US Says Plane Finder App Threatens Security 524
ProgramErgoSum writes "The Plane Finder AR application, developed by a British firm for the Apple iPhone and Google's Android, allows users to point their phone at the sky and see the position, height and speed of nearby aircraft. It also shows the airline, flight number, departure point, destination and even the likely course-the features which could be used to target an aircraft with a surface-to-air missile, or to direct another plane on to a collision course, the 'Daily Mail' reported. The program, sold for just 1.79 pounds in the online Apple store, has now been labelled an 'aid to terrorists' by security experts and the US Department of Homeland Security is also examining how to protect airliners. The new application works by intercepting the so-called Automatic Dependent Surveillance-Broadcasts (ADS-B) transmitted by most passenger aircraft to a new satellite tracking system that supplements or, in some countries, replaces radar."
fear (Score:5, Insightful)
Be afraid! Everything is a threat!
.
.
.
.
.
and we can't take away all your freedoms unless you are afraid...
Already done? (Score:5, Insightful)
How is this any different from a website like flightstats.com, and I'm sure there are plenty of other sites like that too. It isn't difficult to figure out where the planes are. The app probably only makes it marginally easier to view this data on a phone. Sounds like much ado about nothing
It's bad (Score:4, Insightful)
If something could potentially be used in a bad way, even if most people aren't going to abuse it, it must immediately be banned! So, basically, anything that can be used as a weapon, too. Which is... pretty much everything.
Yes, let's all focus on the iPhone apps... (Score:5, Insightful)
a bit late (Score:3, Insightful)
Make your own. (Score:5, Insightful)
"Anything that makes it easier for our enemies to find targets is madness. The Government must look at outlawing the marketing of such equipment."
Perhaps they should consider banning the ADS-B transmitters, then?
In any case, banning the app would do nothing to anyone with the funds for a SAM. See this document [www.lll.lu] to make your own reciever.
It should be banned (Score:5, Insightful)
Because terrorists would never, ever be able to find out this information by themselves, or crash their plane into an airliner by, uh, looking for it in the sky while they're flying.
Have we now moved on from security theater to security standup comedy? At best this seems to be a DHSvertisment telling terrorists where to get useful apps for their iPhone. which they might otherwise never have heard of.
Me too (Score:3, Insightful)
If it can be done with a phone app, then obviously it can be done in other ways by terrorists.
If it walks like a duck and talks like a duck ... dont vote for it
Re:Yes, let's all focus on the iPhone apps... (Score:3, Insightful)
Huh? (Score:5, Insightful)
What conceivable use is this to a terrorist? I've been considering this for a few minutes now. My kneejerk reaction was that the government is being fucking stupid. Then I pondered on exactly how knowing which plane is which is at all helpful. Any ideas anyone? Perhaps I'm focusing too much on the hijacking scenario, and someone could use it to select a target for a SAM. But that just doesn't seem likely, since I would think you would already know your target if you go through the trouble of bringing a SAM to an airport.
Paraphrasing an old joke ... (Score:5, Insightful)
Re:Yes, let's all focus on the iPhone apps... (Score:2, Insightful)
... instead of, say, the surface-to-air missiles
Hey, I have a right to bear arms. You iPhone users can git your own amendment or else you can git out!
I really don't think the 2nd amendment makes allowances for the possession of strategic or tactical air defenses.
Speaking of which, instead of spending time on worrying about iPhone apps, maybe these terrorism "experts" should be concentrating on preventing terrorists from gaining access to surface-to-air missiles.
somebody need some laxative bad (Score:1, Insightful)
If you can take down an airliner at 30,000ft, you hardly need to know its final destination, or need somebody to tell you its altitude, ....
Here comes the stupid... (Score:5, Insightful)
I get this argument from idiot alarmists all the time:
"We can't allow for the last link of dissemination of information to the public at large to exist, but it's okay for the information to be available. We just need to make it *less* available."
This sort of argument appears to stem from one or many of a few beliefs:
1) Terrorists are too stupid to get this sort of information from less casual sources.
