Conversation

Notices

1. Embed this notice
   Charlie Stross (cstross@wandering.shop)'s status on Friday, 06-Dec-2024 23:21:29 JST Charlie Stross

   Reading @pluralistic's take on battery bombs and security theatre here:

   https://pluralistic.net/2024/12/06/shoenabombers/#paging-dick-cheney

   I was struck by an idea ...

   1. Supply chain attack on iPhones to install PETN battery bombs and malware
   2. Malware on iPhone bombs tracks location and looks for barometric pressure reported by a Watch Ultra (they have an altimeter)
   3. Phone set to explode when Watch visits an airport then altitude increases from surface level to over 2000 metres in under 5 minutes

   Brrr!

   • Embed this notice
     Charlie Stross (cstross@wandering.shop)'s status on Friday, 06-Dec-2024 23:23:39 JST Charlie Stross

     in reply to

     It'd cost more than the Israeli pager attack on Hezbollah, and targets are more limited (need high end phone AND a fancy smart watch), but potential for a sudden multiple bombing of airliners with no prior notice and no reasonable way ot detecting it in advance is there.

   • Embed this notice
     Jacek Wesołowski (jzillw@mastodon.gamedev.place)'s status on Friday, 06-Dec-2024 23:27:17 JST Jacek Wesołowski

     in reply to

     @cstross Absolutely not saying this is a good idea in any sense of the word "good", but I can't help thinking about the potential to target not airliners, but private jets.

   • Embed this notice
     Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Friday, 06-Dec-2024 23:28:15 JST Jan Wildeboer 😷:krulorange:

     in reply to

     @cstross Building those sensors and explosives into a power bank that you give away at a relevant conference would be far cheaper ...

   • Embed this notice
     ploum (ploum@mamot.fr)'s status on Friday, 06-Dec-2024 23:45:21 JST ploum

     in reply to

     @cstross : in one of my books, a short story is about a lonely engineer setting up, alone, multiple terrorists attacks to make the point that current security theater is making the world more dangerous.

     The story is set in a realistic tone, with everything doable by a lonely engineer with of-the-shelves material.

     Most of the reactions I had were: "You are crazy! What if you give the idea to true terrorists?"

     Bruce Schneier said: our luck is that people wanting to kill other are extremely rare

   • Embed this notice
     Ted Mielczarek (tedmielczarek@mastodon.social)'s status on Friday, 06-Dec-2024 23:48:42 JST Ted Mielczarek

     in reply to

     @cstross getting malware into the iPhone would be the hardest part of this attack given that iPhones have a secure bootloader (and Apple controls the silicon).

   • Embed this notice
     Charlie Stross (cstross@wandering.shop)'s status on Friday, 06-Dec-2024 23:48:42 JST Charlie Stross

     in reply to

     • Ted Mielczarek

     @tedmielczarek Yes! But the EU right-to-repair stuff has opened them up to third party repairs, so an Evil Maid attack is plausible. Especially if you posit a state-level actor in the loop.

   • Embed this notice
     Charlie Stross (cstross@wandering.shop)'s status on Friday, 06-Dec-2024 23:49:10 JST Charlie Stross

     in reply to

     • Seiðr

     @Illuminatus The clown factor is, however, a Thing in Christopher Brookmyre's oeuvre—I can't recommend "One Fine Day in the Middle of The Night" too highly if you want assclown terrorists, or "A Big Boy Did It And Ran Away" if you want terrorists vs. Glaswegian grannies (do NOT mess with the Glaswegian grannies, you may not live long enough to regret it).

   • Embed this notice
     Seiðr (illuminatus@mstdn.social)'s status on Friday, 06-Dec-2024 23:49:11 JST Seiðr

     in reply to

     @cstross Whenever someone (usually Cory, yes), writes a book in this style with "ideas", I remember the age of the bio-warfare thriller novel in the 90's and then I see our latest pandemic and I can't escape how those authors took themselves really seriously and didn't get in their fiction the "clown factor" or the "Cohen brothers factor" of people being also unpredictably stupid and plans going awry because humans gonna human.

   • Embed this notice
     Charlie Stross (cstross@wandering.shop)'s status on Saturday, 07-Dec-2024 00:08:29 JST Charlie Stross

     in reply to

     • ploum

     @ploum Also, terrorists are generally angry and incompetent. Angry, or they'd seek to use other, more successful means of effecting social change: incompetent, or they'd be able to use other means effectively. It's not a career that selects for competence.

