I tell this story a lot. But I think in the time of smartphones and such it also represents the only real secure site I thought was truly secure from what I knew of it. This was before smartphones were common, but I think it was ahead of its time in that way.
I worked for a company that occasionally would service some of our hardware onsite. One customer was a company that did a lot of work for the military and they had "that site" that a few folks visited. Here was how that worked:
Nothing except your body and your clothes left the site, anything you brought stayed onsite (laptops that we brought onsite were left behind / effectively disposable, later you couldn't even bring those, they provided one). All that stuff belonged to the military / whomever you interacted with at the site.
No electronics, cameras, etc that were not previously improved were allowed and you were told you would not be leaving anytime soon if you had something "unexpected or unauthorized".
It was highly suggested that nothing was in your rental car other than your keys, the equipment you needed as they searched the car and the folks would take what they wished.
If you realized you had something you didn't want to in the car it was highly suggested you do not turn around if you are at all close to the location and to drive up and immediately tell them you dorked up and brought something. This was a fairly remote location so the probabbly knew you were coming before you saw the gate and the guards didn't like surprises.
Upon arrival you parked, were blindfolded and driven from the gate to the site, you never actually saw the outside of the site until you were in the building. You were never alone at anytime. Trips to the bathroom while at the site were monitored... in person by a guard with a rifle.
Now all that sounds ominous but everyone reported that the folks there were very professional (not friendly but professional).
The point of that whole story was that even a while ago someone said "any electronics" were a threat and decided that they had to go to extremes to limit their access. Still today I think that was the closest to a "sure" policy.
I'm hoping they've implemented some form of localized EMP that you have to pass through now to leave, because large storage is so incredibly small now that it would be impossible to discern it from articles of clothing.
The "hard" part is really just getting the data off the computer in the first place, which is probably why they don't allow bringing in technology anymore.
I wonder how much of a micro computer could be smuggled in one or two parts at a time, stored in articles of clothing, with the intent of simply saving data to a micro SD card which would be the only thing you need to smuggle back out. You would need to be able to assemble the device without soldering.
I guess the easiest would be to build a digital camera to record the screen or photos instead of trying to plug into the computers themselves which probably have robust host intrustion detection and prevention. Or perhaps if you could just record the digital output of the computer before it reaches the monitor. That could be prevented with some form of HDCP though, I think.
This all sounds kind of like a science fiction movie (or In the Line of Fire or that Snowden movie) but it's an interesting thought exercise in any case.
The "localised EMP" you mention could simply be a low power microwave oven of same type we have in our kitchens you have to walk through. Waves of that frequency would not harm a person if they were fairly low power, but it would mess up every bit of non-metal-shielded electronics.
If you want to destroy a piece of electronics quickly put it in a microwave oven and hit start (also don't expect to eat from that oven later - plastic residue etc if it heats up that much is probably not safe to eat). This will destroy usb keys and storage on them, SSDs, laptops, smartphones and data on them. The only kind of data safe is magnetic type hard drives, but they become less and less common these days.
You could even make a kind of "wand" similar to what guys at the airport have for pinpointing metal items on people. Wave it around someone suspected of having a listening or recording device - job done.
A friend of mine had an amusing story about a visit to a secure facility. He was an engineer in the late '80s or early '90s at company that made some kind of custom text search hardware. He was sent to a customer site to do some service on one of the machines.
The customer was some government intelligence agency (he didn't tell me which one). The machine was in a small room, which also had a printer. To get to that room, you had to walk through a big room full of workers at desks.
Before entering that big room, his escort would press a button beside the door that apparently signaled to those in the room that an outsider was going to come through. That would make some audible signal in the room, and start some red lights flashing on the ceiling. Everyone in the room then had to clear their desks, putting all their papers in their drawers and locking them, and returning the most secret document to their safes.
