AirDropped Gun Photo Causes Terrorist Scare

A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane—still at the gate—was evacuated and searched.

The teen was not allowed to reboard. I can’t find any information about whether he was charged with any of those vague “terrorist threat” crimes.

It’s been a long time since we’ve had one of these sorts of overreactions.

Posted on July 29, 2021 at 6:52 AM53 Comments

Comments

NombreNoImportane' July 29, 2021 7:01 AM

Quote – “It’s been a long time since we’ve had one of these sorts of overreactions.”

No it isn’t. It is happening every day. And will continue as long fear is use to control people or until people learn.

higgs Boson July 29, 2021 8:16 AM

Good grief. “…everyone who had their settings configured to receive unsolicited photos from strangers”. There are actually people that stupid?

Clive Robinson July 29, 2021 8:16 AM

@ ALL,

Have you noticed how the travel writer “Suzanne Rowan Kelleher” trys to stir it up from a nothingburger story to an “OMG they are going to XXX us all” story with,

1, “someone was airdropping inappropriate pictures
2, “Airsoft guns are so realistic that they can be easily mistaken for real guns”
3, “how the teen shared the alarming photo
4, “passenger who caused the disruption

Lets be honest here it was at worst a prank that due to the stupidity of Apple and it’s fanbois has been used for probably almoat as long as the teen has been alive for just exactly that “pranking”. The airline and others should know this at the very least ans think before leaping up and grabbing the “major incident response” folder from the shelf.

It realy begs the question if instead it had been a humorous hamster in an ovviously fake suicide vest would the aircraft have been stripped down to the last nut and bolt…

This sort of over reaction nonsense will carry on untill the idiots in charge suffer penalties for behaving the way they do…

If the airline had to say give each delayed passenger $1000/hour for the delay, you can bet ypur bottom dollar the situation would change rather rapidly back to the normality of a couple of decades ago.

That in turn would cause the likes of Apple to not be so idiotic either, with the result mobile phone security would probably improve… And so on down the supply chain.

Let’s be honest though in recent news certain “malware” on Apple phones due to crapy data format handling has been of intetest. Thus what is the betting the de-serialisation code that was being used for one, works just as well with air-drop?

I guess the real question people should be asking is,

“Why are we shooting ourselves in the foot with this crud almost every day one way or another?”.

And no I don’t blaim the teenager. Why, well for god alone knows how long teens have suffered from poor impulse control it goes with the transition from six year old school playground psychopath to fairly normal twenty something adult it’s just the way nature makes us…

Etienne July 29, 2021 9:26 AM

Truth be told, those with Open Airdrop should have been taken-in and interrogated, to find out why they need that capability, and are obviously threats to public order (antifa, blm, etc).

me July 29, 2021 9:41 AM

makes me think about the xkcd comic where a passenger say “hi jack” and people panic and he say “i learned that you can’t say some things on a plane”
unfortunatly i can’t find it anymore

CallMeLateForSupper July 29, 2021 10:16 AM

@me That takes me back to the late 60’s. A fellow “wearer of the green” (hat tip to Clive) got great pleasure from replying to every “Hi, Jack” with “To Cuba??” Got very old, very fast. I resorted to always using his given name, John, to nip the tired joke.

Impossibly Stupid July 29, 2021 10:32 AM

@Clive Robinson

due to the stupidity of Apple and it’s fanbois

Now who’s trying to “stir it up”? You undermine your own position when you engage in ad hominem attacks like that. The fact is, this was just another social engineering attack, not unlike swatting. I seem to recall a past incident where someone used a name for their WiFi hotspot that was considered threatening. There are countless other ways for jerks to be jerks on planes that have nothing to do with AirDrop or Apple in any way that makes it, according to the article author, “the most alarming aspect of this incident”.

This sort of over reaction nonsense will carry on untill the idiots in charge suffer penalties for behaving the way they do?

Why single out those people? Yes, they overreacted, but can we only come to that conclusion in hindsight or would it have been easy to determine in the moment? The same question is at the heart of the swatting problem. The article doesn’t go into detail on how the incident escalated, but how about you propose a procedure for them to follow that allows them to safely handle both this scenario as well as the “real” scenario where one or more armed passenger are planning to hijack the plane. I mean, it’s not like the crew can just calmly get on the intercom and announce to the whole plane, “Hey, we’ve got some pictures of guns getting sent around the plane; who can tell us what that’s all about?”

And no I don’t blaim the teenager.

Unless there’s something significant that the story doesn’t cover, the main fault here does lie with the teen. Charged with a crime or not, he should not be expecting to fly for a good long time. Nor should anybody who screws around like that on a plane. Yes, young and stupid go together, but that doesn’t mean you’re free from the consequences of your actions.

Aaron July 29, 2021 10:47 AM

Once again, technology baffles law enforcement and they try to apply aging legal standards to what amounts to nothing more then a prank. The action, not the consent is the issue; especially considering it is an image that does not contain nudity or violence, and inanimate object is just that. There were no words or threats written on the image. Thus the issue is that a file was shared and people didn’t know what to do when they received a file they did not ask for. Which at the lowest level is the same thing as getting spam in your inbox, snail mail spam in your mailbox or a leaflet on your car window. Do people freak out when they get a leaflet on their car for the upcoming gun show?

Clive Robinson July 29, 2021 11:32 AM

@ Impossibly Stupid

The fact is, this was just another social engineering attack

No evidence of that statment at all, the teen just broadcast, the fact others left their “Apple door” wide open to “all comers” was entirely their own fault not the teens.

So your,

You undermine your own position when you engage in ad hominem attacks like that.

Looks misplaced at best, but it actually gets worse…

Hence why I said,

“due to the stupidity of Apple and it’s fanbois”

Do you actually know how much crap Apple enables effectively by default, just because some idiot developer or marketer thinks it’s a good idea to be “all things to all people”?

How about this little bit of fun?

https://m.youtube.com/watch?v=qepqzVtJRYI

They demo posting an air-tag and watch it’s progress through a geographical area as Apple device after Apple device relays the tags bluetooth signal back across the cellular network…

But how many Apple users know you can actually use those “air-tags” to track an Apple phone user without their knowledge, not many I’m sure Which is why I won’t go into the details of how to do it, but it’s not at all difficult.

But also ask yourself an important question “How do the NSO’s Pegasus spyware Zero-Click attacks work?”

You will realise that the most likely cause is Apple puting in way too much in the wrong way. Thus making a bypass around the more traditional security mechanisms simply because of increased but unnecessary utility to users provided “transparantly”…

echo July 29, 2021 12:16 PM

@Clive

Have you noticed how the travel writer “Suzanne Rowan Kelleher” trys to stir it up from a nothingburger story to an “OMG they are going to XXX us all” story with,

1, “someone was airdropping inappropriate pictures”
2, “Airsoft guns are so realistic that they can be easily mistaken for real guns”
3, “how the teen shared the alarming photo”
4, “passenger who caused the disruption”

Lets be honest here it was at worst a prank that due to the stupidity of Apple and it’s fanbois has been used for probably almoat as long as the teen has been alive for just exactly that “pranking”. The airline and others should know this at the very least ans think before leaping up and grabbing the “major incident response” folder from the shelf.

Fundamentally this is about two forms of extreme gendered behaviour. You’re also missing the philsophical difference between a shared joke and a malicious joke. The media by and large don’t really get these topics “in the round”.

Was enforcement an over-reaction? Yes and no, and you have to take a step back and seperate the risk analysis from hindsight.

Very few people are qualified to discuss any of these topics and few are qualified to discuss all of these topics all at the same time. I cannot off the top of my head think of anyone and I follow all three topics closely including reading reference books ad academic papers and policy documents.

I don’t have a citation to hand but it is a truism in martial arts that amateurs over-react. This is why the law treats an expert and a none expert differently. Experts have fewer excuses… It is also true in bureaucratic systems and true in situations involving discrimination. Lack of expertise and training leads to bad decisions and polarisation and swings from one extreme to another.

