Hacker News new | past | comments | ask | show | jobs | submit login
Make your electronics tamper-evident (anarsec.guide)
272 points by walterbell 4 months ago | hide | past | favorite | 148 comments



Here's some work I did a couple years ago using some of these principles to fight counterfeit medicines: https://www.nature.com/articles/s41598-022-11234-4

A side note: I think there's an unmet need for algorithms that can convert photos of these random patterns into text (or something similar) that can be stored in a database and searched quickly for matching patterns. I've tried image similarity algorithms like the ones used by e.g. Google Reverse Image Search, but they seem poorly suited for this task. I ended up writing my own crude algorithm in the paper above that converts a pattern into a set of strings, and it works OK, but surely there are better ways to do this.


Very cool! This seems almost like physical cryptography. Maybe there is a better term for it, but I’d be very interested in other work along these lines.


A university spinoff using the interaction between RF and nearby devices, https://www.physec.de/en

https://www.sciencedirect.com/journal/computer-networks/vol/...

> We describe the first MITM-resistant device pairing protocol purely based on a single wireless interface with an extensive adversarial model and protocol analysis. We show that existing wireless devices can be retro-fitted with the VP protocol via software updates, i.e. without changes to the hardware.


Thanks! There are related structures in electronic circuits called physical unclonable functions (PUFs) that find uses in cryptography - you might find them interesting: https://en.wikipedia.org/wiki/Physical_unclonable_function


I once wondered if the colorful fibers in bank notes — which, like the nonpareil spheres, are distributed at random throughout the paper on which the notes a printed — can also be used to generate a unique number.

Examples (aha, including a teaser to an upcoming product called “Verifibre”!) can be seen here:

https://securityfibres.com/

Instead of a lookup table, that number could be signed and the signature printed onto the bank note itself. It would be impractical to either deduce the signing key or duplicate the pattern of fibers in a way that the signature was still valid.

I don’t know if there’s a signature algorithm though that is resilient to lossy and unreliable input data and which can also produce short enough output that could be printed on the face of a bank note.


Fingerprint sensors probably do some kind of fuzzy hash. That might be a nice basis for such a signature algorithm.


I should think you could do this with fingerprinting the photo similar to how music is fingerprinted for things like Shazam or MusicBrainz. I used to work for MusicIP, which I believe developed the fingerprinting system MusicBrainz is using.


Thanks for the suggestion - I looked into music recognition algorithms early on but struggled to adapt them for image use. But I'll revisit them.


Are there "fuzzy" fingerprint algorithms that tolerate some variation in pixel color / hues, edges, imaging quality, etc?


There are image-representation versions of wavelets that would work well in that context, with some tolerance/quantization of the frequency representation to accommodate fuzzy edges, and likewise for nearby hues.

Perceptual color representation gets a bit harder but if you're only looking at gamut differences on cameras/screens/printed media I think it's feasible.

Alternatively, if you know a lot about the source image you can train a NN for the specific application.


Very cool. I actually learned something by reading just the abstract, which does not happen often.


I read a bit the approach but wouldn't an attacker take 1 bottle for reference and just make 1 pill with the same exact pattern?

The manufacturer wouldn't know if there are conflicts or if the user wanted to check a pill twice.


It would be pretty hard for the attacker to precisely arrange a hundred tiny sprinkles on the surface of a pill to exactly match a known-good pattern. (At least compared to just throwing a bunch of assorted sprinkles on the pill randomly and taking a photo of the result, which is what legitimate manufacturers would be doing.)


yeah, this is one common claim about sprinkles - that the pattern can't be reproduced. Is that so true? Manually, sure, probably, perhaps. But if sprinkles signing is common enough, or the attacker has enough budget - and they do - then sprinkles matching deserves a machine. A sprinkles printer.

And if you have a standard algorithm which converts a sprinkles picture or three into a hash. Then now you have a precise target for the machine to benchmark against.


I guess this would be easy to spot for the end user. Maybe the app that is used for checking the pills can alert the user if one pattern is scanned multiple times.


Showing how often an authenticity code has been checked is something manufacturers like Xiaomi do, where there's rampant counterfeiting.


I remember this and was really impressed by your approach.


If the feds ever had possession of your computer, you may as well just replace it. Why risk it. Your data should be encrypted and backed up anyway.

Now police are going to be looking for nail polish and other clues


First you need to know they had possession. If they don't want you to know, how else could you tell if not for a tamper-evident seal?


Cameras continue to shrink in size and price. TEMPEST / Van Eck phreaking can be used to detect and locate hidden cameras, https://www.usenix.org/system/files/sec24fall-prepub-357-zha...

