Re: DHS Wants Cell Phones to Detect Chemical, Radioactive Material

[Valdis.Kletnieks () vt edu]

On Tue, 05 Jun 2007 10:08:00 EDT, "Richard M. Smith" said:
> http://public.cq.com/docs/hs/hsnews110-000002524221.html
>
> DHS Wants Cell Phones to Detect Chemical, Radioactive Material
> By Rob Margetta, CQ Staff

Old news from a month ago, probably a bad idea.  It opens you up to interesting
attacks by using intentional false positives, not to mention what it does
to the power budget on the battery.  As I said on Dave Farber's I-P list:

-- begin quote
From: Valdis.Kletnieks () vt edu
Date: May 8, 2007 3:58:23 PM EDT
To: dave () farber net
Cc: ip () v2 listbox com
Subject: Re: [IP] a comment on "Phones studied as attack detector"

On Tue, 08 May 2007 11:21:52 EDT, David Farber said:
> Detectors for bio events are notoriously flaky. They see false
> posoitives in  the 3-4% for mass deployed units. Consider if the
> False Positive of the cell phone detector was even 1%. The noise
> would be overwhelming.

Even if they get the FP rate down to 0.01%, you still hita problem -
statisticians call it the 'base rate fallacy'.  Floyd Rumin discussed it
well here: http://www.lewrockwell.com/orig7/rudmin1.html in the context of
NSA data mining of phone calls and e-mail to look for terrorists.

Basically - you can't use data mining to find something very rare, because
the false positives *will* drown you unless you have an insanely good tool
to do the good/bad classification.

And even after all that, the terrorists can twist it to their advantage...

Consider a terrorist cell that learns how to game the system and cause
false positives at will - the 395th time they have to clear a major sports
stadium in the middle of a game, or close down the New York subway system,
they'll give up on it.  Of course, at that point, the terrorists have
a 2-for-1 special on the advantage:

1) They'll have a detailed understanding of exactly what the response time
and capabilities of responding units are.

2) The 396th time....
--end quote

Plus, consider combining that ability with THIS attack that Bruce Schneier
wrote about back in October 2005:

"This is a clever piece of research.  Turns out you can jam cell phones
with SMS messages.  Text messages are transmitted on the same channel
that is used to set up voice calls, so if you flood the network with
one, then the other can't happen.  The researchers believe that sending
165 text messages a second is enough to disrupt all the cell phones in
Manhattan.
<http://www.smsanalysis.org/>
<http://www.smsanalysis.org/smsanalysis.pdf>
<http://www.gsm-security.net/forum/post-406.html>
<http://it.slashdot.org/it/05/10/05/1839217.shtml?tid=215&tid=172>"

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.