August 3rd, 2024

Make Your Electronics Tamper-Evident

AnarSec's article outlines methods to enhance electronic device security against tampering, including tamper-evident screws, transparent storage solutions, and secure operating systems like Qubes OS and Tails.

Read original articleLink Icon
CuriosityConcernSkepticism
Make Your Electronics Tamper-Evident

AnarSec's article discusses methods to make electronic devices tamper-evident, particularly in the context of protecting laptops from unauthorized access. It highlights the risks posed by 'evil maid' attacks, where an attacker gains temporary access to a device to install malicious hardware or software. To mitigate these risks, the article suggests using tamper-evident laptop screws, which can be marked with unique glitter nail polish patterns that are difficult to replicate. This method allows users to detect any unauthorized access by comparing photos of the screws before and after potential tampering.

Additionally, the article recommends using transparent storage solutions for sensitive electronics when away from home, such as a box filled with colorful materials to create a mosaic that can be photographed for later comparison. The Blink Comparison app is suggested for verifying that the mosaic remains unchanged.

For software and firmware security, the article emphasizes the importance of using tamper-evident systems like Qubes OS, Tails, or GrapheneOS, which can notify users of any unauthorized changes. The Auditor app for GrapheneOS and Heads for Tails or Qubes OS are highlighted as tools for detecting tampering.

Finally, the article touches on physical intrusion detection systems, which can monitor spaces for unauthorized access. Overall, the piece provides practical advice for enhancing the security of electronic devices against physical and software compromises.

AI: What people are saying
The comments reflect a diverse range of perspectives on tamper-evident security measures for electronic devices.
  • Several users share personal experiences and anecdotes related to tampering and security, highlighting the importance of vigilance.
  • There is a discussion on the effectiveness and limitations of various tamper-evident technologies, with some suggesting that they may not be foolproof against determined attackers.
  • Some commenters express skepticism about the practicality of constantly checking for tampering, questioning the feasibility of maintaining such security measures.
  • Users mention the potential for advanced techniques, such as 3D printing, to bypass tamper-evident mechanisms, raising concerns about state actors and sophisticated threats.
  • There is a call for more innovative solutions and algorithms to enhance security, indicating a desire for improved methods in the fight against tampering and counterfeiting.
Link Icon 21 comments
By @wgrover - 5 months
Here's some work I did a couple years ago using some of these principles to fight counterfeit medicines: https://www.nature.com/articles/s41598-022-11234-4

A side note: I think there's an unmet need for algorithms that can convert photos of these random patterns into text (or something similar) that can be stored in a database and searched quickly for matching patterns. I've tried image similarity algorithms like the ones used by e.g. Google Reverse Image Search, but they seem poorly suited for this task. I ended up writing my own crude algorithm in the paper above that converts a pattern into a set of strings, and it works OK, but surely there are better ways to do this.

By @walterbell - 5 months
Cameras continue to shrink in size and price. TEMPEST / Van Eck phreaking can be used to detect and locate hidden cameras, https://www.usenix.org/system/files/sec24fall-prepub-357-zha...

> For all spy cameras.. raw image.. encoding and compression.. takes place in an inbuilt read-write memory whose operations cause electromagnetic radiation (EMR).. Whenever the visual scene changes, bursts of video data processing.. aggravate the memory workload, bringing responsive EMR patterns. ESauron can detect spy cameras by intentionally stimulating scene changes and then sensing the surge of EMRs.. Experiments with 50 camera products show that ESauron can detect all spy cameras with an accuracy of 100% after only 4 stimuli, the detection range can exceed 20 meters even in the presence of blockages, and all spy cameras can be accurately located.

By @Animats - 5 months
There are DoD standards for this. Mostly for SECRET level. Containers for SECRET level material are supposed to be tamper-evident, but not extremely resistant to attack. Filing cabinets must have welded and painted joints, and good locks. It's possible to pry open a secure filing cabinet, but the damage will show. See page 5.3.1 of [1].

The U.S. Navy does authorize label-type seals but rates their security as "minimal". See page 6.3 of [2]

Defense Counterintelligence Agency has some security seal guidelines.[3] Probably outdated.

There are "tamper-evident seals with residue." If you remove them, it makes a visible mess. [4] They also have bar-coded serial numbers. A well-resourced attacker with a lot of access time and a preliminary run to get a look at the seals and have duplicates made could probably remove and replace those. If you're facing that level of threat you probably shouldn't have anything of interest in an unattended laptop.

[1] https://www.nispom.org/NISPOMwithISLsMay2014.pdf

[2] https://exwc.navfac.navy.mil/Portals/88/Documents/EXWC/DoD_L...

[3] https://www.dcsa.mil/Portals/91/Documents/CTP/NAO/security_s...

[4] https://seals.com/security-tape-labels/?_bc_fsnf=1&Classific...