> For all spy cameras.. raw image.. encoding and compression.. takes place in an inbuilt read-write memory whose operations cause electromagnetic radiation (EMR).. Whenever the visual scene changes, bursts of video data processing.. aggravate the memory workload, bringing responsive EMR patterns. ESauron can detect spy cameras by intentionally stimulating scene changes and then sensing the surge of EMRs.. Experiments with 50 camera products show that ESauron can detect all spy cameras with an accuracy of 100% after only 4 stimuli, the detection range can exceed 20 meters even in the presence of blockages, and all spy cameras can be accurately located.


Just from the abstract it seems like this could be defeated by spy camera manufacturers by placing a Faraday cage around the camera components. It looks like they acknowledge that under Limitations:

> The latest smartphones employ low-power DDR techniques [49][50] and integrate Faraday cages internally to mitigate electromagnetic radiation (EMR) leakage [51]. The combination of the two measures significantly increase difficulty to detect smart- phone cameras’ memory EMRs using the current ESauron prototype.


> smartphones.. integrate Faraday cages internally to mitigate.. EMR

Conductive inks can shield specific components, https://www.idtechex.com/en/research-report/conductive-ink-m...

  Spray-on inks are targeting package-level EMI shielding.. Jetted inks are also being proposed for in-package EMI isolation between individual dies in a multi-die package especially for high-frequency devices. Some suppliers propose micron-sized, prioritising cost and maturity. Flat flakes offer higher conductivity if aligned well. Others develop nano or even particle-free inks, offering the thinnest solution.. Most offer a hybrid solution, siting somewhere between full nano to full micro and full spherical to full flake.. Some.. mechanisms to fine-tune layer thickness post-deposition to locally boost performance in EMI hotspots.


On my iOS, after clicking that link you provided I immediately got a pop up I have never seen before:

“Failed to Add Pass An error occurred while adding the pass to Wallet. Please try again later.”

Brave on latest iOS. Lockdown mode enabled for 6 months.

There’s something not right about that PDF.


Looks like your OS thought it was a travel pass (but it wasn't). I think that's a buggy iOS feature, not some kind of cyber attack.


I’d say try turning on lockdown mode and opening the PDF, but just in case, maybe scan it on VirusTotal (I just did it’s first ever scan) and check out the behaviour analysis, there seems to be a lot going on compared with other PDF’s I have scanned. Dropped javascript and more.


Hmm on iOS I had no issues, but I also don’t have lockdown mode enabled


I scanned it on VirusTotal, it had never been scanned before, it isn’t picking up detected sig. But, with it’s behaviour analysis it is creeping me out. Take a look at it please… I think you will agree?

That user has been posting a lot of links to pdf’s every day hosted on wordpress platforms and more. I haven’t began scanning those yet.


PDF viewed on iOS 17.6 Safari in Lockdown mode, without error.

That's a pre-pub PDF hosted by the Usenix Security 24 conference, which takes place in two weeks. If a respected 30-year old security conference is posting hostile PDFs, that would be newsworthy.

> VirusTotal behavior analysis

What did it say exactly? Just tried a VT scan and it reported a score of 0 out of 95 (green), with zero detailed findings. That was the only/first/last submission of the URL, https://www.virustotal.com/gui/url/f7259d6da00636ec8632741d3...

> That user has been posting a lot of links to pdf’s every day hosted on wordpress platforms and more

Examples, please? I posted the Usenix Security paper. A quick scan of my submissions shows no PDFs in the last two weeks, and one other PDF in the last day, hosted on HP.com.


I’m unfortunately not able to view on desktop since I’m traveling but I’ll have to take a look upon my return tomorrow. Seems fishy the fact it was flagged with lockdown is suspicious.


Alarm bells and a half.

Looking at all the behavioural analysis on VT makes it look like malware, but considering my lockdown iOS was being weird, this PDF is making me worry that it’s some sort of cross platform malware capable of attacking both Windows and iOS - which I have never heard malware being able to do before.

I am super curious of how this PDF behaves on MacOS, Linux and Android now but it seems VT only executes it in a Windows environment.

I could be so wrong about this, but if I am not, then this would be rather serious indeed for a lot of HN users.


> then this would be rather serious indeed for a lot of HN users

It would be even more serious for the Usenix Security conference that posted the paper!


I can’t say for sure, I cannot get it to pop that same error again. I will try opening it from another iPhone with lockdown enabled later.

I wouldn’t even know where to start in looking at that PDF for some sort of iOS exploit payload, my guess is it would be extremely difficult to find (if it exists).


For the historical record, the Usenix Security paper PDF comment currently has 28 upvotes.

