SCADA, Telematics & GPS Technologies

[Tom Lee] and his colleagues of Sunlight Labs just moved to a new office. The doors are setup like a security checkpoint with electronic strikes and buttons on the inside to allow entry. The button simply completes a low-voltage circuit, activating the strike which made it quite easy to patch into. They build an interface board with a small relay to complete that circuit. As we’ve seen before, Linksys routers have plenty of extra room in the case so there was no problem housing the new circuit in this tiny network device. Now [Nicko] and his friends can use a custom app to input an access code or to verify a device ID from a cell phone and gain entry. The door still has keyed locks in case of a power outage. In fact, the only change made to the system was the addition of two wires to the “door release” button as seen above. See the one-touch device ID authentication in the video after the break.

This hack is similar to the GSM door entry from last year. In this case, the phones are communicating with the door via web interface and not the GSM network.

via Hackaday, Sunlight Labs

In what’s sure to be a popular idea, Britain’s Kent Police Department wants to use unmanned aerial vehicles to keep tabs on the massive crowds during the 2012 Olympic Games in London. Now, before you start thinking that Ministries and doublethink are soon to follow, Olympic games mean a large influx of people to keep track of, and that means spreading security pretty thin.

Evidently UAV monitoring already has a precedent in Britain through the South Coast Partnership, which uses UAVs to patrol the country’s southern coast. UAVs aren’t yet cleared to fly the skies over London with other manned aircraft, however.

From Pop Sci:

So far, the Civil Aviation Authority (CAA), Britain’s equivalent of the FAA, has not cleared UAVs to fly in the same airspace as manned aircraft. However, the Kent police department has petitioned the CAA to expedite the licensing processes so the police operated UAVs can take to the sky by the time the Olympics starts.

If it goes through, it’ll be interesting to see if it’s only a temporary measure for the Olympics, or if that level of surveillance remains in place in a city already dominated by CCTV security cameras.

The Guardian, via Futurismic, via Popular Science

(more…)

Viper Guard has called for urgent Government action to control rising oil prices and is warning of a new wave of fuel theft. The warning follows predictions that speculation in the oil market will soon see diesel prices back at last summer’s high of £1.25-£1.30 litre, when both trucks and fuel storage tanks in depots became high-value targets for organised crime.

But Viper Guard General Manager Debbie Jones said things could be worse this time round thanks to the recession.

“Hard times not only tempt people into crime but also put pressure on potential purchasers not too ask too many questions,” she said. “Obviously we would urge all operators to make sure they have adequate security measures in place this summer, but we want to see Government action too.

“The Government sowed the seeds of the problem itself when the Chancellor first put 2p on a litre to offset his 2.5% VAT cut last November and then went ahead with the further 2p increase in April. These increases need to be reversed urgently both to help hauliers through the recession and to head off the expected increase in fuel theft.”

She also urged the Government to control the activities of speculators in the City. “These gamblers are threatening the health of the entire road transport sector, with inevitable knock-on effects across the economy,” she said. “But after the Government bail-outs in the banking industry last year, many of the speculators are effectively state employees.

“The lesson of the credit crunch, surely, is that it’s enormously harmful to allow bankers to pursue their own narrow agenda at the expense of the wider public interest. Yet it seems the bankers have learnt nothing and are carrying on in the same old way. The Chancellor can and must rein them in before they do more damage.”

source: Surveillance News Portal

LAS VEGAS — It’s one of the most hostile hacker environments in the country –- the DefCon hacker conference held every summer in Las Vegas.

But despite the fact that attendees know they should take precautions to protect their data, federal agents at the conference got a scare on Friday when they were told they might have been caught in the sights of an RFID reader.

The reader, connected to a web camera, sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks as they passed a table where the equipment was stationed in full view.

It was part of a security-awareness project set up by a group of security researchers and consultants to highlight privacy issues around RFID. When the reader caught an RFID chip in its sights — embedded in a company or government agency access card, for example — it grabbed data from the card, and the camera snapped the card holder’s picture.

But the device, which had a read range of 2 to 3 feet, caught only five people carrying RFID cards before Feds attending the conference got wind of the project and were concerned they might have been scanned.

source: wired.com

AlertMe - the innovative UK based smart home security system based on Zigbee technology - is taking another step forward with the details of v2.0 of their software.  Read on for the summary and link to the demo system.

Our next release is on its way, and will be jam-packed full of exciting new features, including functionality to enable you to use the new SmartPlugs.

Source: Automated Home

Although already in use at some airports in the US, the UK, and Netherlands, full-body scanning — a security technology quite capable of showing people’s unmentionables — might now fade away as a specter facing Americans and other travelers in European airports, due to a lawmakers’ vote.

Some airports in Europe, including London’s Heathrow and Amsterdam’s Schiphol, already make use of full-body scanners, as do some airports in the US. (more…)

With millions of GPS-based navigation devices on the road today, it is time someone considered the question: What if there’s an attack on the GPS network itself?