At an operational level policy to a large degree is a codification of views and by and large excellent only in theory and more a backstop for stupidity. The reason is organisations only have so many resources and cannot train everyone to a high level of expertise in all subjects even if they had the aptitude. This is also why our brains take shortcuts otherwise we would freeze and be unable to function because the processing load is simply too high.

You were beating up “coders” again the other day. I’d rather you didn’t. It is extremely irritating and conceals more than it reveals. I also notice in your first paragraph you picked on “the travel writer “Suzanne Rowan Kelleher””. Yes she has a role in this affair and yes she has responsibility but my radar is twitching with the suspicion you have a “woman problem” while glossing over the jerk teenager with “boys will be boys”.

There is much more to this simple case study than what appears on the surface which is why it is essential to step back and look at things “in the round”.

@Impossibly Stupid

Reading through your response later I agree with all your points.

Steve July 29, 2021 1:12 PM

I’m not so sure this was an overreaction.

I think the principle of “Chekhov’s Rifle” applies:

If in the first act you have hung a pistol on the wall, then in the following one it should be fired. Otherwise don’t put it there.

lurker July 29, 2021 1:27 PM

@Etienne

…those with Open Airdrop should have been taken-in and interrogated, to find out why they need that capability…

@All:
Who has recently had the pain of sanitising a brand new iPhone, or android device? I’m with @Clive here, Apple, and Google’s elves, leave these things open, just because…

These devices are intended for playful teenagers, not for olds like us. There is no longer a printed manual in the box explaining what each function button does. You can’t even download a pdf for that. And with each major point revision of the OS the settings get moved around to more obscure and unrelated places.

Is there any chance the Board of Apple could get a flying ban for this?

CMYK July 29, 2021 1:36 PM

It might be getting used for smuggling data as we speak, think about a courier that lives only in your memory.

On a lower level the same mechanism that implements airdrop could determine environmental saturation of apple devices or more loosely population density through 802.11 listening and bt.

It would explain the explosion of these legal malware groups and all sides keeping it hush hush.

As we speak people will sell you out for a vaccine some anti integrase or a tank full of oxygen.

State secrets could be being moved rather quickly with such a profound hole if clove is ept.

We just don’t know, it’s the reality of the game while we may surmise new attacks new technologies old habits might be making for some very very very fast natanz style worms.

CMYK July 29, 2021 1:42 PM

@ square

He also said “civilized.”

@ moderator, all

by == bt = bluetooth

Google is interdictionarying again.

JonKnowsNothing July 29, 2021 6:08 PM

@ kiwano • July 29, 2021 2:14 PM

re: using a burner phone

Your list

  1. next time use a burner phone
  2. only handle it with gloves
  3. use it from the plane’s lavatory
  4. once you’ve sent the pictures, leave the phone there

Is a bit short of the mark.

You need to completely and totally destroy the phone and all the components to prevent or hope to prevent the phone from being of use. The metadata is already gone with whatever you sent so that’s not fixable. But you need to fix or destroy the physical device.

There are plenty of science papers about retrieving information from parts or portions of devices. Even something as simple as screen-burn can be used. The magnetic fields that are generated leave magic marks and there have been some science papers detailing how they use the strength of the magnetic field to determine what was there and what changed.

Making something unusable is pretty hard.

When the CIA left Iran during the end of the USA regime there, they also left a bazillion bags of shredded documents. The shredded documents were very tiny, and the shredded item was separated into multiple bags.

The CIA thought it was safe and they didn’t have time to burn it all.

It wasn’t safe.

They forgot about the determination of a horde of people doing puzzle work, a la Bletchley Park but a lot more people. Eventually they pieced together every diplomatic cable thought to have been beyond reconstruction.

To more thoroughly destroy a device, check the videos of when the GCHQ required The Guardian newspaper to destroy their file servers that had held the encrypted files provided by Snowden.

At the time I thought the GCHQ were just being berks, but they weren’t they were terrified.

Impossibly Stupid July 29, 2021 11:00 PM

@Clive Robinson

the teen just broadcast, the fact others left their “Apple door” wide open to “all comers” was entirely their own fault not the teens.

Again, this has almost nothing to do with Apple, because other technologies can and have been used to panic people on planes, as I pointed out. You also fail to address the parallels to swatting. Please stick to the basic points I have made rather than going off on yet another anti-Apple rant. You’re welcome to start your own blog if you can’t do Bruce the courtesy of staying on topic here.

@R-Squared

This is where cops are losing their lives, and nobody has any sympathy for them.

Yet another non sequitur rant. I never said anything about cops. But see how fast airlines stop wanting to do business with you when you pull this kind of nonsense on flights. Is having a civil society really such a big ask these days?

Clive Robinson July 29, 2021 11:33 PM

@ veracity,

Funny another new handle pops up and makes an asinine comment of,

your rants opposing echo…

Like you @echo made a ditrct personal attack without cause or reason, one assumes because you are incapable of doing otherwise.

That is you “attack the man” not the messahe, then get upset because you get treated the same way but come out the looser.

Do you wonder why you come out the looser? That is what it is in your personality that makes you so?

Others might be kind and tell you others may just laugh at you.

As for giving you a clue perhaps you should reflect on your own words,

Your comments contribute little at this point other than to throw a tantrum to rival Donald Trump’s

I suspect “Dear Donald” had rather mote style than you do, does that some how gaul you? Because it does say much about you.

But you go on with your failings with,

It’s time children were taught that every choice has a consequence (positive or negative).

You’ve made such a choice so time for the consequences of your rather out of date paternalistic view on human development. You realise it’s the same one that favours “beat the child till they obay” and similar conservative dogma that gets passed from parent to child down the generations along with that faux bonhomie of “Never did me any harm”…

And so we get down to the real nub of your issue,

Teens aren’t stupid and it is totally this teens fault and I hope he gets on the no-fly list for a long time

Oh dear so “milk of human kindness” not, I suggest you concentrate more on the message in the “New Testiment” rather than trying to be all “Old Testiment” because it realy does make you look not just silly but old school parochial vigilante building up your pointless ire to try and look more sanctimonious and bible thumping than others.

Tell me do you get urges to scream “burn the witch” or call on Gods damnation against all those you see as having slighted you who must therefore be sinners who will not repent or similar? Do you get those Walter Mitty dreams of being the omnipotent hero who people fail to see thus fail to revrence as is your due? Are your opinions ignored or blanked by others?

Guess what you “show the signs” or the “stigma” of having been treated with the rod not the understanding direction, and so another generation is cursed to fail.

echo July 30, 2021 12:14 AM

@Clive

I would suggest you leave the psychobable to others…

That and the rest of your comment is misdirection, Clive. Clearly, a weak spot and you’re hiding something.

Please do go and check every single line of my orginal post with an expert in each relevent subject then get back to me. Like I said before I’ve had QC’s gang up and mock me in the past only for a professor and PhD in the relevant subject to poke their nose in and say I’m right. I really don’t want to have to go back over every single post you’ve made over the past six months and throw your own words back in your face so stop picking on “coders”. You don’t know what you’re talking about. And yes I am taking it personally.

Rote learned engineering doesn’t change or doesn’t change very often. Other fields are constantly in flux within a history and context. There’s also a lot of known knowns and fairly basic stuff everyone should know but doesn’t.

@JonKnwsNothing

At the time I thought the GCHQ were just being berks, but they weren’t they were terrified.

That’s a fair comment. In my opinion on reflection GCHQ were being berks but like you say the Pandora’s box was a thing.

I have my suspicions GCHQ, and MI5 and SIS are berks going by their public comments on national security and foreign threats. There’s a whole lot of fast works and finger pointing which distracts from governance issues at home. The words “careerist” and “political” spring to mind.

Compare and contrast UK security services alarmist public statements over the past few years and ore recent public statements over the past few months. These “dozens” of disrupted terrorist plots where we’re all supposed to go into “duck and roll” mode turned out to be mostly duds, they let slip. There’s also the curious lack of taking a position on the far right threat while we have the most extremist and human rights abusing government in living memory. I just find things don’t add up.

