I am personally aware that Washington DC, same areas of Maryland, Virginia and Delaware have been tracking car Bluetooth (and EZ-Pass) for decades for "traffic management". The more BT detected the heavier tracking. The longer time between detectors for the unique BT/EZ-Pass, the slower the traffic. Adjust traffic lights down the road to improve traffic flow. (when I write Ez-Pass, i mean the toll transponder, but not detected by a toll booths or overhead arches.)
Note that boxes may get pressure from all the sides(different kind of pressure & movements during shipping), not just from the top as seen in the images (or shelters) in the article.
If Real ID is so good, why do we have CLEAR? Why can I not skip the line with RealID?
If we are forced RealID, why not just make all the TSA checkpoints like Global Entry (or in several countries with IDs), fully automate them, using Real ID. That would get rid of CLEAR, and a lot of TSA agents.
CLEAR is basically (mostly) self-service pre-verification by a commercial entity, achieves near the same exact thing as it is done at the TSA agent with RealID now.
The CLEAR system uses CAT or CAT-2 to send info to TSA to validate. Same, exact protocol and information as it is with the TSA Agent.
The only meaningful difference is that the biometrics is pre-stored with CLEAR, while the other travelers are collected at the TSA agent stands and compared to RealID.
There are multiple countries where all of this is done with dark technomagic. You can see this witchcraft working with Global Entry (CBP, not TSA).
What is interesting about this is that CLEAR has a relationship with the airports (mostly), not TSA. Airports are the ones pushing CLEAR so they do not have insane queues, not TSA.
There are plenty of Faraday bags readily available for cell phones.
Look in the digital forensics industry. Field forensic investigators can get bags or boxes (look like Pelican(r) cases), or inserts for Pelican cases (a 1615 fits just right into a sedan's trunk).
Long time ago when mobile forensics was in its infancy they were given out as swag.
The #1 problem is of course that if not in airplane mode, some not too smart phones keep increasing the power to the radio (smarter ones do this for a few minutes then power down radio, then cycle up again). Guess what happens with a bunch of juice dumped into electronics in a locked case inside a trunk in a hot car, with half dozen other phones doing the same thing (because it is never a single burner phone).
In a pinch, 3 to 5 layers of aluminum foil, stainless steel cocktail shaker, ammo can, or combination thereof works.
edit: Yes, if we are discussing this with physicists, RF cannot be blocked, it can be attenuated. The strength of the RF signal is reduced as it travels through different materials, and in theory it can never be completely eliminated. In practicality, the signal only needs to be attenuated until it cannot be picked up sufficiently even when very close by a receiver.
I came here to say what you did. I used to work in three letter agencies and took part in testing faraday bags for clandestine operators. Something about faraday bags that most people don't know is that they have a shorter life than you would think. As they move around and bend, they start to "leak" more RF. WaitWaitWha is also correct that in a pinch, some aluminum foil works pretty well if you're careful. The service will be so bad, that the phone won't likely get packets out or in. Just be thorough when doing it.
Also, I worked with clandestine people and for most of them had threat models more relaxed than a lot of people on HN. What are you all up to???
There used to be an option called "Cat guard" built into several historical (BBS ) software. On (and cannot remember the name) one software that did synchronization with other networks (e.g., FIDO, uunet) it was considered a major feature.
Primary purpose was to lock the keyboard so when the cat walked all over it, it would not disconnect.
If so, is this 'fuse' per-planned in the hardware? My understanding is cell phones take 12 to 24 months from design to market. so, initial deployment of the model where this OS can trigger the 'fuse' less one year is how far back the company decided to be ready to do this?
Lots of CPUs that have secure enclaves have a section of memory that can be written to only once. It's generally used for cryptographic keys, serials, etcetera. It's also frequently used like this.
Fuses are there on all phones since 25+ years ago, on the real phone CPU side. With trusted boot and shit. Otherwise you could change IMEI left and right and it's a big no-no. What you interact with runs on the secondary CPU -- the fancy user interface with shiny buttons, but that firmware only starts if the main one lets it.
> ... The hackers would still need physical access to the hard drives to use the stolen recovery keys.
This is incorrect. A full disk image can easily obtained remotely, then mounted wherever the hacking is located. The host machine will happily ask for the Bitlocker key and make the data available.
This is a standard process for remote forensic image collection and can be accomplished surreptitiously with COTS.
reply