 Monday, 22. April 2002
Robot cameras 'will predict crimes before they happen'
According to the UK broadsheet *The Independent*, Dr Sergio Velastin, of
Kingston University's Digital Imaging Research Centre, has developed
software to analyse CCTV images for the purpose of predicting crime:
http://news.independent.co.uk/uk/crime/story.jsp?story=287307
Quote from the article:
Scientists at Kingston University in London have developed software able
to anticipate if someone is about to mug an old lady or plant a bomb at an
airport. It works by examining images coming in from close circuit
television cameras (CCTV) and comparing them to behaviour patterns that
have already programmed into its memory. The software, called Cromatica,
can then mathematically work out what is likely to happen next. And if it
is likely to be a crime it can send a warning signal to a security guard
or police officer. ["Merlyn Kline" via risks-digest Volume 22, Issue 05]
12:36 |
#
Robot cameras 'will predict crimes before they happen'
According to the UK broadsheet *The Independent*, Dr Sergio Velastin, of
Kingston University's Digital Imaging Research Centre, has developed
software to analyse CCTV images for the purpose of predicting crime:
http://news.independent.co.uk/uk/crime/story.jsp?story=287307
Quote from the article:
Scientists at Kingston University in London have developed software able
to anticipate if someone is about to mug an old lady or plant a bomb at an
airport. It works by examining images coming in from close circuit
television cameras (CCTV) and comparing them to behaviour patterns that
have already programmed into its memory. The software, called Cromatica,
can then mathematically work out what is likely to happen next. And if it
is likely to be a crime it can send a warning signal to a security guard
or police officer. ["Merlyn Kline" via risks-digest Volume 22, Issue 05]
12:36 |
#
Thursday, 27. December 2001
Euro bank notes to embed RFID chips by 2005
The European Central Bank is working with technology partners on a hush-hush
project to embed radio frequency identification tags into the very fibers of
euro bank notes by 2005. Intended to foil counterfeiters, the project is
developing as Europe prepares for a massive changeover to the euro, and
would create an instant mass market for RFID chips, which have long sought
profitable application. http://www.eetimes.com/story/OEG20011219S0016
I hardly know where to begin even thinking about the RISKS involved.
[Those who are Europeein' may need a Eurologist to detect bogus chips. PGN] [Ben Rosengart via risks-digest Volume 21, Issue 84]
00:00 |
#
Tuesday, 06. November 2001
Dutch police 'bombard' stolen cell phones with SMS
Dutch Police 'Bombard' Stolen Cell Phones With SMS
By Andrew Rosenbaum, Special to Newsbytes, AMSTERDAM, NETHERLANDS, 05 Nov 2001
The Amsterdam police have been using short messaging system (SMS) missives
to block the use of stolen cell phones, and while the campaign has been
successful, mobile providers are concerned about the cost and bandwidth
strain of the campaign.
About four months ago, the Amsterdam police began cooperating with the
national telecommunications provider, KPN Telekom. When stolen phones are
reported, the police asked KPN to use the phone to locate the telephone
number. Then, every three to five minutes, the police sent SMS messages to
the telephone saying, "Warning, this is a stolen telephone, using it is
against the law -- stealing it is a felony." ...
http://www.newsbytes.com/news/01/171836.html [Monty Solomon via risks-digest Volume 21, Issue 74]
00:00 |
#
Thursday, 04. October 2001
11 Sep 2001: Risks of electronic surveillance
In the aftermath of the September 11 terrorist attacks on the USA, a special
feature on automatic electronic surveillance (i.e. Echelon, Carnivore, spy
satellites, and all that) was broadcast by the BBC ClickOnline, hosted by
Stephen Cole, Sep. 22).
The feature included a lengthy interview with Dr. Kevin O'Brian of RAND
Europe about the failure of US intelligence to gather enough information to
pre-empt the attacks. Of particular interest to RISKS readers is the
following quote from Dr. O'Brian:
"We've seen reports that they may have actually been spoofing or
misdirecting intelligence services quite knowingly, and that they
are aware of the fact that they could use the technology against
the intelligence services by sending out false signals by sending
out false reports and rumours, by using technology such as mobile
phone communications or Internet messages to actually misdirect
the intelligence services' gaze away from their attacks."
The risks are obvious: The over-reliance on massive computer-based automatic
systems for scanning and filtering that has characterised much of US
intelligence gathering in the post-soviet era can only be effective as long
as the bad guys are not aware of what you are doing. The simple fact that
computers systems are rule-based (and AI-systems exceedingly so) permit
enemy agents to play clever counter-intelligence games, where plotting the
response to certain stimuli can be used to "map out" in detail how an
automatic surveillance system will respond to diverse inputs and hence
"learn" how to misdirect the system on a massive scale.