Reading things six months or 2-3 years or more apart is different from reading something at the same time and comparing them. You begin to catch them saying “something” then and “something not the same” now. You begin to catch the exaggerating, the misdirection, claims of “something must be done” and curious inaction. It’s all “terribly British”, don’tcha know. Back in the day you couldn’t do this as newspapers found their way to the bin and video tapes were reused and memories faded but it’s all out there now. All online. All searchable.

https://www.theguardian.com/uk-news/2021/jul/30/mps-rebuke-police-for-systemic-failure-to-improve-record-on-race

MPs rebuke police for ‘systemic failure’ to improve record on race.

Failings have led to ‘unjustified inequalities’, says landmark report that finds little progress in 22 years since Macpherson

[…]

The report notes: “Those we heard from in London expressed strong sentiments of anger and frustration towards the police, particularly about the way in which they felt police officers did not treat them fairly or with respect, and also expressed the lack of confidence they had that the police would keep them safe.”

Like the police I wonder if the security services have governance issues and blind spots.

Clive Robinson July 30, 2021 2:30 AM

@ Errm,

Upton Sinclair?

He was once fairly well known, and others here do mention him from time to time.

Back in the 1930’s he stood for political office in the mistaken belief that humans could follow some form of “enlightend self interest” thus “vote rationally”…

Like others before and since, he was quite shocked about what he found.

He made several onservations about life and peoples motivations, one of the more famous is,

“It is difficult to get a man to understand something when his salary depends upon his not understanding it.”

The issue at the heart of this particular story is Apple have a function they designed in because they could, that leaves a users device open to “open broadcasts”.

It’s a function that has been around for a while and is frequently used for making “pranks” by teenagers and younger. You would expect that after so long and so many “kids” knowing about it the relevant parts of the security industry would be aware of it as well thus would take it into their thinking.

But… Do they behave “rationally”? Err no. Do they work in a “minimal harm fasion”? Err no…

What do they actually do?

Well they dive off at the deep end spend unknown amounts of money put scare stories out and well act in a way that also suggests the Upton Sinclair observation might be part of their reasoning…

It must be two decades now since our host @Bruce coined the expression “Security Theatre” to cover such behaviours… Yet here we are half a working life time later and the situation is getting worse not better. Worse some people actually take such strange behaviours as being the “only true rational behaviour” as gospel… It’s actually known as “Authoritarian Follower” thinking and is highly prevelent in certain personality types.

Look at it this way, if you see an elephant heading your way, as a small creature what’s your best option,

1, Get well out of the way?

2, Hide under a rock the elephant can eaaly stand on and crush down into the soil?

We appear to be heading for the rocks, not just when an elephant actually comes distantly into view, but when some one hints that elephants exist…

But saying “Hey we realy should be reviewing this behaviour” causes some to have a fit of the vapours, you thus have to ask why that might be?

Is it some kind of cognative inability on their behalf or something else like their salary, status, power base, or religious equivalent…

Robin July 30, 2021 5:25 AM

While I’m sure the airlines hate this kind of tomfoolery because it screws up all their nice logistic spreadsheets, they probably take a bit of quiet satisfaction that every now and again a story goes viral that shows the consequences of making unthinking, or stupid, ‘jokes’. Keeps it in everybody’s minds and gives the staff an opportunity to practice their reactions in real time, and the disruption isn’t even their fault (or at least that’s how it can be portrayed).

Impossibly Stupid July 30, 2021 10:41 AM

@Clive Robinson

Oh dear god, are you actually listening to yourself?

More to the point, are you actually listening to anyone other than yourself here? You seem to pontificate quite a lot, often going off on wild tangents, but avoid addressing the hard issues you don’t have a pat answer for. I maintain that such behavior is disrespectful to Bruce, and it really undermines any of the good points you’ve made.

The issue at the heart of this particular story is Apple . . .

No. As I have pointed out, such “off-label” uses of technology are not in any way limited to Apple. The heart is exactly what I said had you not been so dismissive: a social engineering attack. To get the same reaction, you don’t even need to employ technology at all. Write a paper note with a “Hijack Checklist” half filled out and drop it on your seat when you go to the bathroom. Or jump up in the middle of the flight and scream “I’ve got a gun and I’m going to start killing people if we don’t land in Cuba!” Ha ha ha, oh my, what a funny prank you’ve pulled!

You have yet to say what the crew of the plane should have done regarding this incident. Until people do that, I’m not going to label the security approach as an overreaction. I will again draw parallels with swatting, which I do argue is an overreaction because it would be relatively easy for police to gather more information on the situation before they go in with guns blazing. It is not obvious to me that a flight crew would be able to do that, especially when technology is involved. Show me what I’m missing. Concentrate on being productive in your comments.

JonKnowsNothing July 30, 2021 12:53 PM

@echo

re
@JonKnwsNothing: At the time I thought the GCHQ were just being berks, but they weren’t they were terrified.

@echo: In my opinion on reflection GCHQ were being berks but like you say the Pandora’s box was a thing.

I just want to make sure you understand which part of Pandora’s Box I was referring to.

  • It was NOT the documents or revelations about the slimier side of what the GCHQ does. Those were actually well known. What we did not have was “proofs”. The Snowden documents provided proofs.
  • The Pandora’s Box was the Residual Images left in the hardware on the file server even after The Guardian had deleted the files in the presence of the GCHQ. (1)

The residual images are easily recovered from hard drives. There are public services you can send a hard drive to have data recovered. Generally these are failed drives with the family photo album on them but any drive will do.

The residual images traceable by electromagnetic wear on components on the motherboards as mentioned.

There was also the possibility of firmware hacks by other 3Letters (see NSA+Cisco) as data was unwound and read-reread-reread (see memory cache hacks).

That someday the file server would be decommissioned by the newspaper and end up on the open market for used equipment and fully accessible to anyone with time, materials, and money to extract the last bits of information.

That someday the cache encryption would be cracked, hacked or divulged.

Knowing that to read the enclosed documents they had to have been readable in an Open Format (~plain text access) and those residual images were on the server components too. The newspapers likely read a good deal of the archive but used only a small fraction in publication. The parts they read but did not use were like the marks left wearing sunglasses while getting a sunburn-tan.

It was a Pandora’s Box indeed.

And now we know the exact same thing happens with all our old discarded electronic devices. If they were not mulched; they are vulnerable to a new battery and a few alligator clips.

===

1,

The Guardian also notified the GCHQ that other copies of the files existed in other jurisdictions. Several repositories held the full archive and were well known newspapers. Partial or selected portions of the archive were distributed to newspapers where the contents were specific to that location.

In recent time, some of the holders of the original Snowden encrypted files have destroyed their copies on the basis that the vast archive is “Of No Interest”. Primarily the remaining unpublished documents are too technical or too sensitive to be made public. Plus a bit of push and shoving from 3LetterFriends.

Clive Robinson July 30, 2021 1:56 PM

@ Impossibly Stupid,

More to the point, are you actually listening to anyone other than yourself here?

Well I’m obviously not listening to your unreasonable demands, and irrelevant ego food issues which have made you look rather more than “Impossibly Stupid”.

But as you obviously do not have the capacity to understand that and insist on flaunting such ill considered behaviours let’s go through just a little b of it and show you what you actually are.

The central point behind the story is as our host @Bruce said in his first paragraph,

“A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane — still at the gate — was evacuated and searched.”

That is,

1, A teenager used a defect in the way an Apple product AirDrop works,
2, to send a photo of an airsoft pellet gun to a whole group of passengers using Apple products,
3, because they had the virtually undocumented by Apple settings on their Apple phone incorrectly set
4, A product that Apple and it’s staff could have fixed or correctly documented years ago but deliberately chose not to do so.

So, not an Android App, running on Googles Android OS, or any other mobile phone OS, running on some other manufactures mobile phone hardware etc, Apple’s products from start to finish.