There is also your non-reproducible report that the PDF was incorrectly loaded as an Apple Wallet pass, which would require a web server MIME type of:

  application/vnd.apple.pkpass


On the other hand, knowing how the detection works you could shield the camera and suspend operations when significant luminance changes are detected. Cat and mouse, as usual :)


That's really cool! I wonder how soon I can buy one of these ESauron thingies.


Very interesting read, thanks for the link!


There are DoD standards for this. Mostly for SECRET level. Containers for SECRET level material are supposed to be tamper-evident, but not extremely resistant to attack. Filing cabinets must have welded and painted joints, and good locks. It's possible to pry open a secure filing cabinet, but the damage will show. See page 5.3.1 of [1].

The U.S. Navy does authorize label-type seals but rates their security as "minimal". See page 6.3 of [2]

Defense Counterintelligence Agency has some security seal guidelines.[3] Probably outdated.

There are "tamper-evident seals with residue." If you remove them, it makes a visible mess. [4] They also have bar-coded serial numbers. A well-resourced attacker with a lot of access time and a preliminary run to get a look at the seals and have duplicates made could probably remove and replace those. If you're facing that level of threat you probably shouldn't have anything of interest in an unattended laptop.

[1] https://www.nispom.org/NISPOMwithISLsMay2014.pdf

[2] https://exwc.navfac.navy.mil/Portals/88/Documents/EXWC/DoD_L...

[3] https://www.dcsa.mil/Portals/91/Documents/CTP/NAO/security_s...

[4] https://seals.com/security-tape-labels/?_bc_fsnf=1&Classific...


When the Americans secretly captured and dissembled a Soviet satellite, one of the night’s many challenges was replacing a plastic seal covering some part.

  The engine had been removed, “but its mounting brackets, as well as the fuel and oxidizer tanks, were still in place,” recalled Finer. That was when they hit a problem. The only way to see inside the machinery was to remove a four-way electrical outlet, but it was encased behind a plastic seal bearing a Soviet stamp. The team needed to leave the spacecraft exactly as they found it. But if the Soviets noticed a missing seal, the game would be up. Could they make a replacement in the middle of the night?
   … “My technicians were working all that night,” Zambernardi recalled. “That night we developed 280 photographs. We also had 60 samples of valves. We had samples of the fluid, rocketry fluid, or what have you.”
   As they put the assembly back together, the CIA car returned: inside was a perfect counterfeit Soviet seal. They could now reseal the panel and conceal their theft.
https://www.technologyreview.com/2021/01/28/1016867/lunik-ci...


What a good read!

I’d like to think that the counterfeit was the result of an early prototype of 3D printing. But in reality, it was probably the work of a mole or the office of disguise.


And now the US complains about chinese intellectual tefts. How the world turns...

> Zambernardi also controlled a team of mercenaries he called Rudos—“tough guys”—from Mexico’s corrupt and violent Federal Judicial Police. They made treasonous Americans “disappear,” according to Mexican journalist and TV personality Jaime Maussan, who interviewed Zambernardi for a 2017 book about the mission, Operación LightFire.

the extrajudicial killings of american citizens under the directions of an american institution are mentioned so casually, one is tempted to skipped them and move to the interesting part of the story.


DoE (Sandia iirc) was the premier defensive seals lab in the US but shortly after 9/11 they removed most of their open documentation from the internet.

CIA has the main seals defeat capability in USG.


If the WestWorld S3 darknet "crime app" does not already exist, it could emerge from global fusion center coopetition with organized crime, or the economics of APT actors where on-demand, competitive teams for local tampering can support multiple remote attackers. Uber-for-whatever, https://www.newsweek.com/how-close-westworlds-rico-app-techn...


My first exposure to “tamper evident” mechanisms was in an anime series called “Death Note”.

https://youtube.com/watch?v=zZBR9iQ7DRA3D

The main character has a series of mechanisms (door latch height, paper in between door and wall, mechanical pencil lead in door hinge)

One out of place tamper seal, can ignore. But all 3 broken? Someone was in the room.

Personally used the paper trick when I was young and living with parents and siblings. Would easily know when somebody entered and trifled through my things.

Also used that mechanical lead pencil trick with my “secret” drawer where I had created a false bottom lol.


If I recall, it was a bit more elaborate than that. One of the three seals was obvious and easy to restore (the paper between the door and wall). If all three were broken, it meant an unsophisticated intruder was in the room (e.g. his family members). If one of the seals was restored and the other two were broken, then it was a sophisticated intruder instead (e.g. the police).