A human-based intelligence system, in particularly a highly organized one,
is of course also vulnerable to this type of attack, but the rule-based
nature of an AI-based system makes the attack easier and more reliable
- gisle hannemyr ( gisle@hannemyr.no - http://hjem.sol.no/gisle/ ) [Gisle Hannemyr via risks-digest Volume 21, Issue 68]
00:00 |
#
Tuesday, 24. July 2001
Caller ID "hack" not a hack at all (RISKS-21.51)
In Risks 21.51, Alexandre Pechtchanski wrote of receiving a phone call with
"hacked" Caller ID information. In fact, it is likely no such "hack"
occurred, nor is a hack necessary.
Caller ID, (actually CNID, Calling Number ID), is based on data that is sent
on trunk lines along with other SS7 signalling data in a phone system. For
home users, this information is normally the originating phone number for
the call, as that is how your local telco has their switches set up.
Things are a bit different for PBX (Private Branch Exchange) systems,
typically found in businesses. They feed directly into telco trunk lines,
and the systems are responsible for feeding their own CNID information into
the telephone network.
Most newer PBXs can be programmed to either send along the originating phone
number of a call or to send a single pre-programmed piece of information. As
an example, a company may want the same information sent (say the company
name and their main incoming phone number) on all outgoing lines so those
receiving calls from the company see the company name and number rather than
the number corresponding to the actual outgoing phone line used to place the
call.
This is all perfectly OK, as CNID data is not and was never designed to be
secure, and is not used for anything but caller ID services.
In Alexandre's case, it's likely a telemarketer either just programmed a
nonsense number into their PBX, or perhaps their PBX came preprogrammed from
the vendor with a "sample" phone number in place (e.g. "John Doe (212)
555-1212".)
Note that there is a completely different system, ANI (Automatic Number
Identification), that is used when it is important a caller be properly
identified. It is ANI information that is used to generate phone
billing records and to provide calling number identification for 911 services.
(For the security conscious, ANI information is also NOT blockable, and
most phone companies offer real-time ANI to their toll-free customers. This
means that even if you have "Caller ID blocking," if you call a company
using their toll-free number, they will have your phone number pop up
on their screen when the phone rings on their end or will receive it in their
end-of-month statement. This has been ruled fair, as THEY are paying for the
phone call, thus they have a right to know who is calling them.)
The real RISK here is trusting a system that was never designed to be even
remotely secure as a source of accurate information as to the identity of a
caller...
William Kucharski ["William Kucharski" via risks-digest Volume 21, Issue 59]
00:00 |
#
Wednesday, 04. April 2001
Re: Dutch police fight cell theft ... (Dzubin, RISKS-21.32)
>After a user reports his GMS handset stolen, [...]
Uhhh...I'm not sure what GMS is in this context, but if it's a misspelling
of "GSM", then I see a problem.
In GSM, there is a separate SIM card in the handset which contains all of
the subscriber's authentication/authorization information, and which is
intentionally interchangeable between handsets (subject to some restrictions,
but generally when switching between handsets supplied by the same
service provider).
If someone was trying to sell the _handset_, they could do so without
including the SIM card--I've done this a couple of times as handset
technology evolves over the years. The buyer provides their own smart
card, and the telco doesn't even have to be informed that the sale took
place for the handset to work for its new owner.
Naive GSM users reading this article might attempt to send such messages
to their own phone number if their handset is stolen. This won't work
if the thief has any clue at all. Kids, don't try this at home.
I suppose it is possible that the police may use the telco's resources to
track the handset down by its IMEI or something--handsets, high-end
accessories, even batteries these days have serial numbers embedded into
them which are accessible from the handset firmware and can be
interrogated from the telco (if not routinely broadcast while the
handset is on).
Zygo Blaxell (Laptop) [Zygo Blaxell via risks-digest Volume 21, Issue 34]
00:00 |
#
Wednesday, 28. March 2001
Dutch police fight cell theft with text 'bombs'
After a user reports his GMS handset stolen, the police start sending out
one Short Message Service text message to the phone every three
minutes: "This handset was nicked, buying or selling is a crime. The
police."
See web page story at:
http://www.cnn.com/2001/TECH/ptech/03/28/SMS.bomb.idg/index.html
Thomas Dzubin, Vancouver, Saskatoon, or Calgary CANADA [Thomas Dzubin via risks-digest Volume 21, Issue 32]
00:00 |
#
Cellphone text bombs
CNN and IDG report
http://www.cnn.com/2001/TECH/ptech/03/28/SMS.bomb.idg/index.html
that the Dutch police are using a kind of mailbomb technique to discourage
theft of wireless phones.
If a phone is believed to be stolen, police track it down with its unique
identification number and send the message "This handset was nicked, buying
or selling it is a crime" every three minutes via SMS.
The RISK here is fairly obvious. What to do if your phone ends up
mysteriously on the 'stolen' list? Go to your local police station? The
phone company?