That is,
1, an Apple approved Application,
2, running on an Apple OS
3, on Apple hardware,
4, in an insecure way

All because Apple and it’s employees decided that’s the way it should work….

And I surmised not unreasonably,

“Lets be honest here it was at worst a prank that due to the stupidity of Apple and it’s fanbois has been used for probably almoat as long as the teen has been alive for just exactly that “pranking”.”

You however became incandescent with “white rage” and went into attack mode to defend Apple’s cupidity for some reason.

So you took the position this is nothing what so ever to do with Apple, it’s approved application running on Apple’s OS and Apple’s Hardware. But something on the surface altogether more spurious.

Do you realise just how silly that makes you look just on it’s own?

You further also take the position that our host despite mentioning what happened in the first of only two paragraphs some how does not want people to mention these very same facts…

Can you see just how much more stupid your behaviour actually is beginning to look?

Especially when you demand,

stick to the basic points I have made rather than going off on yet another anti-Apple rant.

And then put words in our hosts mouth without his permission with,

You’re welcome to start your own blog if you can’t do Bruce the courtesy of staying on topic here.

Well I’ve news for you I was very very much on topic with the central content of the first of our hosts only two paragraphs…

But you still insist despite all indicators to the contrary,

I maintain that such behavior is disrespectful to Bruce

As well as,

Again, this has almost nothing to do with Apple,

Realy, you actually seriously believe that or are you just a very poor liar or self deluded?

Especially when it could not have happened any other way than it did without Apples App, OS, Hardware and deficient documentation and settings…

You seriously expect people to believe you realy are that well, how do you want people to put it?

But you also more or less ignored my main points about the “security theatre” asspects of the story and how it was very obviously being blow out of sensible proportion that would have been used a little over twenty years ago. I’m sure some people are wondering why?

Instead you take a further idiotic approach and “dog pile” with the “Authoritarian follower” thinking with this little gem of nonsense,

“but how about you propose a procedure for them to follow that allows them to safely handle both this scenario as well as the “real” scenario where one or more armed passenger are planning to hijack the plane”

Have you not traveled on a plane in the last decade and a half?

If you can get a gun into the passanger compartment of a modern pasanger aircraft at a major US airport, and have a workable plan for a hijack then you’ve no need to send a photo of a gun to half a dozen random individuals…

You clearly are not thinking at all logically or about “real scenarios” just fantasy world,security theatre…

I can think of a great many other scenarios that are both technically feasable and accomplishable by just one or two people thus realistically achievable under certain reasonable constraints, but for obvious reasons I’ve mentioned in the past I’m not going to just talk about them.

But you realy should be asking why would anyone who has any knowledge in such areas pander to your Authoritarian Follower, Security Theartre fantasy scenarios?

The real answer is they would not and you should know that, which begs the question of what you are realy upto…

I think most by this point have realised you have some realy petty grudge and are looking for any excuse no matter how stupid it actually makes you look to try and “even up the score” or how ever you look at it in your head…

I suspect if people look back on this blog they will find other examples of such petty behaviour from you, where you feel you have been slighted or disrespected or some such.

I’ll let you wallow in your self created pit of you’ve chose to put on display for all to see and thus judge you by. Because, I’ve other things that are way more relavant to the subjects on this blog than your oh so odd proclivities. Thus I will do what I have for some time now and ignore you. Why because you are mostly not relevant, unless you are daft enough to start this sort of nonsense of yours yet again.

But one thing as you’ve been daft enough to try it as a gambit,

“but how about you propose a procedure for them to follow that allows them to safely handle both this scenario as well as the “real” scenario where one or more armed passenger are planning to hijack the plane”

Why don’t you put your money where your mouth is and deliver your “proposed procedure”, after all you’ve had enough time to think on it since you raised it, it should not take you more than a few minutes to type it up here for all to review and comment on.

Garabaldi August 1, 2021 10:54 AM

@Clive

What is the defect in Airdrop you keep talking about? Being able to receive images from a random person?

That is not a defect. Random people can walk up to me and start talking. That is not a defect in my ears. They can hand me pamphlets. That is not a defect in my eyes.

I know there are people who think I should not be able to receive “unapproved” information. But these are not good people.

Impossibly Stupid August 1, 2021 12:08 PM

@Clive Robinson

But as you obviously do not have the capacity to understand that and insist on flaunting such ill considered behaviours let’s go through just a little b of it and show you what you actually are.

You really should take more care in how you communicate, Clive, because you may find you reveal yourself to be exactly what you accuse others of being. Projection is a very real thing.

The central point behind the story

You yourself called out the author for sensationalizing the incident. To the extent that you and Bruce (and others) want to call it an overreaction, eliminating AirDrop does not materially change that story. If you actually take a step back and think beyond your apparent hatred of all things Apple, you’d see that.

used a defect . . . virtually undocumented . . . incorrectly set

No. The software was operating as intended, and appears to be quite well documented on the Apple devices I have access to. You may not like that feature, and I would agree, from a security standpoint it was a questionable design choice. But it is hardly the most egregious example where a technological convenience has been misused.

a photo of an airsoft pellet gun

This is a silly distinction. I have not seen the photo, but I do know that toy guns like that are often made to look real. Regardless, you have yet to describe what the proper reaction should have been for both passengers and flight crew in the moment.

So, not an Android App, running on Googles Android OS, or any other mobile phone OS, running on some other manufactures mobile phone hardware etc, Apple’s products from start to finish.

But that has nothing to do with the “overraction”. I have given you multiple examples of how to elicit a threat response on a plane when there is no real threat. I already mentioned the WiFi hotspot naming problem. I could probably get a lot of people to accept a Bluetooth file transfer, too. So make up your mind on what the real problem is. If it’s Apple, if you really think these problems would stop simply by banning their products from planes, say so. But if you want to claim that the overreaction is the problem, then you need to say what procedures the people on the plane should follow to be able to distinguish a real threat from a false threat and act appropriately then and there.

You however became incandescent with “white rage” and went into attack mode to defend Apple’s cupidity for some reason.

On the contrary. I’m being quite calm and rational on this side of the screen. If you’re seeing rage and attacks, you need to examine your own behaviors. My point remains that you don’t solve the “overreaction” problem if you can’t get out of the “Apple” weeds.

Do you realise just how silly that makes you look just on it’s own?

More of that ol’ time projection. You do not wear it well.

Especially when it could not have happened any other way than it did without Apples App, OS, Hardware and deficient documentation and settings?

Again, similar things have been happening for years:

If you can get a gun into the passanger compartment of a modern pasanger aircraft at a major US airport, and have a workable plan for a hijack then you’ve no need to send a photo of a gun to half a dozen random individuals?

Your thinking remains short sighted. It has nothing to do with the “need” of the attacker. It’s about the need for people on the plane to feel safe when something like this occurs. You have yet to say what the right reaction should have been. Because it sounds an awful lot like you’re saying that people should be able to pull all kinds of gun “pranks” during a flight, and everyone else should be OK with that. If you really do believe that, I encourage you to be the one who jokes around that way every time you fly.

You clearly are not thinking at all logically or about “real scenarios” just fantasy world,security theatre…

You’ve again got it backwards. We have this real scenario right here, and you’re doing everything you can to avoid saying what you think is the proper reaction. You’re more concerned with anti-Apple rants than applying any logic of your own.

I think most by this point have realised you have some realy petty grudge and are looking for any excuse no matter how stupid it actually makes you look to try and “even up the score” or how ever you look at it in your head?

People see my petty grudge? You keep playing the hits, Clive.

Why don’t you put your money where your mouth is and deliver your “proposed procedure”, after all you’ve had enough time to think on it since you raised it, it should not take you more than a few minutes to type it up here for all to review and comment on.

But I am not the one claiming it was an overreaction! Since that is your argument, that is your burden to demonstrate. I have already stated that it is not at all obvious to me what they should have done. I assume the passengers and crew are not technology experts. I have no idea how they could have even identified the sender of the photo. You want to act like you’re so much wiser, but you’ve done nothing to show that here.