When all that was done, everyone returned to their desks and then someone would open the door, my friend's escort would tell him to not look around, and would escort him through to the room with the machine. The door would be closed and locked, with my friend and the escort in the machine room, and my friend could work on the machine. Out in the big room, the workers would take their work back out and go back to work.
Occasionally, someone in the big room wanted to use the printer in the machine room. Before they could do that, my friend had to be escorted out of the machine room, back through the big room, and out to the corridor...going through that whole "secure the room so an outsider can pass through" procedure to get back out, and then to get back in after the printout had been retrieved.
Unfortunately, my friend had a lunch that day which disagreed with him somewhat, so that afternoon there were also a few times he needed to get to the bathroom, which of course required going through the big room each time.
I'm not the original commenter but I'm familiar with policies like this. I grew up in Lynchburg, VA, where the Naval Nuclear Fuel facility is, operated by what was B&W. It had identical policies: everything that goes in, stays in, no one allowed in without clearance, no paper or electronics leave, air gapped computer network, etc. Not the monitored bathroom breaks, though....
A blindfold allows someone to be in close proximity to the person while also retain g visibility and communication with that person and other people (e.g. the driver).
If you lack out a special cabi area for a vehicle, either you are leaving them to their own devices in that area, or limiting the senses of your own staff you put in to watch them.
Finally, it's just a lot more expensive and cumbersome to have a large piece of machinery like that, and more likely to fail. What happens if the engine fails? Do you need a spare now? Using a blindfold as backup means that a blindfold is sufficient, so just use it and any vehicle now works.
I did a poor / vague job of describing that the blindfold was used inside buildings too. Folks walked with their hand on the shoulder of a guard in front of them from time to time.
The location of the site is pretty pointless and impossible to obscure (everyone can find it in satellite imagery). However they can certainly obscure more specific details about the site: what building houses what, where access points are, physical security measures around those points, components used in entries, etc.
Everyone knows roughly where Area 51 is, but that doesn't necessarily mean they'll let a contractor know where all the external security cameras are sited.
Why would you be willing to work in such conditions? If my employer demanded to send me to such a facility I would happily tell them to shove it and look for another job.
I always thought that Android's 3x3 dot pattern draw password thing was superior against these type of over the shoulder attack, as long as you turn off the tracing effect. Without tracing and if you do it quickly, it just looks like you’re dragging your thumb randomly all over the phone.
Well, if you had a flir camera looking over your shoulder the tracing effect (caused by localised heating of the screen) would still be there. I actually heard it is a legit method to defeat pin entry systems. If you can get to the terminal soon enough it was used, relevant keys will be a little hotter than the other. This will be visible with flir. Then all you have to do is figure out the order of digits.
This, 1000x this! The whole "draw your code" is equal to 111111 codes, because both operations are easily possible to hack if you leave your phone to your peer or random freak. Isn't it the same issue as in many house alarm systems that you just need some UV light to note the most used keys to guess the code?
I can't imagine a more annoying feature. My bank already does this where I cannot use the keyboard to type in digits, I have to use their own on-screen keyboard that's scrambled between every digit(!!!) and I can't imagine anything like that anywhere near my phone. Either pin-based protection is good enough for you, or if you need more security then switch to full a-Z password.
It's an absolute pain in the ass for the user, especially something you're going to be asked to enter multiple times an hour potentially. I play a game that has a 'bank pin' and they scramble the location of the digits and it slows you down a lot and makes you look and think about it every time you enter it. It's a pain and I only have to enter it after 10 minutes of inactivity.
That would screw me over. My passphrases tend to be based on a physical pattern of the keys. I can't actually tell you what my phone code is. I just know the order I push the buttons. Similarly, if I have to type me computer passphrase on a non-qwerty keyboard, I couldn't do it. I don't actually know the letters, I just know the pattern on the keyboard.
If the numbers were scrambled, I'd have to pick a new system to select a password.
More importantly, Android's pattern draw allows the user to pass on an already traced line. That way you can't guess the pattern just by looking at the screen smudges.
I liked BlackBerry10 picture passwords [0][1]. Unlocking was a bit slower than drawing few lines but good enough to unlock device fast - I'd say even if you were weakened by some disease/illness/exhausting workout moving slowly a number to target is easier than drawing few crossed lines.
I once got a friend's iPhone passcode correct first try by looking at finger smudges. If you're entering a passcode frequently it's definitely a risk to be aware of.
> it's the most obvious pattern you would think of.
First initial probably.
> honestly I set it to the same
Hmm. If it's the same, last name then? Maybe a diamond or something. I heard (Mitnick's book about best practices called The Art of Invisibility, chapter 1) many people don't use the corner dots very often, or they use an initial of their name.
I unintentionally can see people's phone patterns when they do it in view. At least with a passcode you can usually try to ignore it, or you have to try to pay attention. Those pattern ones show it visually in a way that's hard to ignore.
If I were giving a security recommendation to famous people and congresspeople I would recommend using a password like this. You might think it’s incredibly insecure, but imagine this GIF contained that 6 digit number that the congressman uses for all of his accounts. Suddenly, a ton of other services and passwords are vulnerable to an attacker.
In reality a lot of iPhones now require authentication at the app level for apps that have sensitive data.
To each his own, but knowing how public you are and how many people would want your passcode, I think the best practice is to use something dumb like 6 of the same keys.
This is itself bad advice. The proper solution is a truly random password, committed to memory, and all others being stored in a password manager, which is itself secured by a separate strong password
The problem isn't the password or the camera that captured it.
The problem is that the phone required a password in that scenario-- same user, phone never left his vicinity, probably not a long interval between uses. Being more selective about when to require a master password is a better protection model IMHO.
Or fingerprint readers, which most phones have had for years. It's possible that the DoD standards for the phone he has requires that biometrics be disabled.
I wonder what AI tech is being developed around detecting pin code entry on phones using passive CCTV networks.
If you process the feeds for public transit security cameras, I wouldn't be surprised if you can read the pin codes for a huge swath of the population. It would also reduce the need for law enforcement to try to get a suspect to tell them their passcode. Just look up that time they rode the subway 3 weeks ago and watch them enter it.
I often notice this at gas pumps. There are always cameras at gas pumps. If you pay at the pump, then you enter your pin. I shield mine very carefully, but I watch other people and they just punch in their pin without shielding. It's weird because people often shield their pin at a checkout counter because the clerk is right there (sort of) watching. Maybe these people feel at gas pumps, no one is watching... but the CCTV definitely is watching.
But it's not enough to know someone's code. So what if you do? Unless you can get the physical card without the owner knowing, what good would it do you?
Even being caught once entering your passcode on camera is enough to compromise it, regardless of how complex it is. A passphrase would possibly buy you more time (less discernible finger movement on a phone screen), but I would still consider it compromised.
I'd be curious if Apple had anonymous telemetry that showed what people were picking for their phone unlock PINs. Everyone I've ever seen set one does this same type of thing, either all one number, or they draw a line through the middle. The more advanced maybe use a date like their birthday that they can actually remember.
"What this process appears to show is that Apple never sees, handles, or stores your device passcode or password in unencrypted form, and it never passes the passcode or password over anything but secure transport. It requires only your Apple ID account name and password, sent over HTTPS, as the first stage of logging into iCloud, but not for the later stages."
This. I just went through every picture in the latest available Congressional Pictorial Directory, and I wasn't able to make a 100% sure identification, but my best guess was Rep. Andy Barr (Kentucky).
Readit News
I worked for a company that occasionally would service some of our hardware onsite. One customer was a company that did a lot of work for the military and they had "that site" that a few folks visited. Here was how that worked:
Nothing except your body and your clothes left the site, anything you brought stayed onsite (laptops that we brought onsite were left behind / effectively disposable, later you couldn't even bring those, they provided one). All that stuff belonged to the military / whomever you interacted with at the site.
No electronics, cameras, etc that were not previously improved were allowed and you were told you would not be leaving anytime soon if you had something "unexpected or unauthorized".
It was highly suggested that nothing was in your rental car other than your keys, the equipment you needed as they searched the car and the folks would take what they wished.
If you realized you had something you didn't want to in the car it was highly suggested you do not turn around if you are at all close to the location and to drive up and immediately tell them you dorked up and brought something. This was a fairly remote location so the probabbly knew you were coming before you saw the gate and the guards didn't like surprises.
Upon arrival you parked, were blindfolded and driven from the gate to the site, you never actually saw the outside of the site until you were in the building. You were never alone at anytime. Trips to the bathroom while at the site were monitored... in person by a guard with a rifle.
Now all that sounds ominous but everyone reported that the folks there were very professional (not friendly but professional).
The point of that whole story was that even a while ago someone said "any electronics" were a threat and decided that they had to go to extremes to limit their access. Still today I think that was the closest to a "sure" policy.
The "hard" part is really just getting the data off the computer in the first place, which is probably why they don't allow bringing in technology anymore.
I wonder how much of a micro computer could be smuggled in one or two parts at a time, stored in articles of clothing, with the intent of simply saving data to a micro SD card which would be the only thing you need to smuggle back out. You would need to be able to assemble the device without soldering.
I guess the easiest would be to build a digital camera to record the screen or photos instead of trying to plug into the computers themselves which probably have robust host intrustion detection and prevention. Or perhaps if you could just record the digital output of the computer before it reaches the monitor. That could be prevented with some form of HDCP though, I think.
This all sounds kind of like a science fiction movie (or In the Line of Fire or that Snowden movie) but it's an interesting thought exercise in any case.
Pure speculation: I have to imagine they take further steps now as what is "no electronics" now isn't reliably what you can easily see now.
If you want to destroy a piece of electronics quickly put it in a microwave oven and hit start (also don't expect to eat from that oven later - plastic residue etc if it heats up that much is probably not safe to eat). This will destroy usb keys and storage on them, SSDs, laptops, smartphones and data on them. The only kind of data safe is magnetic type hard drives, but they become less and less common these days.
You could even make a kind of "wand" similar to what guys at the airport have for pinpointing metal items on people. Wave it around someone suspected of having a listening or recording device - job done.
What would that do to, say, an artificial pacemaker? Feels a little, as you say, science fiction.
The customer was some government intelligence agency (he didn't tell me which one). The machine was in a small room, which also had a printer. To get to that room, you had to walk through a big room full of workers at desks.
Before entering that big room, his escort would press a button beside the door that apparently signaled to those in the room that an outsider was going to come through. That would make some audible signal in the room, and start some red lights flashing on the ceiling. Everyone in the room then had to clear their desks, putting all their papers in their drawers and locking them, and returning the most secret document to their safes.
When all that was done, everyone returned to their desks and then someone would open the door, my friend's escort would tell him to not look around, and would escort him through to the room with the machine. The door would be closed and locked, with my friend and the escort in the machine room, and my friend could work on the machine. Out in the big room, the workers would take their work back out and go back to work.
Occasionally, someone in the big room wanted to use the printer in the machine room. Before they could do that, my friend had to be escorted out of the machine room, back through the big room, and out to the corridor...going through that whole "secure the room so an outsider can pass through" procedure to get back out, and then to get back in after the printout had been retrieved.
Unfortunately, my friend had a lunch that day which disagreed with him somewhat, so that afternoon there were also a few times he needed to get to the bathroom, which of course required going through the big room each time.
No comment on the rest / some of it I honestly don't know.
None of the organizations involved share a lot of data / answer questions / you don't ask, and everything is designed around you not knowing.
We outsource pretty much anything to contractors, though.
