As the TSA increases its scrutiny of electronic devices, especially cellphones, on some overseas flights, the new security measures raise questions about how to combat threats posed by such familiar technology.
Without explaining what prompted the announcement, the Department of Homeland Security and the TSA said passengers may be required turn on their cellphones at security. If a phone won't power up, it won't be allowed on the plane and its owner may be subject to further security checks.
The X-ray signature
The primary concern appears to be that a bomb could be concealed inside a cellphone or other electronic device. The government says no new specific intelligence led to the stepped-up security. But several technology and security experts told CBS News that given the nature of the TSA's latest measures, a key factor may may have to do with an electronic device's "X-ray signature."
X-ray an ordinary cellphone at a security checkpoint, and you see a dense block -- the battery -- plus electronics boards and wires. Terrorists could potentially remove the battery and replace it with a block of plastic explosives the same shape and size as the battery. About a decade ago, experts say the fear of this type of bomb prompted the TSA to order travelers to power up their cellphones or laptops to prove that they contained a battery. But in an advance for airport X-ray screening, it was discovered that explosive material had a different density than batteries -- a different X-ray signature. Screeners could find bombs masquerading as fake batteries thanks to this X-ray signature.
Now, experts speculate that perhaps more sophisticated bomb-makers could have found a way to outsmart that system. Gary Davis, Chief Consumer Security Evangelist for cybersecurity firm McAfee, tells CBS News it's possible that that terrorists may have developed explosives that more closely resemble the characteristics of batteries in an X-ray.
Herbert Lin, Chief Scientist for the National Academies' Computer Science and Telecommunications Board, agrees that is "plausible." Lin, who is also the author of the recent report, "At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues," says it makes sense that terrorists would want to develop an explosive that fits into a cellphone and that "generates an image that looks harmless, an explosive that looks like a battery."
Would the TSA's "turn on" test prevent that type of threat from slipping by? It seems to be a simple way to confirm that a device's battery has not been tampered with.
But Lin cautions that the test is not foolproof. "You can imagine a scenario where the terrorist makes a half-size battery and makes the other half look like a battery" so that the device would still turn on. Fortunately, however, he does not think that's a very likely scenario. "It might still be detectable," he said, "and it is hard to make a cellphone battery."
Cellphone as trigger
There are other ways to use cellphones as part of a remote control explosive system. Terrorists have used a cellphone to call another cellphone wired to a bomb, which is designed to explode when the ringer goes off. That triggering method has been used in many improvised explosive devices, or IEDs, in Iraq, Afghanistan and Pakistan.
Could a cellphone be used to trigger an explosive device if terrorists managed to get one on board a commercial aircraft, perhaps in luggage in the cargo hold or into the cabin itself?
Probably not. Davis notes "there are four ways that cellphones communicate: cellular phone, Wi-Fi, Bluetooth, and text messaging," and there would be technological limitations to using any of them in that way. He notes that cell reception in a plane is spotty at best at lower altitudes; the plane would need to be in range of a cell tower on the ground, and the metal body of the aircraft can interfere with reception even then. At cruising altitudes there would be no cellular voice or text reception. As for the alternative ways of sending a signal, Lin says "a Wi-Fi bomb would be much more complicated" to build, as would a Bluetooth-controlled bomb.
Other possibile cellphone threats?
According to Davis, one thing we don't need to worry about is that a cellphone could somehow be used to communicate a malicious message to the cockpit controls to bring down a plane. "Cellphones cannot communicate to a plane -- they work in completely different frequency domains," he said.
Could your phone be hacked or hijacked to unwittingly help a terrorist carry out a plot? Neither Lin nor Davis thinks that is likely, though they caution that your cellphone can be infiltrated in other ways and used for surveillance or fraud.
Davis warns, "Hackers can infect your phone with malware. One kind makes you think you turned your phone off, but it can still transmit and receive information." That could allow someone to surreptitiously track your movements or record your conversations when you think the phone is off. Lin notes that even removing your battery may not be enough to make your device inaccessible to hackers on the network. "There is a small battery in some phones, a keep-alive thing. The only way to be sure nobody can contact your phone is to wrap it very well in aluminum foil."
A delicate balance
Knowing what they do about the threat environment, Lin and Davis agree that security policy is not an exact science. As Lin sees it, "It is a judgment call. There is no objective way to know. You always have to balance two needs, security versus convenience."
And so Davis provides this word of caution to international travelers: "Get to the airport plenty early -- lines are going to be long."