2) Of all of the speedbumps to becoming a terrorist, figuring out where the flights are was the thing that was holding people back.
3) They had no idea that we had this information available (this is a variant of 1),
4) It's okay to leave information we consider dangerous out in the open, as long as you can't get it without knowing the right URL (or, in this case, the right frequencies). This isn't quite what crypto nerds mean when they say "security through obscurity isn't security at all," but it's pretty relatable.
And to think, US Cyber command is under the impression that they don't need geeks. If this is what passes for an understanding of safety and security in our government, we're just doomed.
Stupid argument (Score:3, Insightful)
This is a stupid argument because it is so extremely simple to figure out when to shoot down an aircraft with a SAM anyway.
You already know the approximate time when it will takeoff since that is public knowledge since the passengers needs to know.
Most airports has only one or two runways. You can easily figure out in which direction the plane is going to start (it will start at the same direction as the ones before it, probably into the wind).
Now you can simply put ourself outside the airport at the point where the plane will fly right over you at a low altitude off perhaps a couple off hundred yards. The guys that photos planes position them self correct every time with this knowledge.
The reality is that aircrafts is extremely exposed and easy to shoot down with SAMs since it is easy to get them during landing and takeoff and you can't fence off an area big enough to protect them.
encrypt tower to plane radio first (Score:4, Insightful)
tower: AC310 heavy drop to 30 thousand and proceed to outer marker on heading 31 you are clear for runway
Hm, I wonder where AC310 heavy is ?
Re: US Department of Homeland Security (Score:5, Insightful)
I live sixty miles from the Mexican border. We have a bunch of undocumented/illegal aliens here. They are not terrorist threats; only very few are criminals. Most of them are ordinary people who just want a chance to live like anybody else.
Re:OMG (Score:5, Insightful)
DHS might be able to stop corporations, but they can't stop me from publishing the source code:
PA LAW: "The free communication of thoughts and opinions is one of the invaluable rights of man, and every citizen may freely speak, write and print on any subject." ----- MD LAW: "The powers not delegated to the United States by the Constitution thereof, nor prohibited by it to the States, are reserved to the States respectively, or to the people thereof..... the liberty of the press ought to be inviolably preserved; that every citizen of the State ought to be allowed to speak, write and publish his sentiments on all subjects, being responsible for the abuse of that privilege."
And so on across all 50 Member States. Nobody at the US level has the right to block publishing or sharing source code of programs I or thers create
Aside -
I found this bit of the Bill of Rights interesting: "Monopolies are odious, contrary to the spirit of a free government and the principles of commerce, and ought not to be suffered." And yet the BGE and Comcast monopolies exist. Perhaps the Maryland government should buy-out the wires and lease the lines to any company that wished to use them (BGE, PPL, comcast, cox, appletv, etc). i.e. Consumer choice is a right.
Re:fear (Score:5, Insightful)
Knowledge is Power. Power can be used by the Terrorists. Ban Wikipedia.
Re:It's bad (Score:5, Insightful)
I'd have thought that the _problem_ is that the aircraft is broadcasting its position, not that somebody wrote an app to listen to the signal.
If some Android developer can figure out how to do it, so can anybody else.
But...go ahead, ban the app if it makes you feel better.
Re:Yes, let's all focus on the iPhone apps... (Score:5, Insightful)
The typical interpretation that I've seen from the more conservative pro-gun groups is that it includes any weapon up to and including what would normally be used by a single infantryman in wartime. So you can have rifles, smaller anti-tank weapons, and MANPADS, but anything crew-served is out.
And where does the 2nd amendment say that?
The Constitution implicitly assumes the private ownership of warships (see 'letters of marque and reprisal'), so the idea that the founders would have been shocked by private ownership of crew-served weapons seems rather silly.
That said, I'm not sure I'd be too happy with rednecks towing 105mm howitzers behind pickups with a rack of Stingers in the back.