IIRC Snowden said he used similar tricks to see if his hotel room had been searched. One was a cup of water behind the door, that would be knocked onto a tissue that he'd sketched a hard-to-reproduce drawing onto. I think he mentioned another method that I've forgotten, but the pencil lead trick sounds familiar, so that could have been it

He was also known to be into anime, so he could well have seen that scene too


I learned 2 out of 3 of these (possibly I forgot #3) from a kid book in 'how to become a spy' which I borrowed from the local library. I wasn't into literature but into informational books. I was eating all these books like crazy. There were loads of tricks in this one, including writing with milk and using lemon to make it appear. Shoe lace tricks were also there. Techniques on how to follow someone. This was at the very end of Cold War, begin 90s.

There's good podcasts out there about PIs, spies, military intelligence, and good ol' police work. So I still love the content. The last one I finished was yesterday, about the murder of Dutch politician Pim Fortuyn. The murderer, who was pretty much caught red handed, was curiously living next to a former top criminal which was omitted from the police report to protect this person against public outcry. This person a few years later happened to live near an Islamic terrorist. So the question arose if the former top criminal gave the weapon to the murderer, or whether he was an informant for the AIVD (back then BVD). Of course, the former top criminal passed away whilst the podcast was being made (classic plot twist). Regardless, a fascinating story, albeit inconclusive.


I encountered the hair trick on Ren and Stimpy...Ren's first chest hair was taped across a door or lid to show if it had been opened. Not sure why, but that left an impression on me.


I've encountered the hair trick before, which is similar


I was like "what's the hair security trick?", then proceeded to learn how tricky it is to Google for anything hair + security related, because it's flooded by wig securing techniques..

> Close your door and stick a single hair across the gap - so you will know if anyone went in.


Now your comment comes up in the first page


Haha, that is funny. Thanks for the alert :)


And this is why the new search engines like perplexity and searchgpt are going to eat google's lunch.


The hair trick can be used both by good guys and by bad guys. Recently in my country in the first page of the main newspaper it was explained that during the vacation period, people would do the hair trick on house and apartment doors, they'd then come back a few days later, in the middle of the week: if the hair is still there, then the probability that nobody shall come while they're stealing stuff inside the apartment is much bigger.


> The hair trick can be used both by good guys and by bad guys.

Duh.

Are you implying the existense of opsec-techniques that are only usably by "good guys"...?


It's funny but many people operate under this illusion that criminals don't read, or that they can only read step by step instructions that are labeled "FOR CRIME". Even laws get passed under this illusion.


I think the point is that it's used differently for criminals. The intent was to judge traffic, rather than make sure nobody tried to break in.


I was honestly surprised, that is pretty cool! Some creative ideas and very clearly explained and illustrated.


I had to disassemble our relatively new Roborock vacuum to clean it fully (it found a piece of dog waste and made a lovely mess). I removed every screw I could find and still couldn't remove the bottom cover. That's when I noticed what looked like a hole with a plastic filler, but was actually a bit of wax covering the final screw. I presume this was a simple way to determine if the device had been tampered, for warranty purposes.


Gives me memories of heating the tamper-evident sticker with a hairdryer to open up my xbox 360 so that I could flash DVD drive firmware so that I could load... backups as a child who couldn't afford games.

That xbox took forever to save for, so voiding the warranty wasn't an option. Luckily, the ole hairdryer defeated the tamper evident destruction of the sticker.

I love things like that. Microsoft pays for manufacturing of a security sticker to prevent tampering. On a device that runs a hypervisor (wild at the time) to prevent tampering.

And some dude on the internet realizes that you can just heat it up with a hair dryer and carefully peel it back with tweezers, than flash firmware to your DVD drive that reports "yep, this is an official Xbox 360 disk" to the locked-down-and-totally-secure OS.


Just a friendly reminder for everyone: in the United States, companies cannot legally void your warranty for removing "warranty void if removed" stickers or similar (like wax seals).

Companies can only void the warranty on specific items that you damage. As long as you don't damage anything when opening up electronics, ask them to put in writing why they are voiding your warranty (chances are they'll "help you just this one time" instead).

The FTC is finally cracking down on companies that use such warnings.

(Magnuson-Moss Warranty Act - same law that lets you or third parties do work on your vehicles without voiding the manufacturer warranty.)


I've seen those stickers on hard drives. I always assumed that maybe the internal mechanisms were in a vacuum or super-clean and opening the case would allow air or dust into the moving parts.


> As long as you don't damage anything when opening up electronics

Considering the nature of hard drives, I think that would fall under damage caused by opening.

My understanding is that they are not in a vacuum, but they are super-clean. The air/gas inside is an important part by preventing the read/write head from touching the platters as they rotate. If a consumer opens it up, then dust is introduced which will cause problems.


The higher-end and larger drives today are filled with helium (or vacuum in some exotic cases), and opening the case at all completely destroys the drive's ability to operate.