By @xyst - 5 months
My first exposure to “tamper evident” mechanisms was in an anime series called “Death Note”.

https://youtube.com/watch?v=zZBR9iQ7DRA3D

The main character has a series of mechanisms (door latch height, paper in between door and wall, mechanical pencil lead in door hinge)

One out of place tamper seal, can ignore. But all 3 broken? Someone was in the room.

Personally used the paper trick when I was young and living with parents and siblings. Would easily know when somebody entered and trifled through my things.

Also used that mechanical lead pencil trick with my “secret” drawer where I had created a false bottom lol.

By @bdcravens - 5 months
I had to disassemble our relatively new Roborock vacuum to clean it fully (it found a piece of dog waste and made a lovely mess). I removed every screw I could find and still couldn't remove the bottom cover. That's when I noticed what looked like a hole with a plastic filler, but was actually a bit of wax covering the final screw. I presume this was a simple way to determine if the device had been tampered, for warranty purposes.
By @twerkmonsta - 5 months
I would love to hear more about the kind of work done by people that need this level of security.

Like is the NSA covering their laptop screws in glitter nail polish? Are covert CIA agents? SOF?

Who needs this level of secrecy that would not have the physical security in place to protect the device in the first place?

By @llsf - 5 months
This reminds me an old James Bond movie, with Sean Connery, where he picks one of his hair, licks his sticky fingers to seal his hotel room door. It later tells him that someone entered his room.
By @BadHumans - 5 months
I have thought about this many times when thinking about the Framework Laptop. How easy it would be to swap one of the side ports with a malicious version that has something like a keylogger in it and you would never be the wiser.
By @_2nnf - 5 months
Happy to see this, because this is how they (Law enforcement / intelligence agencies) do it nowadays.

Many years ago law enforcement (french DCRI now called DGSI) illegally placed a keylogger on my laptop, they placed it when I bought it online from materiel.net and placed it before I took delivery of it. it is 100% certain in my mind.

So never ever buy a laptop or hardware online if you think you might be exposed to this, buy it from a store.

I was going to build a hardware keylogger for laptops just for fun and as a proof-of-concept to show how easily this could be done.

By @AshamedCaptain - 5 months
I find that this has much more promise than all the crap about Secure Boot and the like for the far-fetched "evil maid" scenario. NO ONE I know is going to react to Windows going batshit and requesting the Bitlocker key for no reason as "my laptop has been tampered with!". Heck, given large enough number of employees, IT has to hand out the bitlocker keys almost every day due to how frequent false positives are.

On the other hand, I'd think they'd pay attention to actual tampering evidence.

By @gary_0 - 5 months
> If the police

Not just the police: if your data or the data of the organization you work for is considered valuable enough[0], you also have to worry about thieves, foreign spies/saboteurs, corporate espionage, a wayward relative looking for banking passwords or Bitcoin to fund their drug/gambling habit, or a particularly obsessive ex.

[0] Mine isn't, and paranoia isn't one of my vices, so this is all academic to me.

By @praptak - 5 months
I wonder if the colourful lentils trick could be bypassed by a 3D printer that recreates the pattern. This seems in range for a state actor. Or maybe even a hobbyist with lots of time.
By @jrexilius - 5 months
If this topic is a serious concern in your threat modeling, then this is a far better solution than glitter nail polish, and also doubles as a digital identity signature:

https://dustidentity.com/

I'm looking at using this for certain shipping and packaging needs.

By @amelius - 5 months
The problem with this technique is that now you have to inspect the seal every time you leave your laptop unattended.
By @tiku - 5 months
Tamper proof screws, but do you check underneath your laptop every time you went away for a few minutes?
By @mrbigbob - 5 months
I remember reading an article from MIT earlier this year where they deposited metallic particles into adhesive of an id tag and registered the unique dispertion of the metallic particles as a way to verify a genuine or fake product https://news.mit.edu/2024/tiny-tamper-proof-id-tag-can-authe...
By @bankcust08385 - 5 months
Yes. It's a good idea.

However it's worth not also gaining a false sense of security vs. state actors who buy software and hardware exploits from shops like Zerodium generally don't always require intrusive physical access to implant malware or extract information, or who use the local carriers to do the dirty work for them.

By @workfromspace - 5 months
https://archive.ph/sNJgw (page hugged to death?)
By @BMc2020 - 5 months
Ctrl F tamper tape

amazon dot com tamper tape

You can't open the case in a way that doesn't make it obvious it was opened.

By @throwaway93982 - 5 months
"As anarchists, we must defend ourselves against police and intelligence agencies that conduct targeted digital surveillance for the purposes of incrimination and network mapping." (https://www.anarsec.guide/recommendations/)

I wonder who the anarchists are that are afraid of "incrimination and network mapping" and what it is they're doing them that makes them afraid of that