Paranoid Technology All things cybersecurity


Thoughts on the Electronics Ban and How to Protect Your Privacy

Initially was a longer analysis of the whole situation, but we wanted to just focus on the security aspects - here it goes:

Those of us that has been in the field of security for a while knows the concept of security-in-depth… What this means in this context; imagine the airport layers as concentric rings until you get to the plane, there are many – why is this focus on the airplane itself? If the bad guys want to do damage, outer layers of the airport security; ticketing, luggage claim is more vulnerable than anywhere else in the airport because that is where a lot of people congregate in masses, more collateral damage…

Also, is an explosive device in the cargo bay safer than on flight deck? We are not experts on explosives, but logic dictates pressure change in a pressurized cabin in high altitude will not be safe wherever on deck you make it go off… According to the reports the Russian Airliner that went to down over Egypt's Sinai Peninsula in October 2016 was due to an explosive in the cargo hold.

What about intellectual property loss? Putting valuables in checked luggage is an excellent way of losing corporate secrets (and others…).

Also going deep paranoia – what a perfect opportunity for cloning devices or injecting them with malware… Devices can conveniently be examined and modified while they aren't in your possession without question. Given that this ban affects anyone that originates in those airports (U.S. citizen or not), this gives a number of foreign intelligence services the same opportunity to pwn devices… 5-Eyes is not the only intelligence partnership in the world… This could be extremely damaging to the U.S. and its partners… Would be better off individually scanning people…

And to top it all off we could not help, but check the FAA’s site on transportation of Lithium Ion batteries in the cargo hold:

“Spare (uninstalled) lithium ion and lithium metal batteries must be carried in carry-on baggage only. When a carry-on bag is checked at the gate or at planeside, all spare lithium batteries must be removed from the bag and kept with the passenger in the aircraft cabin. The battery terminals must be protected from short circuit.”

Obviously people that made this decision did not read FAA guidelines, which is also ironic… Net-net we are not secure at all, the way the luggage is handled at the airports expect more incidents, not less!!!

The silver lining could be that people detoxing from their devices during the 15+ hour flights and be less aggressive leading to a more peaceful world in the end… One plane-full at a time… So we are not judging yet… Just Paranoid-ly thinking…

Some advice for the security conscious globe trotters [Especially if you are working for a research company or any government related job]:

  • Get a travel computer and a travel phone - do not travel with your main device!
  • Utilize full disk encryption for your laptop
  • Separate your data from your device
    • If you cannot get a travel phone [there is an erase and restore step involved] use encrypted back-ups for your phone and either put it
      • on a cloud storage system and retrieve where you get to or,
      • on a removable storage
    • If you cannot remove your disks and storage devices from your laptop (Apple MacBook Pro Retina / Touchbar owners you are out of luck) similar cloud or removable media solution should be considered for laptops – even you were to separate your data – remove your disks regardless.
  • Block ports and jacks with tamper proof tape.
  • Do not connect to free public Wi-Fi at airports [even at VIP/CIP lounges]

Decrease your attack surface…

Comments (0) Trackbacks (0)

Sorry, the comment form is closed at this time.

Trackbacks are disabled.