Conrad Heiney conrad@fringehead.org http://fringehead.org/ ["Conrad Heiney" via risks-digest Volume 21, Issue 32]
00:00 |
#
Sunday, 28. January 2001
Satellite strike blows away DirectTV pirates
On 21 Jan 2001, DirecTV remotely disabled about 100,000 smart-card enabled
set-top boxes that controlled illegal reception of their satellite TV.
(Buried in the programming code was a message that read "GAME OVER" -- for
those who perused the code.) About 9.5 million legitimate subscribers pay
something like $50/month for the hardware and $22/month for the programming.
DirectTV estimates this will save them over $100 million/year. The pirated
operations involved the iterative installation of bogus software that
enabled access despite each successive vendor change to the programming
code. DirectTV believes that the counteraction disabled all of those bogus
smartcards containing illegal software. DirectTV is part of Hughes
Electronics. [Source: P.J. Huffstutter and Jon Healey, *LA Times*;
PGN-ed (How long will it be until the next-iteration hack occurs?)] ["Peter G. Neumann" via risks-digest Volume 21, Issue 23]
00:00 |
#
Saturday, 27. January 2001
Re: UK Trials of GPS controlled car speeds (RISKS-21.22)
> The tests, which prevented the car from topping 30mph, 40mph and other...
This will also surely resurrect problems that dates back to a much older and
simpler technology--fixed speed governors on cars.
Back in the early 1970's, my father worked in the administrative offices of
a large local utility company. At that time, the US imposed stricter speed
limits to conserve fuel. Thinking the company could set a shining public
example, they decided to install speed governors in the company's fleet of
sedans.
That lasted only a short while as the number of automobile accidents
*increased* within the fleet because of several significant unanticipated
factors. One was that these speed-restricted cars were still having to
interact on the road with non-restricted vehicles--leading to situations
where the restricted vehicle was at a disadvantage on emergency maneuvers
such as accelerating out of danger. The other was that the drivers were used
to driving unrestricted cars, so occasionally made risky driving decisions
momentarily forgetting the restrained capabilities of their company vehicle.
These risks exist in the basic premise of imposing blanket restrictions on
vehicles with no provisions for exceptions based on the actual circumstances
the driver is facing at any moment. Many such technologies cannot be
guaranteed to be sufficiently safe until *everybody* has it and is operating
on equal terms. This new system adds a lot of complexity to merely apply
different governor speeds based on the specific road rather than the fixed
maximum vehicle speed imposed by the old automotive speed governors.
Imagine being on a long downhill expressway with several large heavy
tractor-trailers bearing down on you at substantially above the speed limit
your vehicle is restricted to? Imagine having a car following you at 50 mph
when you cross into a 40 mph zone and your vehicle is *forced* to reduce
speed. I hope the driver behind you is equally alert and attentive to the
speed limit change!
What I fear from the people so vigorously pushing these technologies is that
such safety risks that were long ago learned will be overlooked or glossed
over. Somehow the new high-tech approach leads people away from realizing
the basic concept is not new and the new solution fails to address or
resolve concept flaws proven in prior low-tech implementations. Not to
mention any new safety risks introduced by the newer implementation.
Sadly, these may not come to light until the first driving fatality or, as
in the case of my father's employer, the statistics of the system in large
scale use show an alarming trend.
Derek Ziglar, Atlanta, GA ["Derek Ziglar" via risks-digest Volume 21, Issue 23]
00:00 |
#
Saturday, 20. January 2001
UK Trials of GPS controlled car speeds
From the Guardian, Saturday Jan 20, an update on the proposal for GPS speed
control of vehicles, where the car determines its maximum speed from an in
vehicle database of speeds of roads.
http://www.guardianunlimited.co.uk/uk_news/story/0,3604,425344,00.html
The government has commissioned a trial of speed limiters in cars, which
could lead to computer-controlled overrides as a standard fitting within
five years. Twenty trial vehicles will be fitted with a system which has
won praise on a prototype Ford Escort driven over thousands of rigidly
monitored miles in the past three years.
The tests, which prevented the car from topping 30mph, 40mph and other
limits, were "highly reliable" according to the Institute of Transport
Studies at Leeds University, which has won funding for the expanded trials
from the Department of Transport, Environment and the Regions."
"We've had two dozen people driving along a 40 mile route, including the
A1M motorway," said Oliver Carsten, head of the project, which has also been
demonstrated on the north circular road in London.
The system uses a computerised navigator linked to the car's electronic
controls and a positioning satellite. Areas with speed restrictions are
fed into the system to trigger action as soon as a limit is breached.
Just think how much fun you'll be able to have by a UK motorway in five
years time from jamming the GPS signals. Or how much a 'chipped' database or
speed limiter will be worth. A more rigorous trial would be to place the
speed limited vehicles in the hands of well known violators of the speed
laws to see how much effort it takes to disable -- the UK home secretary
himself, for example.
Steve Loughran
[Home, Secretary, and don't spare the tires. PGN] ["Steve Loughran" via risks-digest Volume 21, Issue 22]
00:00 |
#
disLEXia, a research project by Maximillian Dornseif
|