Clive Robinson August 1, 2021 12:14 PM

@ Garabaldi,

That is not a defect.

Oh yes?

How about when sending you a random image, they in fact activate a zero/no-click malware attack, as has happened with MMS images in the past, is very probably happening right now with NTO or similar, and almost certainly will be happening in the future unless we take steps to stop it…

That is, to use your examplers, a stranger walking up, behind you slipping there hand in your pocket taking out your wallet or diary/phone book and emptying them into their pocket and walking away with the lot to do with as they please…

But of course these can only be “good people” because according to you,

I know there are people who think I should not be able to receive “unapproved” information. But these are not good people.

That “unapproved” is better called malware.

Hope you do not get to badly hurt when your number comes up…

AlmostCaught August 1, 2021 12:25 PM

@Impossibly Stupid

Can you just please explain how one can hijack a plane with a picture of a gun (let’s assume a real gun rather than a toy)? All of the bickering around this point is exhausting.

Jason Riddell August 1, 2021 1:08 PM

this “attack” has nothing to do with APPLE / the users with “open” airdrop security settings
but classis “BOMB” call in prank using NEW TECH
and for “security theatre”
“A” yes it is BUT
“B” but HOW do you propose we as a society actually deal with it – pretend it is a prank and send the plane away while we silently investigate and hope the plane gets to its next destination and NOT CUBA

JonKnowsNothing August 1, 2021 1:15 PM

@Garabaldi

re

What is the defect in Airdrop you keep talking about? Being able to receive images from a random person?

That is not a defect. Random people can walk up to me and start talking. That is not a defect in my ears. They can hand me pamphlets. That is not a defect in my eyes.

When someone walks up to you on the street and starts talking to you…

Consider:

  • Why are you talking to a complete stranger?
  • On what topic are you talking?
  • Why would you allow someone to interfere with your activity?

Strangers you do need to talk to:

  • A member of Law Enforcement
  • An official with duties such as guiding you to the next checkout stand
  • A person asking if you are well or in need of assistance
  • An UberDrone asking for your destination

In each case you have a choice about engaging in the exchange. If you determine that the exchange is not of interest or benefit to you, you don’t have to talk at all.

In the USA, even when confronted by Law Enforcement you are Not Required to say anything at all. Captured military persons used to just give Name, Rank, Serial Number. No chit chat required.

Consider the distribution of pamphlets (of all types)

A person walks up to you and hands you something.

  • You have to put your own hand out, or provide a receptacle to hold it (like a shopping bag). If you do not, the pamphlet falls on the ground.
  • You put your hand out expecting to see an information paper and get a summons instead. The person was a Process Server and you automagically accepted the document. It’s not uncommonly done, that and throwing the document directly at you because most folks have a reflex action to catch it. Once in fist Next in Court.

You have some choice as to whether you take the pamphlet or not.

Consider the topic of the pamphlet

  • You might look at it and decide it is useful and keep it
  • You might look at it and decide it is not useful and discard it (often this means dropping it on the ground which can be an illegal activity)
  • You might take it home to look at it at a later time

In each case you have taken into your possession a document who’s origins you do not know, the contents of which you do not know, the provenance of the document you do not know.

In some jurisdictions having physical possession is enough to bring serious legal charges, even if you never look at it, or read it, or considered the topic and would not even have the slightest bit of interest should someone tell you the topic.

Having someone airdrop anything to you without your direct knowledge and permission is not the same as meeting a random person on the street getting a pamphlet about a discount sale at a nearby store.

Apple hides many settings and does not fully identify how and why many settings work. Apple decides the interface, the layout, the menu trees, the order of information.

Users have no control over how Apple defines the system, but they are responsible for the results just the same.

Consider:

  • How many steps does it take on an iPhone to Turn Off/On Airdrop?
  • How many steps does it take on an iPhone to Block Unwanted Callers?

Hint: It’s more than 2 and less than 100.

===

ht tps://www.theguardian.com/uk-news/2021/jun/16/black-met-police-chief-wins-her-job-back-after-tribunal-says-sacking-was-unfair

  • How an never viewed image, that is defined by law to be illegal and the possession of which, whether viewed or not, is punishable by criminal conviction, led to the incorrect conviction of a dedicated and decorated member of UK Law Enforcement.

(url fractured to prevent autorun)

Jon August 1, 2021 1:59 PM

@ All

On why you don’t want strangers ‘Airdropping’ you pictures:

In the USA, and several other countries, the mere possession of images of child pornography is a crime. Once a picture like that is dropped onto your phone, you’re guilty, probably of a felony.

Doesn’t matter how you got it, or if you meant to get it, or immediately deleted it, merely having it is the crime.

Yes, that means you can “frame” (not really framing – they’re actually guilty, as the laws are written and enforced!) someone by sending them pictures like that. So… you should probably avoid allowing random people to send you pictures, especially in crowded areas with a distinct lack of ways to identify who sent it.

Previously, JonKnowsNothing referred to a pamphlet, and to a certain degree the same thing applies. You can claim you never opened it and it’s not yours, but the policeman who was carefully watching while you threw it away may not believe you (or deliberately misconstrue your actions).

At least then you might have some idea who gave it to you.

J.

JonKnowsNothing August 1, 2021 3:34 PM

@All, @Jon

re: Items of Guaranteed Bother…

Once Tech and the War-of-the-Day connected, an entire assortment of Items of Guaranteed Bother showed up in lists and in courts.

Many times, the release of the topic by the media was enough to get a Bother Visitor both for the media and anyone who “looked”.

Sometimes, just visiting a website will get you on the Forever Bother List.

Such lists are secret, not viewable, not check-able, not verified, not even detailed to the person, their legal representatives, or courts (including judges). All that’s needed is an “assertion” the person is “on the list”. No challenge maybe entered and no details of where, why and how the list was created, or where the listing is distributed.

Just plain old curiosity can get you on such a listing.

iirc(badly)

A well known US Senator Ted Kennedy used to fly to Washington DC from a Boston Mass airport. Every time he got on a plane, he was called out of line for one of those “intimate” inspections.

The primary reason was his name was On The List. It is common to use other peoples handles to create such conditions. (1)

He had an Official Paper from Official Persons that Officially the Senator was NOT the Person Named on the List .

Sometimes it helped, and sometimes it didn’t.

A similar situation for Hollywood Royalty happened

An extremely well known US Media person, journalist, reporter and TV presenter, had many such encounters. Often trying to fly from point A to point B, the presenter was Called Out, and given the “Not Warm Welcome” by Airport and Federal Law Enforcement.

When the situation escalated to the absurd, the person made it know to the public.

After that, the harassment may have stopped or maybe it didn’t.

A Stanford U Professor got On The List via an incorrect Check Box Mark by the FBI.

A Stanford U Professor found out they were On the List, after attending a conference outside the USA, at the request of Stanford Officials to represent the University at the conference.

The conference was by all accounts a success; when the professor boarded the plane to return to the USA, the Airport and International Law Enforcement held the plane, boarded the plane and removed the person into custody.

It took many years, many court proceedings, and years of forced exile, to find out why the professor was On the List. No one was allowed to see the list or the document that proposed the person be put on the list, not even the judges.

After lengthy proceedings and years of legal wrangling, the FBI finally produced the source document and the source lines from that document that were the basis of the person being On the List. More years and more wrangling and at last the FBI produced the Agent that created the original list.

When the FBI Agent was shown the list and the check mark the response was

* Well, that’s an error. It should not be checked.
* No one ever asked me or told me there was a problem or I would have fixed it.

The professor was still On The List as the FBI found another check box (undisclosed) that they could use to block them from returning to the USA.

Stanford was gracious about allowing the professor to finish their PhD Thesis while in exile.

