Hollow Spy Coins 322
Bruce Schneier's blog links to a few sources for hollow spy coins, one being BoingBoing's Bazaar — where a nickel that can hold a microSD card costs $27. Another is Slashdot's sister company ThinkGeek, where you can get hollow quarters and half-dollars in the low 20s. As if corporate and government security geeks didn't have enough to worry about.
Sounds rather disappointing, really (Score:4, Insightful)
Slashvertisement (Score:5, Insightful)
hey kdawson, if you're going to try to slip in an ad for your sister company in a "news story", at least mark it up as an advertisement.
This is just wrong. kdawson should be fired for such a breach of ethics.
Just wait a while ... (Score:4, Insightful)
Re:X-ray impervious? (Score:5, Insightful)
What's the point (Score:5, Insightful)
You can walk right through security (airport, border, corporate) with a microSD card in your pocket and nobody blinks an eye. Trying to "smuggle" a MicroSD card through is more likely to result in you getting caught and treated badly (even if it isn't even illegal). If the data on the MicroSD card is what you're trying to hide, a better spy device would be a trick card... say, which was internally partitioned into two cards with some very obscure way (SW or HW) of switching between them. Put innocuous data on one side, stick it in your camera, phone, music player, whatever. Even if the goons search the card, that's all they find. Short the right contacts or send the right command, and get access to the "evil" data.
Re:Sounds rather disappointing, really (Score:5, Insightful)
When you see a guy trying to open a coin... (Score:2, Insightful)
Hiding in plain sight (Score:5, Insightful)
Considering how laptops have become fair game for involuntary search and seizure at US borders, I think putting your 'important stuff' on a microSD card inside a hollow coin is probably a good idea.
My blackberry has a microSD card in it. I have passed through many different customs / airport security examinations and nobody has ever examined the contents of the card. I don't see the point of paying for an even smaller microSD card carrier, when I already have a small microSD reader that I carry with me everywhere that nobody ever raises an eye towards.
And even if my phone is off, or the battery is dead, it still does just fine at carrying the card and looking extremely ordinary. You could also substitute most Motorola phones in the same role, and any number of other phones that I haven't paid attention to that also use microSD.
TrueCrypt file named DSC43423.jpg (Score:5, Insightful)
I think you'd be better off with a TrueCrypt file named DSC13423.jpg stored on an SDHC card loaded inside a point and shoot camera. Better if it is surrounded by other images with sequential numbers that make sense too.
These seem like neat toys... (Score:3, Insightful)
They seem virtually irrelevant as either a security threat or a tool of asymmetric covert operation, though. MicroSD cards are already small and durable(resistant to liquids, magnetic fields, a number of common solvents, surprising amounts of mechanical strain, etc.). Perhaps more importantly, they are already dirt-cheap and extremely common consumer electronics. Unlike, say, little bits of microfilm, which might not like being stored under your tongue or embedded in the gum stuck to the bottom of your shoe, and which are instantly suspicious on discovery(since virtually nobody used tiny pieces of microfilm in the course of ordinary activity. Libraries always used long spools or large cards of the stuff, and hardly anybody else used any at all), a microSD card, even a plainly visible one, arouses no particular suspicion. Virtually every mid-market cellphone comes with one, lots of PMPs use them for storage expansion, you can even get them at pharmacies.
Even in fascist Orwellistan, or some high-security facility, where it would be legal and accepted to inspect people for them, it would be an immensely tedious chore, because they are so common.
If you are running some sort of high-security operation, your computers would(unless you are a terminal incompetent) be configured without any means of transferring data to unapproved storage media(configuring the OS to, say, only load drivers for USB_HID devices with vendor ID matching whoever your vendor is, and load no driver and send an alert with the machine name, logged on user, and lsusb output to IT security is not commonly done; but it is hardly rocket surgery.) Trying to stop secrets from leaving by physically intercepting tiny chunks of flash memory at the door is just stupid.
Re:What's the point (Score:5, Insightful)
Re:Hiding in plain sight (Score:5, Insightful)
But no, seriously, do you think that the day will never come when people's phones are seized? Laptops are more valuable than phones, so if they are willing and able to get away with dispossessing you of those, the only reason phones aren't being taken is that they don't feel that is useful 'right now'. Someday some undersecretary is going to think 'phones carry lots of data now too, we should be searching those as well!' and boom, a new policy will be put in place, and you'll be saying goodbye to your microSD card.
Re:Hiding in plain sight (Score:3, Insightful)
So the coin makes sense but mostly all of the devices point out how security is basically stupid at best.
I disagree with you on that. The purpose of these coins is just to hide the microSD card. Except that a hollowed-out coin would look more suspicious at the airport scanner. You can physically put the same microSD card into your phone (any phone that takes a microSD, that is) and raise no suspicion whatsoever.
Hence the coin makes no sense, unless you don't own a phone that can take a microSD - in which case you're a terrible excuse for a spy.
So if the point is to make security look silly, then the best route would be to keep doing what we already do. And if someone released a 128gb microSD tomorrow, you could still physically place it in your phone even if it only supports up to 16 or 32gb; your phone just wouldn't be able to read it. But a non-readable card in a phone is still equally as useful as the same card in a coin, and still just as useful when you get to the other end.
they could care less what phone any of us have, as they rarely ever inspect it
That is pretty much the point I am making. We already have good tools for smuggling microSD cards to wherever. We can move arbitrarily large microSD cards through security today without anyone asking questions. These coins are meaningless toys.
Re:X-ray? (Score:3, Insightful)
While I concede it's unlikely anyone would actively look for such a thing - let alone find it - if they do you have a problem.
Previously, you were Just Another Passenger.
Now, you are A Passenger Who Has An Item Obviously Designed to Hide Something Right Under Somebody's Nose.
If that doesn't attract further interest, I don't know what will. I think the "take it out and plug it into your phone" suggestion was better.
Re:Sounds rather disappointing, really (Score:1, Insightful)
Re:Hiding in plain sight (Score:3, Insightful)
You don't even need a phone that actually uses micro SD cards.
You can tape a micro SD card in the back of a low-end ordinary cellphone. Since the phone isn't viewed even as a computing device, the only way the border agents are going to find anything is if they actually take the back off the phone.
The only way to keep data from entering/leaving the country would be to shut down travel entirely, shut down the mail, shut down the parcel services, and turn the US into North Korea.
I shouldn't say that too loud and give them ideas, should I?
--
BMO
Re:Slashvertisement (Score:5, Insightful)
Even as a "slashvertisement" - isn't the idea of a hollowed out quarter with enough space for a MicroSD card cool? Are there not interesting consequences for security experts and people concerned about corporate espionage? In other words - won't this "slashvertisement" stimulate some interesting discussion? If you have such a problem with kdawson's "ethics" log the fuck in and take him off your index.
Re:Sounds rather disappointing, really (Score:3, Insightful)
Re:Hiding in plain sight (Score:3, Insightful)
Oh, no, they actually care about laptops. And phones. They actually know those can hold data, so just might take them even if they can't find any.
Tape it to the circuit board of your travel alarm clock. Or your electric razor.