I'm pretty sure the helium-filled hard drives are incredibly difficult to seal, and IIRC are welded shut. I don't see how you'd open it in the first place without a dremel anyway.


Most hard drives today are ultrasonically welded shut (metal to plastic) and hermetically sealed. The helium drives are not much harder to get into than normal hard drives today. The difference in processing is actually only a few steps where they insert the helium and then close the final hole.


Wait, so if I open my MacBook it is still under warranty ?


I would love to hear more about the kind of work done by people that need this level of security.

Like is the NSA covering their laptop screws in glitter nail polish? Are covert CIA agents? SOF?

Who needs this level of secrecy that would not have the physical security in place to protect the device in the first place?


In the book, "This Is How They Tell Me the World Ends: The Cyberweapons Arms Race" or "Pegasus: How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy" (sorry, I read both recently), the author describes an incident where when she got back to her hotel room one night her door was open, the safe was open, and her laptop was laying there. She did cybersecurity reporting and wed how some governments abuse spyware to spy on their citizens.

I imagine the target audience for this type of security would be journalists and cybersecurity researchers whom governments might target. I'm sure other jobs could use this information to protect themselves better.

Large government agencies can afford to design systems that probably do not need these requirements, and they also probably wouldn't have any sensitive information on any unattended device.


At secfirst.org over the past 10+ years we've probably trained hundreds of journalists on this exact scenario and how to detect/mitigate it.


This sounds like a warning more than anything else. They are saying "we can get to you if we need to."


When a warning comes in this form it has the same implications as action. It's a distinction without a difference.


Nuclear stuff uses more mechanically robust things like solder with a wire brush run through it and photographed over screws/joints.

(Also lol I did the 2013 glitter nail polish talk w Eric Michaud. I feel old now.)


I bet some reporters, Bart Gellman, Ellen Nakashima, Jason Leopold, Kim Zetter maybe, do this kind of thing.

Anna Merlan, Tim Marchman, those 404 Media folks probably. Reporting on crime syndicates probably leads you to be paranoid.


It seems that this might blow other types of cover, though.

If the border guard notices glitter-covered screws on Ordinary Joe's laptop, that might tip off the Imperial Guards to keep a close eye on him during his stay.


That's why it is good to make general public aware of these techniques. The more people use it the better for the people who really need to use it.


If success requires getting people to care about anything at all we've already lost. Electronics should just come with tamper-evidence as a feature. They should come with these things pre-applied so that everyone has them whether they care or not. Then they can't single you out for having them.


Some HP PCs have tamper detection of cover removal, anchored in TPM and security coprocessor, http://h10032.www1.hp.com/ctg/Manual/c07055601.pdf


I run a service that needs some measure of L1 security (true randomness), and the servers that actually generate the random numbers get this sort of treatment. We get all the manufacturer's features like intrusion detection switches that tie into the TPM, but we also do some other tamper protection.

I am not going to detail everything that happens to these servers, but glitter epoxy and other annoying seals on the places the server might be accessed are some of the physical protection features.


I was in the park with some friends yesterday and we took a cooler with some ice and beers in it. Not long after we arrived a lady came over and asked if we had seen a red purse she had lost. We hadn’t, but helped look in the immediate surrounding area for a few minutes.

She asked very shyly, if it wasn’t too much trouble etc., if she could look under the cooler as well. It might sound silly but I think it was completely understandable. While unlikely, she wanted to eliminate the possibility that the purse was in our area, before moving on.

I think a lot of tamper seals are like this. If you have a leak and need to decide if it was either from an unscrupulous employee in the office or from someone else at home tampering with your laptop then being able to definitively eliminate the latter will help you focus on the other possibilities.


It's fiddly and annoying, the exact opposite of what you'd put in a movie, or even a boring novel. From my year in the (redacted) MoD, I still get bad memories of having to deal with stuff like https://www.3m.com/3M/en_US/p/d/b5005310025/ or rather the equivalent from twenty years ago... btw. is anyone working on Haven or a reboot (eg. looking at https://github.com/guardianproject/haven/issues/465)


This is not the way security works in a professional context. Did someone search my hotel room? who cares? Did someone go through my phone? who cares? The real purpose of detecting an intrusion is not to protect something there. The purpose is the detection--and you don't want an adversary to know you detected their activity. It's a test. You don't have anything in this world that you can actually protect. So the question to answer is, "Am I of interest?"


This reminds me an old James Bond movie, with Sean Connery, where he picks one of his hair, licks his sticky fingers to seal his hotel room door. It later tells him that someone entered his room.


That type of thing was pretty common in spy novels. No idea how common it was in practice.