   • Embed this notice
     ploum (ploum@mamot.fr)'s status on Saturday, 07-Dec-2024 00:15:33 JST ploum

     in reply to

     @cstross : which is wonderfully illustrated by the great movie "We are four lions".

     There’s a line in it when one terrorist start to question some part of their plan and the chief answer: "don’t try to think! Your brain is the enemy of your faith" (or something similar)

   • Embed this notice
     Charlie Stross (cstross@wandering.shop)'s status on Saturday, 07-Dec-2024 00:17:15 JST Charlie Stross

     in reply to

     • Graydon

     @graydon It'd be a potential mechanism for getting at Musk, Zuckerberg, and other billionaires (typically Gulfstream owners), esp. if you target the pilot (bizjets often fly with only one pilot on domestic routes). Much less effective against a USAF VC-25 (aka Air Force One) due to sheer size/ruggedness.

   • Embed this notice
     Graydon (graydon@canada.masto.host)'s status on Saturday, 07-Dec-2024 00:17:16 JST Graydon

     in reply to

     @cstross Much more interesting to use it to take out the flight crews of private jets.

     The passenger isn't likely to have a phone you can get to, but someone in the crew does.

     Also, the Israeli version was a terror attack; damage was not the primary goal. And phones transmit. "Involuntary remote detonator" is an under-exploited niche for malware at this time.

   • Embed this notice
     knirirr (knirirr@mamot.fr)'s status on Saturday, 07-Dec-2024 00:17:21 JST knirirr

     in reply to

     • ploum

     @ploum @cstross take a look at the last three letters of their car registration next time you watch it https://www.oed.com/dictionary/twp_adj?tl=true

   • Embed this notice
     pettter (pettter@mastodon.acc.umu.se)'s status on Saturday, 07-Dec-2024 00:23:40 JST pettter

     in reply to

     • ploum

     @cstross @ploum what more successful means, exactly? How are we doing in terms of stopping an ongoing genocide and environmental destruction using other means?

   • Embed this notice
     Graydon (graydon@canada.masto.host)'s status on Saturday, 07-Dec-2024 01:21:39 JST Graydon

     in reply to

     @cstross I don't think anyone wants to target Air Force One.

     The US response to 9/11 was and is a lot of bad examples and highly suboptimal choices, but also an illustration that the US can and will do whatever it wants in response to a national emotionally significant event.

     And that was with notionally responsible long-term planners and aware-of-the-machine imperial apparatchiks in charge of things. With irresponsible grifters in charge it becomes even less predictable.

   • Embed this notice
     Janice in GA (archergal@wandering.shop)'s status on Saturday, 07-Dec-2024 01:41:25 JST Janice in GA

     in reply to

     @cstross Jeezopete

   • Embed this notice
     Charlie Stross (cstross@wandering.shop)'s status on Saturday, 07-Dec-2024 02:22:25 JST Charlie Stross

     in reply to

     • Argonel

     @Argonel I think you missed the August 2023 takedown of Yevgeny Prigozhin's jet in the wake of the Wagner Group mutiny against Putin, but nobody who knows is saying exactly what sort of bomb was used: https://en.wikipedia.org/wiki/Wagner_Group#Plane_crash

   • Embed this notice
     Argonel (argonel@dice.camp)'s status on Saturday, 07-Dec-2024 02:22:26 JST Argonel

     in reply to

     @cstross the good news is that airlines are pretty tough and the amount of explosives that can be stuffed in an electronic device is pretty small. The 3 most recent incidents that destroyed a plane were Oct 2015 metro jet 9268, Aug 2004 chechen bomb plot, and Nov 1989 Avianca 203. There would be lots of injuries/fatalities, but the planes would probably remain flyable if a pilot was ok.

   • Embed this notice
     Galbinus Caeli 🌯 (skiphuffman@astrodon.social)'s status on Saturday, 07-Dec-2024 04:39:36 JST Galbinus Caeli 🌯

     in reply to

     • Jan Wildeboer 😷:krulorange:
     • Jonathan

     @jonbro @jwildeboer @cstross don't even need barometer. GPS data is three dimensional

   • Embed this notice
     Jonathan (jonbro@friend.camp)'s status on Saturday, 07-Dec-2024 04:39:37 JST Jonathan

     in reply to

     • Jan Wildeboer 😷:krulorange:

     @jwildeboer @cstross yeah, if you are doing a supply chain attack just pack the whole package into the battery. TSA isn't gonna be doing circuit level scans for barometers on every battery that goes through their machines.