Researchers at Virginia Tech and Cornell University spent more than a year building equipment that can transmit fake GPS signals capable of fooling receivers.

“GPS is woven into our technology infrastructure, just like the power grid or the water system,” said Paul Kintner, electrical and computer engineering professor and director of the Cornell GPS Laboratory in a statement. “If it were attacked, there would be a serious impact.”

GPS is a U.S. government-built navigation system of more than 30 satellites circling earth twice a day in specific orbits. The satellites transmit signals to receivers on land, sea and in air. Based on the signals received from the satellites, devices are able to triangulate their exact positions on the globe. But if those satellite signals were wrong — or were spoofed — a GPS device might come up with the wrong location based on the signals it was receiving.

The researchers started by programming a briefcase-size GPS receiver used in the research of the uppermost part of the Earth’s atmosphere, known as ionospheric research, to send out fake signals. The phony receiver was placed in the proximity of a navigation device, where it anticipated the signal being transmitted from the GPS satellite. Almost instantly, the reprogrammed receiver sent out a false signal that the GPS-based navigation device took for the real thing.

The experiments to show the vulnerability of GPS receivers to spoofing could help devise methods to guard against such attacks, says Brent Ledvina, an assistant professor of electrical and computer engineering at Virginia Tech, and will be detailed in a research paper to be released Thursday.

“It’s almost like someone nearby is spoofing your favorite radio station by transmitting at the same frequency but higher power fooling your receiver into believing it is getting the right station,” says Ledvina.

The idea of GPS receiver spoofing has already been considered by federal authorities. In a December 2003 report, the Department of Homeland Security detailed seven countermeasures including monitoring the absolute and relative GPS signal strength, monitoring the satellite identification codes and the number of signals received and checking the time intervals between the received signals to guard against spoofs.

Still those fall short and would not have successfully fended off the signals produced by a reprogrammed receiver, said the researchers.

Instead they have suggested a few countermeasures that involve both hardware and software changes. “We have two patent applications which include a software algorithm to help make changes to how receivers react to signals,” says Ledvina.

The other patent is around the spoofer tool used, he says. “The idea is to help government and other companies use it to potentially make better receivers,” says Ledvina.

Photo: NASA

Links: HomeLandSecurity, wired

Alanco Technologies has announced that its subsidiary Alanco/TSI Prism, a provider of real-time RFID tracking technologies, has won a $3.3 million contract to create an RFID-based inmate tracking system for the Washington D.C. Department of Corrections.

The Alanco/TSI Prism system, which will combine Alanco’s TSI Prism RFID system with Wi-Fi compatible RTLS technology from AeroScout, will be installed at a Washington DC jail complex housing over 2,000 prisoners and staffed by 450 DOC employees. The system is intended to increase safety and improve inmate accountability.

Source: RFID News

The issues of privacy and security, although interrelated, are different. With respect to RFID, we define these issues as follows:

Privacy: the ability of the RFID system to keep the meaning of the information transmitted between the tag and the reader secure from non-intended recipients.

Security: the ability of the RFID system to keep the information transmitted between the tag and the reader secure from non-intended recipients.

The issues have very different repercussions and different solutions. In a given environment, an RFID solution may pose security risks without affecting the issue of privacy. An example of this scenario is when a tag broadcasts its unique identification number in a consistent and unencrypted manner. This enables the tag to be detected by any reader that can decode the RF signal. If all that is read is the tag’s unique identifier – and no association can be made to what that identifier means without access to the backend database that maintains the relationship between the tag IDs and the objects that they represent – there is no privacy issue. However, issues of traceability and inventorying may remain.

Traceability and inventorying relate to the ability of an unauthorized entity to read the identifiers sent by RFID tags without necessarily being concerned as to what the tag is affixed to or who/what is carrying it. In other words just by capturing the signals emitted by an RFID tag, a third party could trace where the tag is or has been (traceability) as well as to what tags have been detected (inventorying).

A standard EPC tag conveys information associated with a particular item, its model or product class and its manufacturer. Anyone with a standard EPC reader could get close enough to a shopper leaving a store to determine what products and what quantities were purchased. Furthermore, the unauthorized reader could track the shopper from a distance utilizing a high-powered reader.

The issue of privacy

RFID is an excellent technology for object tracking. In this case, we can define an object as a physical asset that occupies 3-dimensional space. This means that the whereabouts of any physical object (including animals and humans) can potentially be tracked within the scope of the RFID infrastructure. As RFID technology development progresses, this scope can become larger and larger.

This fact has raised many questions and concerns from people because of the potential invasion of privacy that can be attributed to RFID technology. But, before we get deeper into the privacy issues and their repercussions, let’s look at a few examples of what privacy advocates and the concerned public claim can go wrong with the use of RFID technology.

(more…)