Stanford has never accounted for why they asked the Professor to travel out of the country on the University’s behalf in the first place. During the years of interactions, it was clear that some connection between Stanford Officials and the On the List Maintainers existed.

Perhaps the Professor got off the list, perhaps not.

  • Some things never change, then again, some things do change.
    Matrix.

===

ht tps://en.wikipedia.org/wiki/Ted_Kennedy

ht tps://en.wikipedia.org/wiki/Barbara_Walters

1, Re-using another persons posting handle for similar purposes is common on this blog too.

(url fractured to prevent autorun)

Clive Robinson August 2, 2021 3:28 AM

@ Jason Riddell,

As you note of anothers comment,

this “attack” has nothing to do with APPLE / the users with “open” airdrop security settings but classis “BOMB” call in prank using NEW TECH
and for “security theatre”

“A” yes it is BUT

You are going from the specifics of the particular case documented here to the general method/mode, which as I noted long predates the “technology”. It is the known behaviour of small boys and teenagers on mountains “calling wolf” (hence my comment about not blaiming the youth for what in effect evolution has done to them).

My point of interest was what the “travel writter” and presumably their editor were upto which was deliberatly using “emotive words” which I highlighted to perpetuate a situation that favours certain persons –authoritarian followers and those– who transfere vast quantities of tax payer money into their pockets by the use of FUD.

Which brings us back to your point of,

“B” but HOW do you propose we as a society actually deal with it

Well “first recognise it for what it is” a “financial vehicle for the politically favourd few” then secondly survive publicising it for what it is…

But the next thing to do is evaluate what is currently in place and what it gets “us the taxpaying citizen” and if it is of value or not.

So Third examin the reprated claims of the DHS / TSA and others infront of congressional committees.

In essence they claim,

1, Passangers can not get a gun from land side to the passanger cabin because the TSA / DHS procedures that cost billions (before getting scrapped) prevented this.

2, Even if a Passenger had a gun got around the TSA / DHS proceadures it would not help them because of cockpit doors and other measures.

3, The TSA / DHS proceadures include an “armed response capability” from an Air Marshal and or lesser response from cabin crew.

That is the TSA / DHS have repeatedly assured US politicians, legislators and citizens that they have nrcessary and sufficient measures in place for a “gun in a passangers hand” to not be a threat.

So the question arises of,

Do you believe the TSA / DHS or not?

Because if you do believe them, then no action would be required other than tell those Apple device holders who had received the photos it was a prank, and they shoulr RTFM Apples documentation.

To claim that extra procedures are required says you think the TSA / DHS have lied to US politicians, US legislators, US Citizens etc. To not just misappropriate billions if not trillions of US tax payer dollars but also turn the USA and other places into very much more of Police States and Tyrannies by fraud, deception, lies and other significant malfeasance… Further that the travel writer and their editor were also complicit in these not just questionable but illegal activities…

But further consider this little bit of logic,

If you as a person who desire to commit harm by getting a gun into the passenger compartment, having worked out how to do it reliably why would you want to reduce the odds of your plans success by telling a dozen or so random passengers?

And before someone says “it’s all part of the plan” and wave there arms around… They would have to answer the question of how the attackers would know there would be even one let alone a dozen passengers who would have Apple devices with that Apple app not just installed but enabled in a way that would enable “Open broadcast” reception of such a picture…

Then they would have to explain how it would be essential to any plan that involved getting a gun into the passenger compartment…

By now most people should realise that the three hour delay was in effect nothing more than FUD spreading to perpetuate “Security Theartre”… It was way to short a time to eliminate all imaginable security threats and that realy should be the big clue to every one here, the authorities knew damn well it was not a threat of consequence even they were going to treat credibly… Just an excuse “for the boys to get out their toys” and run around looking macho, hogh five and have an excuse to bond after work over a beer or three…

Managment see it as an excuse to “run an excercise” with a bit more “realism” and to justify theier existance.

In times passed we used to call such FUD activities “Wallpapering your ass”.

If people want to take exception to this analysis, then they had better come up with credible not arm waving reasons as to why. Importantly including why the TSA and DHS have been lying like crazy and misappropriating vast quantaties of money and resources on at best “make work”.

Impossibly Stupid August 2, 2021 11:48 AM

@AlmostCaught

Can you just please explain how one can hijack a plane with a picture of a gun (let’s assume a real gun rather than a toy)?

Like Clive, you’re being intellectually dishonest. It’s not about the picture (and, again, it doesn’t matter if it was an actual gun or not because it was just a picture) or the technology, but about the uncertainty it represents. I mean, for all anyone knew at the time, they could have accidentally stumbled on the communications of hijackers in the act of coordinating their plan. That is why I continue to ask for, and have yet to receive, a good answer to the question of what the proper response should have been. Putting myself in the place of a passenger or cabin crew, I don’t know how the uncertainty could safely be resolved without escalating it as was done.

@Jason Riddell

hope the plane gets to its next destination and NOT CUBA

But, of course, we all know as a consequence of 9-11 that nobody should have the expectation that a hijack is about last-minute travel planning any longer. A threat on a plane is a threat to kill everyone onboard and as many other targets as possible, not a “boys will be boys” prank as others keep trying to insist.

@Clive Robinson

Do you believe the TSA / DHS or not?

I do not, nor do I necessarily believe your account of what they are saying. I’ve seen this a lot recently regarding COVID-19 messaging from the CDC et al. People misunderstand what they hear, and then pass along their editorialized memory as fact. They further compound their error by expecting the message to stay the same even when the threat profile changes.

I see no reason to believe that anyone in authority has guaranteed 100% safe travel. You need to back up that claim. They’re certainly doing everything they can think of to make travel safer, but it is intellectually dishonest for people to convince themselves that any measure of security can possibly negate all threats.

Imagine you have a bodyguard that guarantees your safety 100%. A man walks up to you and shows you a picture of a bullet with your name on it. Do you still feel 100% safe? And, come on, it was only a picture of a bullet! Surely you can just brush it off as a prank, right?

Which, again, is why the focus here needs to be on this as a social engineering attack. It does not matter how sure the powers that be are in their ability to keep people safe. If the people themselves are given reason to doubt their safety, fear-based actions will be taken, and you can bet that a number of them are going to be less than rational.

If you as a person who desire to commit harm by getting a gun into the passenger compartment, having worked out how to do it reliably why would you want to reduce the odds of your plans success by telling a dozen or so random passengers?

You’re showing limited thinking again. Maybe the disclosure was an accident. Or maybe the chaos from passengers and occupying the crew really is part of the plan. Even your “how the attackers would know” question makes assumptions that their plan couldn’t have multiple contingencies for ways to stir up the crowd. You are presuming to know what the hijacker’s plan is, which is exactly the kind of thinking that should have been put to rest almost 20 years ago when planes were turned into missiles.

Then they would have to explain how it would be essential to any plan that involved getting a gun into the passenger compartment?

No. You keep trying to put burdens on everyone else, but you refuse to simply answer the question of what the right thing to do is for the specific scenario that this story is about. Your deflection and hindsight on this matter serves no one.

It is not a prank until you can identify it as a prank. How do you do that safely without armchair quarterbacks on the Internet saying you’ve overreacted? The clock is ticking.

Clive Robinson August 2, 2021 1:13 PM

@ Impossibly Stupid,

Clive, you’re being intellectually dishonest.

Oh dear such a statment to make befote dripping into,

It’s not about the picture (and, again, it doesn’t matter if it was an actual gun or not because it was just a picture) or the technology, but about the uncertainty it represents. I mean, for all anyone knew at the time, they could have accidentally stumbled on the communications of hijackers in the act of coordinating their plan.

Talk about arm waving bull scat to try and look like you’ve got something meaningfull say…

Before dropping back into your peanut gallery behaviour of,

That is why I continue to ask for, and have yet to receive, a good answer to the question of what the proper response should have been.

You’ve basically nothing to say of relevance but you pretend that you do and thus demand others do work rather than you actually pull your thumb out of your bum and present something.