Re:Yes, let's all focus on the iPhone apps... (Score:5, Insightful)
Also note that the iPhone app works because THE AIRPLANE IS BROADCASTING THIS INFORMATION CONSTANTLY. If this information is a security threat, why did they create an air traffic control system where this information is public? If you can't be arsed to encrypt your own broadcasts, is it really shocking when someone actually reads them?
step 4 ... (Score:5, Insightful)
2. Mention that the Department of Homeland Security also thinks about security threats
3. Get article mentioned on Slashdot where people still don't RTFM in any detail, but do like to shit bricks that mention DHS in any context
4. Get traffic to ad-driven site
Re:Yes, let's all focus on the iPhone apps... (Score:2, Insightful)
>At the time, that consisted of rifles and pistols
And cannons.
Re:It's bad (Score:5, Insightful)
Re:Yes, let's all focus on the iPhone apps... (Score:3, Insightful)
Re:Already done? (Score:5, Insightful)
I fail to understand how anyone can complain when they failed to institute basic encryption policies to protect such data.
It would make no sense to block the application because it's obvious the work can be easily reproduced.
If this was ever a concern they should have at least implemented some basic protections.
Re:It's bad (Score:3, Insightful)
The source of this story was the Daily Mail, that also brought us such superb journalism as this [destructoid.com].
Re:Yes, let's all focus on the iPhone apps... (Score:5, Insightful)
The intent behind it does, really.
The whole "well-regulated militia" bit likely intends to give citizens the right to be sufficiently well-armed to constitute a significant military force -- that's what a militia is.
As I read it, the 2nd Amendment directly refers back to Article I, Section 8, Paragraph 16, which states that Congress gets to arm the militia. Given that, couldn't you extrapolate that since you'd get your weapons from Congress, what weapons you're allowed to get would be decided upon by them?
Re:a bit late (Score:3, Insightful)
It really does sound like a "working as designed" problem. Honestly, if you design something to broadcast data with no technical security policies at all, you really can't complain when your data gets intercepted and used for things you can't control. Removing the iPhone app doesn't even remotely fix the problem either, of course, since this kind of device could just be purpose-built.
Re:Already done? (Score:5, Insightful)
Re:It's bad (Score:5, Insightful)
It is not about legitimate security concerns. as a SAM would hit the aircraft regardless of whether or not an app captured transponder data and superimposed it on a map or not. In fact this app would probably not help a terrorist very much at all, except possibly with identifying a specific aircraft - but don't you think that the terrorist would have receivers already, be listening to VHF transmissions between the cockpit and air traffic control, and so on?
This kind of app is most useful for aviation nuts who like to track weather, aircraft flights, and other trivia no one will care about a day later. It is good for GA to know what's in the air around you (ignoring FCC and FAA regs about cellphones in the air), and it's particularly good for seeing for yourself how busy air space is along your intended route as you plan.
What is this whole stink all about?
Homeland Security Theater. It's about time for the season premier episode and this seems to be it. It is all about a Wizard of Oz like production where we are supposed to watch the media rantings, and not seeing the puny man behind the curtain for the farce he is. It is all about continued existence of Homeland Security and the huge tax burden it creates to support that woefully inadequate charade while not doing what it takes to actually prevent terrorist attacks (e.g., profiling international flight passengers, deporting illegal aliens, stopping illegal immigration, I mean, invasion, at the borders). It is about forcing Americans to embrace the idea of big government, a nanny state, and a global government with no checks and balances.
It is not about real security at all. It's about a temporary apparent security for which we are exchanging our essential liberties.
Re:It's bad (Score:2, Insightful)
You can do the same thing and have been able to do it for years !!
All aircraft transmitt OPEN data without ANY encryption apart from military who have differening ability for just these sorts of reason.
The call to "BAN" is ludicrous at best and ill informed at worst.
As pointed out by other posters there are a multitude of sites that give this data out freely and have done so for a considerable time.
There is also a MASS of software for controlling scanners and good quality radios to take it much further than simple heading and altitude to give you almost (not quite) an air traffic control view over quite a range !
It is nothing more than a SCARE tactic to grab attention and quite possibly publicity for the app.