That type of thing was pretty common in spy novels. No idea how common it was in practice.

Depends on the author.

Some authors are well-known for the thoroughness of their research. Some spy novels have been so accurate that ex-intelligence people have approached the authors to ask them how they knew certain things, and to offer them more information that would be useful for new manuscripts.


Can you give some examples of authors? I'm not a huge fan of fiction anymore really, but I think I'd enjoy a book that's decently "accurate" like that.


I have thought about this many times when thinking about the Framework Laptop. How easy it would be to swap one of the side ports with a malicious version that has something like a keylogger in it and you would never be the wiser.


Tamper-proofing those should be relatively easy with the techniques in the page at least. The difference being that someone would have to copy the whole glitter pattern to a new casing, (or open up the existing one, so you'd have to make that evident too, I'm not sure how easy to open those actually are).


Happy to see this, because this is how they (Law enforcement / intelligence agencies) do it nowadays.

Many years ago law enforcement (french DCRI now called DGSI) illegally placed a keylogger on my laptop, they placed it when I bought it online from materiel.net and placed it before I took delivery of it. it is 100% certain in my mind.

So never ever buy a laptop or hardware online if you think you might be exposed to this, buy it from a store.

I was going to build a hardware keylogger for laptops just for fun and as a proof-of-concept to show how easily this could be done.


Why do you think this was done to you?


I made a joke online that I had access to the e-mails from the ministry of justice and that I would publish all of them wikileaks style (This was back in the 2011s, 2012s era). I had indeed found a security issue but the e-mail stuff was a joke, but due to many other factors it was more than believable.

They even came to arrest me a few month later, I am not making this stuff up!

But the whole story is very crazy, I should write a complete blog post on it and what their shady techniques are.


> But the whole story is very crazy, I should write a complete blog post on it and what their shady techniques are.

Please do. If you have any new details not in the public-domain and are safely able to disclose them I am certain many other readers would be interested. :-)


I don't know who GP is but I've got in my LinkedIn contact someone I personally met who was actually spied upon by the GCHQ (or was it GCHQ + NSA? You never really know in this cases).

It was done to him simply because he's a famous belgian cryptographer.

And we're talking about people who made frontpage of mainstream media newspaper: hardly the kind of publications that shall report all the various states' wrongdoings (typically they'll instead be complicit and try to cover up misdeeds).

It's not as if these thing do not happen nor if as if there aren't persons of interests here on HN.


I find that this has much more promise than all the crap about Secure Boot and the like for the far-fetched "evil maid" scenario. NO ONE I know is going to react to Windows going batshit and requesting the Bitlocker key for no reason as "my laptop has been tampered with!". Heck, given large enough number of employees, IT has to hand out the bitlocker keys almost every day due to how frequent false positives are.

On the other hand, I'd think they'd pay attention to actual tampering evidence.


Yeah, Secure Boot/Measured Boot is also needed to resist against persistent compromise in the virtual world, which is arguably much more problematic and has a much longer history of actual application in the wild. Chromebooks for example are designed so that even with a full system wide exploit that compromises the kernel, a reboot will return the system to a consistent and uncompromised state.

(An interesting parallel is in the mobile ecosystem where things like untethered jailbreaks, i.e. persistent ones, for high end targets are nearly non-existent. Similarly, existing attacks from things like Cellebrite for high-end devices like Pixel/iPhones are generally classified in terms of things like whether they are vulnerable before or after first unlock of the device where boot chain security is strongest, and there's nearly nothing in terms of persistent compromise, downgrade/replay attacks, etc.)


Measured Boot maybe, but Secure Boot is not for that -- e.g. if your attackers can compromise your running Windows system (or e.g. your $HOME in Linux) the attack surface for spyware they can leave without any reasonable person noticing is HUGE.


> If the police

Not just the police: if your data or the data of the organization you work for is considered valuable enough[0], you also have to worry about thieves, foreign spies/saboteurs, corporate espionage, a wayward relative looking for banking passwords or Bitcoin to fund their drug/gambling habit, or a particularly obsessive ex.

[0] Mine isn't, and paranoia isn't one of my vices, so this is all academic to me.


but for most of us, it's the police (who are corrupt)


Realistically, for most of us on this forum it's not even the police.

For most of us the police where we live aren't that corrupt (though it's par for the course of internet discourse to pretend there's one monolithic "the police"), and most of us statistically speaking aren't in the minority groups that get disproportionately targeted.

If that isn't you—if police where you live and travel are corrupt or if you're a minority who gets disproportionate enforcement—then sure, it's the police.


I live in South Wales -- a few years back police officers responded to a call about a black man having a mental health crisis and choked- err, sorry, "restrained" him to death. The police in the UK (even in my specific county) have a non-zero number of tasers deployed against children under the age of 10. The state has arrested people for speaking against Israel.

If our police are corrupt (they most certainly are), then it is entirely certain that the police in America, with a much worse record of abuses, is corrupt too.


> entirely certain that the police in America, with a much worse record of abuses

The fundamental misunderstanding that is unfortunately quite the norm in internet discourse is the idea that America has a police force. It does not. The US has a bewildering array of about 18000 federal, state, county, and local police forces that operate independently, have varying degrees of accountability to entirely different governments, and can't really be spoken about in aggregate without severely oversimplifying things.

Of course, that doesn't stop people from trying to do so anyway, which is how you get comments like this where people generalize their own experience with a different country's police force on a different continent and then assume from media coverage alone that "America's" is obviously worse.


I think you’re parsing “the” too literally - plenty of Americans would say the same thing verbatim, too, without literally assuming the existence of one police force. Broad generalizations about American policing are reasonable - that’s why we can talk about “police reform”, and why the Fraternal Order of Police exists as an American organization. (I say this as a resident of a bright blue city with a police department under a federal consent decree, and with a police union founded by a card carrying white supremacist… who is perfectly capable of distinguishing that from ICE and BORTAC.)


> plenty of Americans would say the same thing verbatim, too, without literally assuming the existence of one police force

They're also wrong to do so, because police forces vary widely by jurisdiction and cannot be generalized. I don't only object to people from other countries doing it, it's just particularly uninformed when they do.

I say this as a resident of a small city with a police force that has never had any controversy whatsoever, but whose officers feel acutely the generalized hatred directed at everyone in blue that has become vogue in a large segment of the country.

Just because your police forces are awful doesn't mean they all are.


> Just because your police forces are awful doesn't mean they all are.

And the corollary is "Just because your police force is good, doesn't mean they all are", surely?


Most definitely!

I'm making no claims about the quality of any police force in particular other than the one in my city. I'm only arguing that you can't generize from one to all and that the widespread criticism of "the police" without specifying which department or agency you're talking about is both imprecise and harmful.


What this all has in common is no one is engaging in a complex personal surveillance enterprise to target you, because they don't need to.

It's not even a $5 wrench scenario, because they don't care: the point of jack booted thugs is you simply apply force to every problem and potential problem, and dare anyone to stop you.


Yeah. If you've drawn the unfavorable attention of the police (which I'm aware isn't difficult in many cases), it's extremely unlikely any of them are thinking "let's painstakingly disassemble and reassemble this guy's laptop!" But like I said upthread, there are still several plausible reasons why you might want to secure your hardware (and the threat of arbitrary police surveillance still isn't zero).

But on another note, in many countries (where digital privacy isn't already illegal) law enforcement is pushing for encryption backdoors and the like, so that kind of wiretapping will be their go-to, and in the police's ideal world they will simply be able to remotely log in to any phone, operating system, or CPU firmware and rummage around to their heart's content.

Until that comes to pass (heaven forbid), I doubt they will usually make the effort to check anyone's screws for nail polish. They're all about the brute force.

> It's not even a $5 wrench scenario

It's a $0 "type in your password or we're sticking you in a cell and leaving for the weekend" scenario.


> It's a $0 "type in your password or we're sticking you in a cell and leaving for the weekend" scenario.

Missing the point: the point is - they're not listening at all. They don't care. You're not a problem to be taken seriously and carefully investigated. You're going to be stuck in the cell and forgotten about anyway. Your equipment will be destroyed. No one is looking.


Corrupt police are often motivated by money, so the scenario could be: "we overheard you talking about transferring money/cryptocurrency/whatever and we are confiscating it, gives us access or else".

My point in starting this thread wasn't that the police are evil/misunderstood/chaotic-neutral, it was that the threat model here shouldn't be solely about one kind of adversary.


None of the above are examples of corruption? Corruption means being dishonest for personal gain. Do you think they're being paid to taser kids?

The above just sound like outlying bad examples of millions of humans in stressful situations, many times every day.


I live in Germany, where it's illegal to not support Israel, and police have raided the homes of non-Israel-supporters. It's not likely - it only happened a few times - but it's possible, and protecting yourself is only moderately paranoid.


> Germany, where it's illegal to not support Israel

*citation needed*



Op-Eds aren’t generally considered legally enforceable.


No, thieves are still way more common than corrupt police, particularly in high-income western countries.


I wonder if the colourful lentils trick could be bypassed by a 3D printer that recreates the pattern. This seems in range for a state actor. Or maybe even a hobbyist with lots of time.


Presumably you can't 3d print a lentil though.

