/* ---- Google Analytics Code Below */

Monday, December 06, 2021

Tales and Tests of the Faraday Bag

 Most interesting look and test of a faraday 'bag', aka 'cage'. for security of devices in our growing world of things.     Saw this quoted in Schneier    , where he further evokes a considerable conversation.  Including asking if you could form such 'cages' by wrapping a car aluminum foil?    Worth thinking about.  Love the posing and doing of experiments with readily available  things like tags. 

Testing Phone-Sized Faraday Bags   by Matt Blaze

Reliable tools for the modern paranoid.

Photo: The foam-padded dark grey inside of a serious-looking equipment case. There is a power strip on top with a cable leading to a metal bracket on the side. Plugged into the power strip is a small charger. To the right, a kind of piston is holding the top open.  At the bottom two grey gloves, integrated into the wall, are hanging deflated. Taking up half of the case's right interior is a cuboid, bright orange tin labeled D. LAZZARONI & C. AMARETTI ORIGINALI.

Back in the not-so-distant past, if you were patient and knowledgeable enough, you could reverse engineer the behavior of almost any electronic device simply by inspecting it carefully and understanding the circuitry. But those days are rapidly ending. Today, virtually every aspect of complex electronic hardware is controlled by microprocessors and software, and while that's generally good news for functionality, it's also bad news for security (and for having any chance of being sure what, exactly, your gadgets are doing, for that matter). For devices like smartphones, software runs almost every aspect of the user interface, including how and when it's powered on and off, and, for that matter, what being "off" actually means.

Complex software is, to put it mildly, hard to get right (for details, see almost any other posting on this or any other security blog). Especially for gadgets that are rich with microphones, cameras, location and environmental sensors, and communication links (such as, you know, smartphones), errors and security vulnerabilities in the software that controls them can have serious privacy implications.

The difficulty of reliably turning software-based devices completely off is no longer merely a hypothetical issue. Some vendors have even recognized it as a marketable feature. For example, certain Apple iPhones will continue to transmit "Find My Device" tracking beacons even after they've ostensibly been powered off. Misbehaving or malicious software could enable similar behavior even on devices that don't "officially" support it, creating the potential for malware that turns your phone into a permanently on surreptitious tracking device, no matter whether you think you've turned it off. Compounding these risks are the non-removable batteries used in many of the latest smartphones.   ..... . 

No comments: