![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
ciphergothBruce Schneier once wrote an excellent essay entitled Inside the twisted mind of the security professional.![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
booklectic):
Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that you filled in with your address, and the company would mail you some ants. My friend expressed surprise that you could get ants sent to you in the mail.This was my reaction on reading this story on craziestgadgets.com (propogated from
I replied: "What's really interesting is that these people will send a tube of live ants to anyone you tell them to."
Security requires a particular mindset. Security professionals -- at least the good ones -- see the world differently. They can't walk into a store without noticing how they might shoplift. They can't use a computer without wondering about the security vulnerabilities. They can't vote without trying to figure out how to vote twice. They just can't help it.
booklectic):A Norwegian hospital is outfitting all newborn babies with Anti-Theft Alarms. The alarms consist of a small chip placed on the baby’s ankle bracelet and it is paired with a matching chip on the mother’s bracelet.My question is, is there a crime you could commit by locking down the hospital at a time of the criminal's choosing? Prop open a few doors (or have associates hold them open), then snip the bracelet to lock down the rest, and use the ensuing chaos to steal stuff? Or indeed, could you use it to commit a murder?
If the two chips are separated by more than a certain distance, an alarm goes off. If the baby’s bracelet is removed without authorization, the whole hospital goes into lockdown mode with the elevators stopping and the doors locking. The alarms are meant to prevent both kidnappings and baby mixups.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2008-07-26 01:02 pm (UTC)no subject
Date: 2008-07-26 01:23 pm (UTC)However a site emergency put turnstiles onto exit direction free wheel and de-energised the magnetic locks on zone within zone doorways.
no subject
Date: 2008-07-26 02:14 pm (UTC)no subject
Date: 2008-07-26 02:48 pm (UTC)Secondary emergency exits with illuminated signs and push-bars were fitted too.
no subject
Date: 2008-07-26 01:21 pm (UTC)I don't know abut that. Presumably the system would be tracking which doors were and weren't open and if you combine that with CCTV all it would do is focus the security personnel on the location of the criminals. It would be okay if all the security personnel were trapped inside the hospital with non-functional elevators along with everyone else but that seems unlikely! Most security offices in the hospitals I've worked in are partly off-site.
You could commit a murder, though, I think, depending on how stupidly the system was designed in the first place. The article doesn't say which elevators are locked down, but it's not out of the question for an elevator journey to be necessary to transport patients to resuscitation or intensive care. You could just wait until your rich relative has a coronary and then snip the bracelet. If the system designers haven't been thinking, pop goes the uncle and cha-ching gos your fresh-minted Swiss bank account. But, again, perhaps unlikely, most patients looking like they may need intensive care are situated near the appropriate facilities. Perhaps not all, mind you.
The thing surprising me about this is that it's in Norway. Are there lots of babies going missing in Norway?
no subject
Date: 2008-07-26 02:15 pm (UTC)no subject
Date: 2008-07-26 03:06 pm (UTC)no subject
Date: 2008-07-26 03:45 pm (UTC)no subject
Date: 2008-07-26 08:35 pm (UTC)An obvious place to subvert this system is before the tags get put on, or - actually, this is probably by far the best plan - simply get hold of the gadget that removes the tags when people are discharged. A little light social engineering would suffice.
But more fundamentally, I can believe that political pressure and a loss of clear thinking (easily done w.r.t. small children) could lead to the introduction of a system along those sort of lines (with an alarm) but cannot believe that any hospital (with a maternity unit) would introduce a system that would stop all the elevators. Think about it for a minute. It's a bonkers plan. Elevators in hospitals are a life-critical system. (Locking all the external doors seems a little fishy but is not quite as self-evidently ludicrous.) And then re-read the linked story and look for any specific details that would make it possible to falsify or verify it independently ... oh look, there aren't any.
Or indeed, could you use it to commit a murder?
My initial thought was "but a hospital is already a really good place to do that", except of course for the small matter that the victim is conveniently located for quick access to expert emergency health care, so you'd need to choose method appropriately.
no subject
Date: 2008-07-27 05:22 pm (UTC)If there's any treatment that involves moving the patient in a limited time - and that means *any* medical emergency - then locking the doors and elevators is manslaughter.
Luckily, intensive-care patients are placed right in amongst their essential equipment, and recovery rooms are right next to operating theatres. The predictable stuff is covered. But running of an essential consumable like (say) oxygen during a lockdown would be fatal. As would a medical emergency requiring a patient transfer... But neither of those are attacks on a single point of failure, so I won't count them as weaknesses - with the caveat that the systems of a badly-managed hospital might be so complex and so overextended that multiple near-failures exist at all times, and a global problem like a lockdown might not need additional 'bad luck' to kill a patient.
I find it difficult to believe that the security team would have no override key to gain rapid access to the immediate area of the alert signal. Trouble is, the very existence of a master key is a security flaw which can be exploited - again, we've moved beyond a single-point attack - but the next problem is that doctors will obtain override keys for life-and-death medical emergencies. Which means that senior managers, ingenious sysadmins and - eventually - everyone else will get them, including criminals: this is the real-life version of the 'doors-propped-open' escape route in a 'secure' building.
I can see why managers perceive a need for better security: too many highly-publicised cases of inadvertent baby swaps. But almost every security and safety measure ever taken by a bureaucrat addresses the symptoms of a problem without correcting the causes, and imposes burdens on the users of a system without actually making it safer. I doubt that this example will be any different, and I can already see several new dangers - in addition to the glaring security risk which nobody is mentioning: how do you know you put the right tags on the right mother and baby? Yes, the obvious answer is 'at birth' - but what if this critical step is inadequately administered and supervised? I bet that no-one knows when the majority of baby-swap accidents occur, and this is the obvious single-point-of-failure.