I used to use a scanner hooked to a computer or laptop to do just the same thing some years ago.
Terrorist No I aint !! interested in comms ? YUP !
PLEASE GUYS read up on a topic before posting knee jerk reactions that make you look bad !
Re:Already done? (Score:5, Insightful)
The worst thing which can happen is for the ATC system to not be able to see the aircraft because a key is wrong. Concerns about terrorism are secondary.
Re:fear (Score:4, Insightful)
Even if this app is banned the mere fact that this is possible means terrorists can write their own programs. If they want to protect air lines they should devise some means securing this automatic signal.
And thanks to the Strisand Effect... (Score:3, Insightful)
Thanks to the Streisand Effect [wikipedia.org], Plane Finder AR [apple.com] will doubtless skyrocket to the top of the charts by the end of the day.
If this were a legitimate security risk, they just did about a thousand times the damage that it would have been had they ignored it. Pathetic. This is why efforts like the Cyber Command [wikipedia.org] is such an obvious failure to anyone with a lick of Internet-savvy before it was ever launched.
Re:Already done? (Score:5, Insightful)
The app developers are intercepting identifying signals transmitted directly by the airplanes closing the gap between real-time and that delayed by a government-mandated time period
Really? Which radio in the iPhone is being used to intercept those signals? The GSM/WCDMA radio? The Wi-Fi radio? The Bluetooth radio? The GPS radio?
I infer from Pinkfroot's "Share Data" page [pinkfroot.com] that their apps just get the ADS-B data over the Intertubes from people who have ADS-B receivers and make the data available.
Re:Already done? (Score:5, Insightful)
I infer from Pinkfroot's "Share Data" page [pinkfroot.com] that their apps just get the ADS-B data over the Intertubes from people who have ADS-B receivers and make the data available.
And if I'd Read The Entire Fine Article, I wouldn't have had to infer; The Fine Article says exactly that:
The firm behind the app, Pinkfroot, uses a network of aircraft enthusiasts in Britain and abroad, who are equipped with ADS-B receivers costing around 200 pounds to intercept the information from aircraft and send it to a central database.
Wouldn't it make more sense, then, to ban the receivers rather than the apps? It sounds like all the app is doing is aggregating data that's already available. A resourceful terrorist could write his own software to do that.
Re:Did Anybody Read the Fucking Article?? (Score:4, Insightful)
Selective quoting is wonderful.
But come on, that sentence is badly written in the first place.. It is so easy for someone without the full knowledge of the English language to get the wrong idea...
Re:fear (Score:2, Insightful)
Forget Wikipedia. Ban the Internet.
Or turn it into TV.
Re:fear (Score:5, Insightful)
Re:It's bad (Score:5, Insightful)
I was worried when I realised that the local bus company had posted information telling us the routes and times of the bus services in the city. If it weren't for the drivers doing their best to randomise their arrival times, terrorists would use this information for nefarious purposes!
I saw a kind of foreign looking guy the other day. Close call that.
Re:fear (Score:4, Insightful)
Which would defeat the purpose of ADS-B, as it's a replacement for radar. You want other aircraft in the area to know where you are, and hence you really don't want to restrict what is receiving that signal (even if you limit it to just aircraft, someone could always take an ADS-B decoder from their aircraft and spit the signal out over IP).
Re:Yes, let's all focus on the iPhone apps... (Score:5, Insightful)
Re:Already done? (Score:5, Insightful)
Most terrorists won't have access to heavy-duty surface to air missiles - at best they'll have Stingers, which aren't very good at chasing high-altitude aircraft (effective range of 3 miles).
-Chris
Re:fear (Score:5, Insightful)
New DHS directive:
Everyone who is not an obese whining imbecile is to be considered a threat.
Re: US Department of Homeland Security (Score:4, Insightful)
Undocumented workers pay income tax and payroll taxes [usatoday.com], too. They're the ones who should be having tea parties - they get taxed, but they don't get the vote.