But rhe truth will out as they say, and so it comes to pass,

Putting myself in the place of a passenger or cabin crew, I don’t know how the uncertainty could safely be resolved without escalating it as was done.

How about you actually sit down and “think” rather than strut around pretending you are a “Security Theatre Critic” with,

But, of course, we all know as a consequence of 9-11 that nobody should have the expectation that a hijack is about last-minute travel planning any longer. A threat on a plane is a threat to kill everyone onboard

You can not have it both ways which is basically what you want as you think it makes you look knowledgable without you actually having to think, and actually make a choice on it and follow through on it.

But then you pull the same crap yet again,

I do not, nor do I necessarily believe your account of what they are saying. I’ve seen this a lot recently regarding COVID-19 messaging from the CDC et al. People misunderstand what they hear, and then pass along their editorialized memory as fact. They further compound their error by expecting the message to stay the same even when the threat profile changes.

You are waving your arms trundeling out meaningless nonsense you then immediatly give yourself an excuse for, and you think this makes you look profound or knowledgable but is in reality making you look dumber than a stump.

And again with the “but I demand you do what I will not do nonsense with,

You need to back up that claim

No how about you back up your psudo bull crap with actual facts and figures.

But why bother because we already know you’ve called it wrong with your,

A threat on a plane is a threat to kill everyone onboard and as many other targets as possible, not a “boys will be boys” prank as others keep trying to insist.

The reality is exactly the opposit of what you claim a “boys,wilk be boys prank”…

But you go on and say something you must realy be proud of,

It is not a prank until you can identify it as a prank.

Well change the word prank to any other word like attack and guess what it’s just as true.

Basically you just want to sit on the fence and pretend you are worldly wise when in fact all you want to do is criticise others because you don’t like them challenging your cherished beliefes about Apple Products no matter how valid they are which in this case they are.

Time for you to “man up” and climb out of the peanut gallery, put your money/reputation where your mouth is and stop making demands of others. Especially when you will not actually commit to anything yourself because you know you will be held up for what you actually are.

JonKnowsNothing August 2, 2021 1:56 PM

@All

re: Fake, Not Fake, Deep Fake

MSM report of fake video in circulation on some media sites in the last 2 weeks (~07 15 2021 – 07 31 2021).

Fake video purports to show Australian federal police boss plotting to overthrow government

A recording of a man claiming to be Reece Kershaw discussing plans to remove key members of the government has been circulating among conspiracy groups

Fakes can be just as deadly as the Real Thing. Some folks might believe a fake. We have lots of people on the planet who believe in fakes.

Some are in hospital and some went to Washington DC for vacation on Jan 6 2021 and will have a lot of bother for the rest of their lives all because of a fake.

In the USA, we have Sky Marshals on planes. They carry real guns and shoot dead real people. It’s not fake play dead. It’s real dead.

===

ht tps://www.theguardian.com/australia-news/2021/aug/02/fake-video-purports-to-show-australian-federal-police-boss-plotting-to-overthrow-government

ht tps://en.wikipedia.org/wiki/Sky_marshal

ht tps://en.wikipedia.org/wiki/Federal_Air_Marshal_Service

(url fractured to prevent autorun)

Garabaldi August 2, 2021 8:59 PM

@Clive

How about when sending you a random image, they in fact activate a zero/no-click malware attack, as has happened with MMS images in the past, is very probably happening right now with NTO or similar, and almost certainly will be happening in the future unless we take steps to stop it…

That’s not what happened here.

In some jurisdictions having physical possession is enough to bring serious legal charges, even if you never look at it, or read it, or considered the topic and would not even have the slightest bit of interest should someone tell you the topic.

Having someone airdrop anything to you without your direct knowledge and permission is not the same as meeting a random person on the street getting a pamphlet about a discount sale at a nearby store.

That’s a bug but it’s a bug in the legal system. It can’t be fixed by Apple.

Any communications channel can transmit any message (It might take a while). You can’t close all incoming channels. I can email, slip a message under a door, paint it on your fence, bury a thumb drive in your yard, stenographically encode it in posts at Schneier.com.

The last is low bandwidth so a frame could take a while. It would help if I posted a lot, perhaps with a lot of non-random typos to increase the bit rate.

Myrtle Green August 2, 2021 11:20 PM

It’s sad that a bear trap was left open for a child to walk into.

That’s all, speculation aside.

Clive Robinson August 3, 2021 1:07 AM

@ Garabaldi,

You claimed incorrectly,

What is the defect in Airdrop you keep talking about? Being able to receive images from a random person?

That is not a defect.

I gave you a real world example of what has, can and may well be used as a malware vector with sending pictures to people in the past.

From the point of view of this discussion and your incorrect assertion of “That is not a defect” it actually is very very definately a security defect wirgout question.

Something Apple and those who developed Air-drop should know even if you do not or chose not to admit it.

The fact it did not happen in this “prank” does not effect the fact that it is a very real threat vector against the likes of Apple’s Air-drop. Because it circumvents basic security requirments and alows the ibjection inside the security perimiter of known to be overly comolex files that have and still can be used as malware vector.

As for the other quote you give, I did not say it, please attribute it correctly to @JonKnowsNothing.

Also realise that whilst you might claim “it’s a bug in the legal system” your assertion It can’t be fixed by Apple.” is false.

Apple need not supply Air-drop

1, As a default APP.
2, Configured in an insecure way
3, Without documentatio of how to make it more secure.

These are not points you can argue “can’t be fixed by Apple”.

So the question arises why are you,

1, Deliberatly conflating two different peoples arguments.
2, Deliberatly pretending what is most definately Apple’s fault is not
3, Falsely claiming Apple can not fix the faults it created…

I’m sure “The People” want to know what Apple is setting them up for, but quite deliberately not fixing even though it has long been aware of the issues.

Impossibly Stupid August 3, 2021 10:55 AM

@Clive Robinson

How about you actually sit down and “think”

I have. Like I said, I see no obvious way to address the problem that wouldn’t escalate into some kind of similar “overreaction”. I assume everyone here is also thinking, including you. Yet no good solutions are forthcoming. In light of that, perhaps the assumption that it was an overreaction is unwarranted.

Well change the word prank to any other word like attack and guess what it’s just as true.

The difference being, of course, that assuming it’s not an attack when it is will potentially end up killing thousands of people. It’s like you learned nothing from 9-11. Just because there is a lot of security theater in the world doesn’t mean there aren’t any real threats and loads of uncertainty. It’s a simple enough request to ask what you would do in the same situation if you were on the plane as either passenger or flight crew.

Time for you to “man up” . . .

And countless other ad hominem attacks against me. I’m worried about you, Clive. This pandemic has been hard on a lot of people, in addition to any struggles they may otherwise be facing. But I’ve given you no cause to be so uncivil, and it is unfortunate that so few here are willing to call out your bad behavior. Please have an honest and open conversation with someone you trust about how you treat other people.

JonKnowsNothing August 3, 2021 10:14 PM

@All

re: Updated: Guaranteed Bother is Guaranteed

In a recent post I referenced an article about a decorated police officer of the UK Met Police force, who had been reinstated after finding that they had been improperly dismissed after an Un-Viewed Bother File was found on a device.

It seems that some folks are just unwilling to stop Bothering People and the UK Met Police are filing more objections to the Officer’s reinstatement.

It’s an old con game but used effectively against persons Not Wanted. Any criminal charge however minor, even jay walking (crossing the street outside of a painted cross walk), can be used to show “Criminal Behavior” which leads to “Failing the Test of Good Character”.

If the charges, even from decades earlier, are trivially minor, there are pathways to jack up the charges (enhancements) and add on New Charges. If enough add-ons can be tacked on, then the person Not Wanted can be Removed.

If the original charges are serious offenses then the Boot is much easier to Make Happen.

It is not uncommon to find this tactic used in cases intended exile/banish citizens. It is a bit rarer to find it being used by Cops against Cops.

  • It’s not over until the Person of Majestic Proportions warbles many octaves.

