Tag Archives: Cambridge

Revenge of the Bollards

Is it a design fault, or is there some malice afoot in the Bollards War?

The UK city of Manchester has introduced something called ‘retractable bollards’ (non UK folk may call them posts) that sink into the ground when an approved vehicle approaches. (Sensors trigger the bollard’s retraction.) Great idea, right, since it means that buses and mail vans can get into pedestrian zones of the city but others can’t. The only problem is other drivers:

  • who assume that if a bus can get through, so can they; or who
  • try to cheat the system by sneaking through after the bus

This is what it looks like in action (thanks to Charles):

Now Manchester isn’t the first to try these bollards. Edinburgh ditched them last year after spending £150,000 when a local paper led a public outcry (I always love a good outcry.)

As you can see from the video, getting impaled on a bollard is not fun. They come back up as soon as the permitted vehicle has passed, so even the fastest driver isn’t going to have much luck. The Manchester Evening News reports some folk being taken to hospital and cars being written off. A 63-year old man died in Cambridge after crashing into one. This is all somewhat ironic given, according to another report in the paper, the bollards were introduced “on a trial basis because of the street’s high casualty rate.”

Surprisingly, many of those commenting support the bollards (variously spear bollards, rising bollards, those bollards, bollards from hell, and, inevitably, Never Mind the Bollards.) One points out the guy driving the SUV/4×4 is clearly trying to speed thro before the bollards come up. You can only imagine the conversation taking place as his partner grabs their kid and struts off (“Bollards! You bollarding idiot! I told you you’d never make through the bollarding bollards!”).

My tupennies’ worth: I think traffic maiming (as opposed to traffic calming) is a great idea but doesn’t go far enough. We need similar measures to punish, sorry deter, drivers who routinely flout the law and common decency. Why not, for example, deploy the retractable bollards elsewhere, like

  • the centre of a restricted parking space, so it would rise at the end of the designated period, impaling the vehicle if the driver had overstayed his alloted time;
  • at random points on the hard shoulder on toll roads/motorways so that cars illegally using it as a fast lane would be impaled,  or flipped over into an adjacent field

Where necessary, bollards could be replaced by other features such as

  • a mechanical arm, installed on the roadside and connected to a speed sensor, which would crush cars passing by too fast or too slow, depending on what irritated other drivers the most.
  • or cars driving through built-up areas too fast would be taken out by snipers deployed in trees/tall buildings. If necessary the snipers could be automated.
  • cars straddling two lanes or changing lanes without indicating first would be sliced in half by retractable blades intermittently rising out of the demarcating lines
  • motorbikes using the sidewalk (a particular bane in my neck of the woods) would risk having their tyres slashed by strips of spikes activated by the annoying sound of approaching underpowered Chinese-made engines.

Of course, there’s always a less, er, physical option. The retractable bollard contains a second sensor, which tells it that there’s a second, unauthorized vehicle passing over it. It doesn’t rise, but instead squirts evil-smelling goo onto the bottom of the car which renders the vehicle uninhabitable for at least a month. The driver is suitably chastened but no one dies.

Technorati tags: , , , ,

How To Infect An Airport

Could it be possible to use Radio Frequency ID tags, or RFID, to transmit viruses? Some researchers reckon so. Unstrung reports that a paper presented at the Pervasive Computing and Communications Conference in Pisa, Italy, the researchers from Vrije Universiteit in Amsterdam, led by Andrew Tanenbaum, show just how susceptible radio-frequency tags may be to malware. “Up until now, everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify backend software, and certainly not in a malicious way,” the paper’s authors write. “Unfortunately, they are wrong.”

According to The New Scientist the Vrije Universiteit team found that compact malicious code could be written to RFID tags by replacing a tag’s normal identification code with a carefully written message. This could in turn exploit bugs in a computer connected to an RFID reader. This made it possible, the magazine says, to spread a self-replicating computer worm capable of infecting other compatible, and rewritable, RFID tags.

An RFID tag is small — roughly the size of a grain of rice, the New Scientist says, and contains a tiny chip and radio transmitter capable of sending a unique identification code over a short distance to a receiver and a connected computer. They are widely used in supermarkets, warehouses, pet tracking and toll collection. But it’s still in the early stages of development. Which leaves it vulnerable. Until now, however, it was thought the small internal memory would make it impossible to infect. Not so, say the researchers.