Re: US Department of Homeland Security (Score:5, Insightful)
The solution is to remove the cheap labor from the equation completely
Here's a better solution: Make it easy for the cheap labor to come into the country legally. The farmer would then have to comply with all of the labor laws to employ them, including minimum wages. No more $2 per hour melon pickers.
Most of the problems with illegal immigration (the actual problems, not the imaginary problems) boil down to having this class of people in the country who don't dare interact with the US legal system. Make them legal, and all of those problems disappear.
Make it a crime to employ an undocumented worker.
It is a crime. It needs to be a bigger crime, though, and we need a good way to catch such employers.
I suggest turning the people who absolutely can't be fooled about the employee status against the employers. Who absolutely knows the legal status of the employees? The illegal employees themselves. Offer a green card to any illegal who rats out their boss, throw the boss in jail, and very quickly you'll find that no one is willing to employ anyone who can't prove they're legal.
Make it a crime to pay someone less than minimum wage
Again, it is a crime. And because it's a crime, it doesn't happen -- except when the employees are afraid to use the legal system.
or better yet, a crime to pay someone less than fair market wages
What's a fair market wage? And how can the market set a fair wage if no one is allowed to pay one penny under whatever that wage is? Markets require a range of prices offered to settle on a price that is fair. This suggestion makes no sense.
Comment removed (Score:4, Insightful)
Re:Already done? (Score:5, Insightful)
Concerns about terrorism are never secondary.. The 3,000+ people killed by terrorists the the US in the last decade are a far greater concern than the best part of 200,000 other murders over the same period. fewer than 40 people killed by terrorists in the UK in the last decade are a greater concern than than close to 3,000 killed by other murderers over the same period, or something on the order of 30,000 from each of road accidents and suicide.
It follows that a risk of a terrorist attack is of greater concern then the risk of accidents, even if the latter is a greater threat in terms of the number of people killed.
Do you expect a rational policy?
Re:Already done? (Score:1, Insightful)
It does not really matter if they encrypt or not.
The ADS-B signal will have to be decrypted at some point in an aircraft or on ground. And getting your hands on a future "encrypted" ADS-B receiver will be very easy anyway - just steal one out of a plane - and then you have the positions again. But there have been plenty of discussions about encrypting ADS-B. But the cost alone makes it prohibitive. To replace ADS-B you will need to update quite a lot of other avionics - so cost per aircraft would be in the $50.000 range on a passenger jet. And it would bring very few benefits.
Anyway - as long as you know the frequency an aircraft uses for the different transponder signals - building a "tracking" device is actually very easy. Just listen to the frequency with one directional antenna - or 2 or 3 omni directionals - and you can calculate where the plane is. There are so many frequency specific items on an aircraft - from Radar, Radio, ACARS and Transponders so there are plenty of signals to lock onto.
And to make matters even worse - most approaches into airports follows quite specific paths - and "hold positions" where the aircraft cycles around to wait for a landing slot are ALL published on nice paper maps. The Tower even tells the plane what altitude and heading a certain aircraft should use and aim for and the radio is not encrypted. And frequencies are published on the nice paper maps! So spotting and identifying any aircraft is a simple task - even without ADS-B technology to help.
So this is just another "lets make some emergency laws to combat the $2 solution vs the $200 solution.And I do not think any one who wants to damage a plane would care if it costs $2 or $200 or $2000.
But maybe Pinkfoot should just log the UUID :-) and, location an cell towers the phone is connected to when doing a lookup and store them in a database. If logging cant happen - you can't get a position fix - and then tracking the potential terrorist would be as simple as looking in the database. It wont be perfect - but at least you know who bought the app, and where it was used.
Re:Already done? (Score:3, Insightful)
It sounds like all the app is doing is aggregating data that's already available. A resourceful terrorist could write his own software to do that.
A resourceful terrorist already owns an ADS-B receiver... Five seconds of googling, I found a web site with simple instructions for building your own. The idea that a terrorist will be able to obtain munitions and technology required to take down an airplane but will decide not to use it because they can't get an app for that is just too funny for words.