But I guess the boindfolds also had a psychological effect of "we mean business".
If you lack out a special cabi area for a vehicle, either you are leaving them to their own devices in that area, or limiting the senses of your own staff you put in to watch them.
Finally, it's just a lot more expensive and cumbersome to have a large piece of machinery like that, and more likely to fail. What happens if the engine fails? Do you need a spare now? Using a blindfold as backup means that a blindfold is sufficient, so just use it and any vehicle now works.
I did a poor / vague job of describing that the blindfold was used inside buildings too. Folks walked with their hand on the shoulder of a guard in front of them from time to time.
But at the gate you couldn't see much of anything. So you effectively never saw the outside of the site, and even parts of the inside of the building.
What you could see, where you could go, all of it seemed to be clearly planned ahead of time and it was just what was essential to complete the task.
Deleted Comment
But yea, same thing with them being well aware of your arrival before you show up.
It was their underground bunk backup site near DC, think it was Baltimore area. Drove up to a guard in front of chain link fence.
Most of the time we worked with traditional commercial customers that while some were secure, were nothing like I described.
Nobody seemed to have any concern with the policies / security.
If the numbers were scrambled, I'd have to pick a new system to select a password.
[0]: https://helpblog.blackberry.com/2014/02/how-to-use-picture-p...
[1]: https://youtu.be/WmBhvn9Q9SE?t=151
"Oh hey, cool, a Σ!"
And honestly I set it to the same, just because it's the most convenient to use. If I make a convoluted pattern I won't be able to do it as easily.
So still same old crap.. we tend to go to thinks we can remember and easily do- and that is not the most secure.
First initial probably.
> honestly I set it to the same
Hmm. If it's the same, last name then? Maybe a diamond or something. I heard (Mitnick's book about best practices called The Art of Invisibility, chapter 1) many people don't use the corner dots very often, or they use an initial of their name.
I unintentionally can see people's phone patterns when they do it in view. At least with a passcode you can usually try to ignore it, or you have to try to pay attention. Those pattern ones show it visually in a way that's hard to ignore.
In reality a lot of iPhones now require authentication at the app level for apps that have sensitive data.
To each his own, but knowing how public you are and how many people would want your passcode, I think the best practice is to use something dumb like 6 of the same keys.
I'm fairly certain that knowing my passcode would provide access to my email, which can then be used to acquire access to plenty of critical services.
Deleted Comment
The problem is that the phone required a password in that scenario-- same user, phone never left his vicinity, probably not a long interval between uses. Being more selective about when to require a master password is a better protection model IMHO.
If you process the feeds for public transit security cameras, I wouldn't be surprised if you can read the pin codes for a huge swath of the population. It would also reduce the need for law enforcement to try to get a suspect to tell them their passcode. Just look up that time they rode the subway 3 weeks ago and watch them enter it.
A PIN is more secure than a fingerprint and Face ID. But at least use a combination of either one with a PIN to make it more secure.
Since the device was already on and it directly showed the PIN screen, Face ID is disabled and instead he chooses to only use a very very weak PIN.
Oh dear.
While generally true, this is probably not the case for someone who's regularly using their phone on camera like a Congressional rep.
It's just security theater.
"What this process appears to show is that Apple never sees, handles, or stores your device passcode or password in unencrypted form, and it never passes the passcode or password over anything but secure transport. It requires only your Apple ID account name and password, sent over HTTPS, as the first stage of logging into iCloud, but not for the later stages."
Excerpt from: https://tidbits.com/2019/09/26/why-apple-asks-for-your-passc...
1234 1111 0000 1212 7777 1004 2000 4444 2222 6969 9999 3333 5555 6666 1122 1313 8888 4321 2001 1010
https://www.pocket-lint.com/phones/news/148224-these-are-the...
I'm not using any of this, but many of the people I know their PINs (family, girlfriend, close friends)
Are actually using something from this list