So what would happen, exactly? RFID virus would then find its way into the backend databases used by the RFID software. The paper, Unstrung says, outlines three scenarios: a prankster who replaces an RFID tag on a jar of peanut butter with an infected tag to infect a supermarket chain’s database; a subdermal (i.e., under-the-skin) RFID tag on a pet used to upload a virus into a veterinarian or ASPCA computer system; and, most alarmingly, a radio-frequency bag tag used to infect an airport baggage-handling system. A virus in an airport database could re-infect other bags as they are scanned, which in turn could spread the virus to hub airports as the traveler changes planes.

So how likely is this? Not very, Unstrung quotes Dan Mullen, executive director of AIM Global, a trade association for the barcode and RFID industries, as saying. “If you’re looking at an airport baggage system, for instance, you have to know what sort of tag’s being used, the structure of the data being collected, and what the scanners are set up to gather,” he explains. Red Herring quotes Kevin Ashton, vice president of marketing for ThingMagic, a Cambridge, Massachusetts-based designer of reading devices for RFID systems, as saying the paper was highly theoretical and the theoretical RFID viruses could be damaging only to an “incredibly badly designed system.” Hey, that sounds a bit like a PC.

But he does make a good point: because RFID systems are custom designed, a hacker would have to know a lot about the system to be able to infect it. But that doesn’t mean it can’t be done, and it doesn’t mean it won’t get easier to infect. As RFID becomes more widespread, off-the-shelf solutions are going to become more common. And besides, what will stop a disgruntled worker from infecting a system he is using? Or an attacker obtaining some tags and stealing a reader, say, and then reverse engineering the RFID target?

My instinct would be to take these guys seriously. As with Bluetooth security issues such as Bluesnarfing, the tendency is for the industry itself not to take security seriously until someone smarter than them comes along and shows them why they should do.

Update: One Of Microsoft Security Report Authors Fired

 One of the authors of the security paper (PDF file) that said Microsoft was a threat to national security has been fired, according to CNET. Cambridge, Mass-based @Stake, where Dan Geer worked as chief technical officer, said in a statement Thursday that the researcher had not gotten his employers’ approval for the study’s release, and that he was no longer associated with the company. Although independently financed and researched, the study was distributed by the Computer and Communications Industry Association (CCIA), a Washington-based trade association largely made up of Microsoft’s rivals.
 
A Microsoft spokesman said the software maker had not pressured @Stake to make any decision on Geer’s status. Bruce
Schneier, a security expert and co-author of the report, saw things differently, according to CNET. He said the idea for the report had come from Geer and the other researchers, not from the CCIA or other Microsoft rivals. The group had found it hard to find other researchers to sign on to the idea, even if those approached agreed with the study’s premises, he said. “When we were conceiving and writing the report, a surprising number of researchers said ‘No,’ because of the fear of Microsoft,” Schneier said. “Dan was not talking for @Stake. We were speaking as researchers. The fact that @Stake couldn’t get around that shows the pressure that Microsoft brings to bear.”

Update: Gillette Said To Abandon Tag Trials

 From the This Sounds Like A Good Thing, Or Are We Being Luddites? Dept comes news that privacy protests against the trial of RFID tags by Gillette at a Tesco store in Cambridge have prodded Gillette to abandon their trial, according to Indynews. RFID (Radio Frequency ID) tags are small tags containing a microchip which can be ‘read’ by radio sensors over short distances.
 
 
Recent trials involving attaching these tags to products have raised concerns about privacy, as information on the tag could be read long after the product was purchased. Tesco is also testing RFID tags in its DVD range at the Extra store in Sandhurst, Berkshire.

News: Buy Some Razor Blades And Get Your Photo Taken!

 Yes, it’s true! All you need to do is pick up a packet of Gillette Mach3 razor blades at Tesco’s in Cambridge, England, and you’ll trigger a CCTV camera. A second camera takes a picture at the checkout and security staff then compare the two images. Apparently the aim of the trial, The Guardian reports, is to provide stock information, but the manager of the store has already described how he presented photos of a thief to police.
 
 
Retailers have hailed the technology as the “holy grail” of supply chain management but civil liberties groups argue that the so-called “spy chips” are an invasion of consumers’ privacy and could be used as a covert surveillance device.