===

ht tps://www.schneier.com/blog/archives/2021/07/airdropped-gun-photo-causes-terrorist-scare.html/#comment-385197

  • previous post linked to the mentioned article. The article was dated June 16, 2021.

ht tps://www.theguardian.com/uk-news/2021/aug/03/met-police-seek-judicial-review-over-senior-black-officers-reinstatement

  • latest go round dated 08 03 2021

(url fractured to prevent autorun)

Clive Robinson August 4, 2021 6:18 AM

@ Impossibly Stupid,

And countless other ad hominem attacks against me.

When you stand in front of a fan and throw the brown stuff at it, you realy realy should expect to see some come back at you.

You were the one who “cast the first stone” I think others can see if you were without sin or not…

I suggest what ever the chip is you have on your shoulder you dump it, otherwise when you start things you will get things thrown back at you with a lot more accuracy and thus they will hit the target more often.

I’ve never objectedd to technical differences but when you start the ad hominem, what do you realy expect to happen?

AlmostCaught August 4, 2021 11:31 AM

Like Clive, you’re being intellectually dishonest. It’s not about the picture (and, again, it doesn’t matter if it was an actual gun or not because it was just a picture) or the technology, but about the uncertainty it represents. I mean, for all anyone knew at the time, they could have accidentally stumbled on the communications of hijackers in the act of coordinating their plan.

Honestly, if I was a passenger and I received a picture of a gun, a bomb, threatening text, etc., I’d just close it and not let anyone see or know while praying that anyone else that received the same content would do the same because the thought of having the travel being disrupted by overreaction of authorities would piss me off entirely.

The truth is that no actual terrorist action would involve sending images or text to other passengers. Period. And being held hostage by overreactions by foolish authorities is a much more likely threat than an actual terrorist event.

How we have allowed our systems to become so brittle is beyond me.

JonKnowsNothing August 4, 2021 1:29 PM

@AlmostCaught

re: Honestly, if I was a passenger and I received a picture of a gun, a bomb, threatening text, etc., I’d just close it and not let anyone see or know …

If you do that, you will be in a world of first class legal bother.

Once the image has made it to your device, its got the imprint there waiting to be extracted.

If you dump the device you can get more bother for doing so.

If you did report it you are going to be in a world of bother too. Depending on Who, How, Where, Time you report it you can be looking forward to sitting at one of the tables in court.

Which table is not strictly up to you…

MarkH August 4, 2021 4:23 PM

@JonKnowsNothing:

To my knowledge, no regular commenter here is qualified to dispense legal advice. Some attempts to “play lawyer” have yielded embarrassingly foolish claims completely unhinged from law as recognized by courts.

The above analysis seems to omit two substantial probabilities:

First, it’s more likely than not that nothing will happen at all.

Second, if there’s any consequence at all, it’s more likely than not that (a) it’s a stunt and (b) some well-meaning passenger reported it (as in the posted story). Have we any shred of evidence that the phones of other passengers were examined?

For the likely scenarios, the legal “bother” to a passenger behaving as AlmostCaught proposed?

Zero.

R-Squared August 4, 2021 4:39 PM

@ AlmostCaught

Honestly, if I was a passenger and I received a picture of a gun, a bomb, threatening text, etc., I’d just close it and not let anyone see or know while praying that anyone else that received the same content would do the same because the thought of having the travel being disrupted by overreaction of authorities would piss me off entirely.

@ JonKnowsNothing

If you do that, you will be in a world of first class legal bother.

Once the image has made it to your device, its got the imprint there waiting to be extracted.

Of course. It’s on your phone. You’re the suspect until proven otherwise. Call the cops, and tell them how crazy you are, and you need to be locked up for your own safety becaus there are pictures of Firearms or other weapons on your phone. Other than that, people don’t call the cops every time they receive spam emails or images for male enhancement pills from Canadian pharmacies, or Ukrainian mail order brides whatever, because that stuff is all 100% legal at airports, train stations, and bus stops.

JonKnowsNothing August 4, 2021 5:20 PM

@MarkH, @R-Squared, @All

re: IANAL and IANAMD and IANAP

You Betcha, I am none of the above. I know nothing.

@MarkH: For the likely scenarios, the legal “bother” to a passenger behaving as AlmostCaught proposed? Zero.

I recommend you read that article I posted on the update to the bother the Met Police Chief has encountered. Every article since the event occurred February 2018 has had some additional bits of information included. Particularly after the different court judgements.

The last tidbit was:

  • The illegal image was sent to 17 people on WhatsApp group
  • The poster was attempting to “notify someone to do something”
  • The Officer was convicted for “failure to report”

As the officer never opened the message it’s hard to understand how they could report it. The prosecution was able to find a method and the officer was convicted.

I’m sure one of those Official Legal Persons you referenced could explain it better. I surely cannot.

@R-Squared: because that stuff is all 100% legal at airports, train stations, and bus stops.

Stuff that is legal in some places may not be legal in others.

Somethings maybe legal in your home, some maybe legal in open public, some are not legal in specific environments.

Airports and Planes in the USA have very restricted definitions of What you can and Cannot do. Like you cannot get OFF the plane once you are ON the plane unless you are in custody of the police.

Transmitting images of cuddly bears in an airport might not get you any bother, transmitting images of a guns certainly qualified.

===

ht tps://en.wikipedia.org/wiki/IANAL

  • IANAL is a Usenet and chat abbreviation (initialism) for the expansion “I am not a lawyer”.
  • Variations of IANAL can be applied to different fields, such as IANAMD for “I am not a medical doctor” or IANAP for “I am not a physicist”.

MarkH August 4, 2021 6:14 PM

@JonKnowsNothing, R-Squared, all:

As an engineering professional, I’m bound to respect factual data, though not to assume that it’s exhaustive.

In the known instance, I see no evidence that any passenger(s) who did not report the image of a toy gun faced any “bother” — or even risk thereof — other than the absurd delay which afflicted everyone aboard.

For me, hard facts outweigh the speculations and imaginings of infotech geeks, however clever those geeks may be.

MarkH August 4, 2021 8:11 PM

2 questions I didn’t notice anyone address here:

1, can this stupid “AirDrop” thing do its nearby-notification thing with devices in Airplane Mode?

2, were passengers instructed to place powered devices into Airplane Mode?

JonKnowsNothing August 4, 2021 8:51 PM

@MarkH

re: Question 1 can this stupid “AirDrop” thing do its nearby-notification thing with devices in Airplane Mode?

AFIAK my iPhone (1) will not communicate with any WIFI or Network (P2P) or Bluetooth when in Airplane Mode. Airdrop will not work.

As for Question 2, I dunno. I’ve not been in that sort of situation for decades and I have no intention of testing out any theories in that environment.

AFAIK airplanes are now equipped with satellite connections and there maybe other comm channels active besides the obvious ones.

Turning on/off airplane mode is a couple of swipes and a punch.

Turning on/off Bluetooth is a bunch of swipes and punches and ticks. It’s easy to forget to shut it down when you are not using it for “hands free driving”. If you are using those BT EarBud things you have to have BT on all the time. (see 1)

Turning on/off Airdrop is a bunch of swipes, bunches, ticks, more punches and more swipes. If you normally use it to share photos with your family and friends, it would be easy enough to forget to shut it off. If you are sharing pictures of your “Fab Post-COVID Travel Trip to the next COVID Hot Spot” with your traveling companions it would likely stay ON.

Airdrop harvesting was quite of interest during pre-COVID days at *$. It was also a curiosity while commuting or traveling by mass transit systems. You never know when you might be sitting in the same train section with a M Hayden type.

iirc(badly) M Hayden was very fond of iPhones in his professional capacity.

===

1, A now older model iPhone. New models may behave differently.

fwiw: It will be my last, maybe my last “smartphone”. It’s a long boring story on how I was “sold” on it’s privacy aspects and of course got a “great deal” by telecom provider. George Carlin had a great routine about “business and their customers”. ymmv

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.