Wednesday, October 30, 2019

For all you paranoids.

There is a processor on that chip. It's called Secure Element. I guess they are trying to embed these into phones and watches. And whatever else. It is an NFC enabled chip.

I don't know much about it yet as this was the first time I'd ever seen it. I was a little startled by how small they are. I know we have already have on our credit cards, but as you can see this one is a little raised.

Normally I wouldn't be so freaked out about this stuff, but Silicon Valley has pretty much abused the privilege of your data. Most technology didn't start out to be evil, people just became people and made it that way.

"Instead of user name and password, access to an online service may be protected by a strong authentication mechanism, based on credentials stored and processed in the secure element. So to log into a VPN or your email, a Secure Element could be involved in the background to ensure you are who you say you are." 

"Applications may use the SE to digitally sign a document or any data with a key stored in this secure element. This key helps the secure element unlock encrypted data so it can be read. Again this is used to prove you are you. So your email program could use connect to the Secure Element to digitally “sign” emails you send, or a government web application could access it when you are using their digital services." Source.


Capital of Texas Refugee said...

It's just an upgraded SIM card or EMV card -- the "secure element" crap is just some card manufacturer's marketing bullshit, and there's already a processor inside all of your SIM cards, EMV cards, and even passports/passport cards anyway.

You should see the Estonian version.

Estonia has its own non-CryptoAPI stuff on their e-ID card as well as the usual PKCS #11 that you'd expect with a card like this. There are apparently more than a few quirks with it because Estonia forged on with what they wanted instead of what the card manufacturers were pushing, and a while back they had to reissue all of their e-ID cards because of a fairly nasty security weakness.

But here's the thing: generally this kind of stuff can be almost useless even with some kind of broad support.

Governments might get their agencies all on board with sharing data, but do you think that Hells Fargo and Fees of America will want to share space on the same card?

And so you wind up with dedicated cards for each account, vendor, company, and so on, with what is essentially an upgrade on 1950s magnetic strip technology.

SIM card and EMV card manufacturers like to dream of a world in which people actually need them for even the most mundane stuff, but so far there's no push to try to centralize any of this stuff because of few wanting to climb into the world of shared security tokens.

"Most technology didn't start out to be evil ..."

I remember Zhou Enlai's response to being asked about the end-effects of the French Revolution: it's still too soon to tell.

But I strongly suspect that the Sixth Republic or the Seventh Republic will probably come about as a result of declaring war on the bureaucrats.

So far the Rear Echelon Mother Fuckers (REMFs) haven't been involved in actual up-close-and-personal regime change, but if technocrats really get under the skin of a lot of people and get them to lose their tempers, all bets are off.

Force people to use intrusive technology for the most mundane stuff and then we'll see how that actually works out -- until then, it's still too soon to tell.

As for the "raised" chip part, that could just be a gimmick where the manufacturer has a higher wire bonding surface just to make it look like there's a lot more hardware under the metal fingers than there actually is.

We could make the most insubstantial hardware look impressive by having really beefy wire bonding surfaces that we'd then have slabbed with a big chunk of resin to keep their proprietary yet insubstantial workings nice and hidden.

This is very commonly done with USB hardware if you haven't taken any apart or had any built lately ...

she said: said...

Really interesting comment. I guess I was just sort of stunned at the potential on a consumer level. If they really got creative you could put this practically anywhere. This is not really in the niche I normally pay attention to.

Once a few years back I saw a credit card that had a tiny strip that changed numbers like a VPN key fob. On a credit card! I haven't seen anything out of that either.

Capital of Texas Refugee said...

Want to take this tech to the next creepy Silicon Valley level?

Here's how that'll play out ...

Remember the movie "Freejack" with the laser scannable license plate?

Something like that, but it doesn't work like that.

Instead, buried within a slabbed plastic license plate with all of the traditional visual stuff will be one of those upgraded SIM/EMV chips in it as well as a fuckload of antenna wiring and a bunch of passive electrical tap stuff built into it.

How it will work: as the vehicle goes by mile markers/pylons on the road, the card will handshake with each of them.

The authority that runs the system gets accurate mileage as well as optional coded surveillance extras.

Think it won't happen?

California would probably love to e-meter every big rig doing anything in the state right now.

Don't have a California large truck license plate? No problem, hand over ID and registration along with some cash, and here's a fancy new mini-California large truck license plate that will have to be mounted somewhere where it'll be scannable.

Then California can accurately assess road tax and damages charges to big rigs.

And when this gets so cheap that it can be embedded in every license plate, not just the ones that are literal rolling cash cows ...

Now let's get back to the 1950s magnetic stripe: the problem is that smart card tech is an upgrade to the magnetic stripe that lets you do the equivalent of turning the magnetic stripe into an 8-track tape that plays over and over and over whatever the manufacturer wants, but with the added feature that there's always the ability to change the tune.

So instead of being limited to transponder technology, this stuff becomes interactive at a realtime level, and it already is: that's what a SIM card enables already.

Back in the 1970s when the 8-track was king, if California would have tried to do something like this, it wouldn't have worked and it would have been one of those "don't try technology too early" tales.

But now? It's totally doable.

Before you say that I'm giving away a really horrible idea so someone can run with it, you haven't seen how road tax is collected in some other countries.

There are countries where something like this is already in place.

You'll need your "tax disc", "tax stamp", "tax sticker", etc. just to cross several European countries, and if you are a visitor, you may get to buy one at the border (if you're lucky and aren't fined on the spot for not having one already) ...

So yeah, there's potential ... but I don't think you are going to like where some of this potential leads, and that may not be a minority opinion once this kind of tech has been around for a while.

Capital of Texas Refugee said...

One example: what happens when it gets cheap enough that your insurance company demands its use as a condition of the insurance policy?

All of the conventional uses such as that Korean bank credit card in your picture?

That's not where the real nasty threats to privacy and freedom happen to be for the most part, because those uses have made a one-for-one upgrade from 1950s magnetic stripe technology without going overboard with it (so far).

It's all of the other non-established uses where these problems appear.

Because of that, this is a niche I pay attention to a lot.

I figure one day I'll have to stop driving not because I'm getting older and my eyes are increasingly messed up as the years roll on, but because I'll be scrutinized for every dumbshit little thing I do on the roads regardless of whether it's actually a problem or not ...

Considered from the viewpoint of economic externalities, there's a point at which it becomes cheaper to let other people drive, and this type of tech brings that point even closer.

It even becomes cheaper on a personal level at some point to put up with rail systems and all of the crap that brings along with it ...

If any of this sounds like it's dove-tailing with some of those really creepy California planner conversations you've heard where they want to try to "convince" people to do shit they really don't want to do, you are now finally paying attention.

Happy Halloween. :-)

she said: said...

That's what I am saying in a less verbose way.

"Considered from the viewpoint of economic externalities, there's a point at which it becomes cheaper to let other people drive, and this type of tech brings that point even closer."

Well.... I guess they have won. That is exactly the result they are targeting. It's not even a wildly held secret. They are fully out about it. I've been to conferences where they say they are going to charge by the mile and by the length of your vehicle. They started out with a carrot and stick sort of method.

Ride sharing was the carrot. Now they don't understand why you idiots won't stop buying and driving cars, so they will go to the stick method which is to make it financially untenable to drive. I'm glad to see you are willingly following the program. Compliance never seemed so easy I guess.

Before you say that I'm giving away a really horrible idea so someone can run with it, you haven't seen how road tax is collected in some other countries."

Oh, I don't know exactly - but I know that all these crazy ideas come from Europe. It sort of pisses me off. All these conferences I go to are people from Europe trying to get America to do the things they do. For instance I was at a conference a couple of weeks ago for American Automotive. There wasn't a single American company pitching ideas. NOT A SINGLE ONE! It was all Eurozone people and their nannying ideas. So I don't have any illusion about how far this will go.

Capital of Texas Refugee said...

"I'm glad to see you are willingly following the program."

I don't call looking for a geo-arbitrage scenario I can live with "willingly following the program" -- the people who bought out the company have the right idea after all, and I'm better off accepting a bit of annoyance, a lot of inconvenience, and huge amount of disruption up front instead of later.

Montpellier won't work, BTW -- it feels like a French version of Sanibel Island, the kind of place that people wind up in because they think they need some sort of sand-bagged coastal hideaway away from everything. I was willing to give it a try, which is something new right there.

But still ... don't you want to know the form of your Destroyer?


Uh ... how about Powdered Toast Man?

Powdered Toast Man could never do anything bad to us!!!

*a few minutes later*





So, yeah, I wanted to know how seemingly simple tech can be extended and turned into privacy and freedom-destroying shit by people who try to act like they're "looking out for you" in some way.

Something as simple as the little chip that makes an LTE modem work inside a device that was meant to be a kind of vital services transponder (as in one that watches something that can fail, rather than spying on people) can be turned into The Ghost of Orwell's Christmas Future.


The cards in your wallet are the least bothersome: you stick those inside some RFID shields and that'll keep them from being used as some kind of active ping of who you are by whatever's around you that isn't under the control of people you can trust just enough most of the time ...

Even your phone can be tamed: I carry around some RF shielding bags made out of stainless steel mesh that do that job pretty nicely.

So if all that Samsung's going to do with it is what they showed in a demo, you can rest easier for a while ... but I'd still x-ray any new CA license plates you get in the future, especially the "all plastic" variety, just so you can see what you're really in for.

But yeah, about my being "verbose", I have something for you. :-)

DJ Hell and P. Diddy's "The DJ" tells that story.


she said: said...

I don't have to be quite that paranoid. But it's interesting you do. And I like powdered toast man. I wonder how many of my readers understand the reference or just think we are batshit crazy.

Capital of Texas Refugee said...

"I don't have to be quite that paranoid."

You just think you don't have to be that paranoid.

Allow me to amplify your paranoia with LAZERZ.

An interesting but not widely known thing about these types of microphones: nearly any signal can be a carrier wave for a modulated audio attack.

It's even more fun with a powerful maser instead of a laser because nobody can see the transmission without specialized detection gear and because you can reach the target devices from farther away.

Also, if you turn up the wattage a bit higher, you can discreetly cook your adversary's feet while they have them propped up next to their phones, so there's that.

This reminds me of this "special gift" the Russians gave the American ambassador in Moscow back in the World War 2 era, a "special gift" that went undetected for seven years.

One of the also interesting characteristics of the stainless steel mesh RF blocker bags I keep handy is that they also nicely block any arcanely-modulated audio, including audio modulated via MAZERZ AND LAZERZ. :-)



Sample enough ambient audio around you and turn it into a word salad: "YES ... I ... APPROVE ... THE ... TRANSFER ... OF ... TEN ... THOUSAND ... DOLLARS."

And then what seems like an arcane use of this technology can be used to drain your bank accounts.

They can even get a head start if your phone's answering message contains positive words such as "YES", "OK", "ALL RIGHT", etc.

Someone steals a little mail, perhaps your bank statement or (lucky them) one of those credit monitoring reports that's been ordered for you, and if they like what they see, they can sit back and covertly collect enough information to be able to leverage it into a class break.

I am sufficiently paranoid; you are not paranoid enough. :-)

she said: said...

Yeah. I've been here the whole time. I think I'm good. Not my first rodeo on compartmentalizing data.