
Also, you didn't know that this has also increased the number of sex related pictures and video footage transfers between people in the past couple of years.
In india itself we had a case where a popular online auction company CEO was arrested because some young guy tried to sell sex video taken with his mobile at school.
Why the CEO got arrested, instead of the guy who sold it.. that's a question you should ask Delhi/Mumbai police in India.
Anyway, that was eye-opener for the mostly low-techy police here that Technology not only enables automation, but also enables a lesser known guy to get into criminal or illegal activities...just to get popular or make money.
The biggest of all: The internet
For the attractiveness of the internet, we all put some kind of information on the internet one day or the other.. even if we don't, there are always banking systems connected to the internet, having our information down to grain of our finances.
Did you know: All the ATMs in the world are connected to the internet through VPN or a secure connection... how secure you know...technology is always hackable, if the right guy is on the right network doing the right hacks and at the right time.
A possible situation in perspective:
Through your ATM if one gets to your card number or something, and say they can hack the bank's secured systems, put your card number, and get to the truth about everything of you. That's not mission impossible.
The services on the internet:
Trying to break into customer numbers, and to beat the competition, sometimes some online companies come up with neat services on the internet like down-to-the-grass-on-your-lawn detailed maps, constant tracking services through mobile devices, etc.,
So, further chances that people can reach your address much faster without asking anybody any help, or worser.. plan something bad to do with the online maps itself, not having to come down and take more time. I am sorry to be pessimistic, but don't tell me you didn't know that the world has such people.
Relief for non-western countries: All websites that have detailed online maps target only the west like US and UK. So don't expect to find anything deeper than your city name if you are searching the map's area of India.
A simple thing.. though not a hack.. try searching your name in google and you end up with quite a number of links which have information about you. Though all the links would only be publicly available information and not hacked information, you still would find a link which you didn't expect to find.... like an email you sent to an offline mailing list which over years later became an online list and your message is open to everyone, and you didn't know.
End-Note:
To add to all concerns about security of digital information,
there is a new frightening proverb doing the rounds: "A new hacker is born every minute, and only last year(2005) many big companies realized this."
Related Links:
Police in Malaysia are hunting for members of a violent gang who chopped off a car owner's finger to get round the vehicle's hi-tech security system. - from BBC
Book Link: Hacking GPS
BBC story: Mobile tracking devices on trial
Spy blog: Watching them .. watching us
Greece prime minister's mobile was hacked when Greece hosted olympics
RFID: wikipedia
consumers are winning their war on RFID tags
Security Risks of Biometrics
Technical paper: Impact of Artificial "Gummy" Fingers on Fingerprint Systems
2-Fingerprint Border ID System Called Inadequate to counter terrorists -Washington Post
Identity theft: How it’s accomplished
Iris scanners - What are they
United States: What's the Real ID Act? How Real ID will affect you
The Inevitability Of REAL ID
The ID Card Bill And Some Of The Lies You’ll Have Heard About It
"The vulnerabilities of Bluetooth technology have also been well documented. Bluetooth technology enables wireless communication among electronic devices in close proximity. For example, a Bluetooth-enabled computer could work with a wireless keyboard or mouse. In August, security flaws in Bluetooth-enabled mobile phones allowed criminals to access the information in the phones including contact information and text messages. " - EPIC
Content Copyrights Harish Palaniappan.
Blog owned and maintained by Floresense.com