Could do something like a robotic arm style of device which carefully places each color though.


Yeah, I obviously didn't mean printing lentils, more like printing the pattern with the lentils.


Ideally for transit you vaccum seal it. Then they can't 100% predict how the beans will shift undergoing the compression.


If this topic is a serious concern in your threat modeling, then this is a far better solution than glitter nail polish, and also doubles as a digital identity signature:

https://dustidentity.com/

I'm looking at using this for certain shipping and packaging needs.


https://builtin.com/hardware/dust-identity-supply-chain-secu...

> A dust of nanoscale diamonds, blended with one of several possible polymers, is applied to a part or component. Thousands of randomly distributed crystals create a distinct fingerprint, which can’t be reverse-engineered or cloned.. identification is informed not only by the position of each crystal, but also the orientation of each crystal in relation to all the others.. number of possible distinct fingerprints: more than 10^230.. the dust comes from engineered, nitrogen-vacancy diamonds, in which some carbon atoms are replaced with nitrogen ones.. "The random nature of how [nanocrystals] fall, roll and tumble creates a fingerprint that is unique in the universe.”


The problem with this technique is that now you have to inspect the seal every time you leave your laptop unattended.


I think that's quite obvious. You say that as if there were alternatives.

Are there any other, more convenient techniques to defend against evil maid attacks?


Thinkpads have a little switch under the bottom cover that will get flipped up when the cover is removed. There is a BIOS setting to require a password whenever this switch is toggled. When combined with signed BIOS updates it seems like it would be hard to bypass on a short term (like an actual "evil maid" attack).


In the most extreme case, the evil maid replaces your laptop with an exact replica that does nothing more than somehow bridge USB devices via radio to the original to take care of keyboard input and the smart card. Sounds like paranoid scifi, sure, and you can debate how unlikely that is and then go ahead and accept that risk, but the random mosaic actually protects against that, while all other suggestions I have heard so far do not.

Edit: Also, even though we have been discussing only computers so far, the random mosaic method can protect anything. The top level comment shows how a similar approach can be used in pharmacology.


Make the BIOS run a checksum of all the hardware.

Automatically clear some memory when the laptop is opened so the BIOS can tell.

Put important parts inside an epoxy. Add some transformer wire in the epoxy that will break when somebody tries to tamper with it.

I'm not trying to be exhaustive. But stuff like that.


You cannot trust the BIOS after an evil maid attack. And there can be sniffers on the physical layer inside the laptop.


DRTM, SMM attestation and remote attestation have evil maid attacks in their threat model, with a firmware TPM or SoC enclave that isn't subject to mitm.

Password keystroke surveillance (from sniffer, optical cameras or RF WiFi Sensing) can be mitigated by removable 2FA/smartcard.

TEMPEST info leakage from displays, components or RF implants can be measured, as SDRs and machine learning lower decoding costs, https://news.ycombinator.com/item?id=41116682

Some enterprise PCs can detect when the case cover is opened, e.g. http://h10032.www1.hp.com/ctg/Manual/c07055601.pdf


All of those really reduce the risk. But I wouldn't trust them to be able to stop the CIA, KGB, or whatever the Chinese equivalent is.


Nation-state attackers can afford to exploit zero-day vulnerabilities that bypass OS security protections.


Ok, you can make every chip/device communicate with each other using some challenge-response authentication.


Acknowledging that security and convenience are inversely proportional I like the products from this company, they specialize in cash/bank/legal document protection bags that are easy to use without taking additional effort.

https://arifkin.com/

A locking briefcase (a cylinder key lock with 7 pins? - not sure of the correct terminology here)) may not stop an expert locksmith, but otherwise you can tell if the contents have been accessed. I have a fabric one (heavy duty fabric, cannot be torn by hand) with a zipper that is locked by key. I keep my notebook computer in it when I travel, either in the trunk of my car or my hotel room.

Or, when I took a multi-day train trip a few years ago, every time I had to leave my "roomette" (open access) and travel a few train cars away for a meal or sightseeing, I made sure the laptop was in the locked briefcase.


Tamper proof screws, but do you check underneath your laptop every time you went away for a few minutes?


If you are paranoid/targeted you just normally don't leave it, just always take it with you.


I remember reading an article from MIT earlier this year where they deposited metallic particles into adhesive of an id tag and registered the unique dispertion of the metallic particles as a way to verify a genuine or fake product https://news.mit.edu/2024/tiny-tamper-proof-id-tag-can-authe...


Yes. It's a good idea.

However it's worth not also gaining a false sense of security vs. state actors who buy software and hardware exploits from shops like Zerodium generally don't always require intrusive physical access to implant malware or extract information, or who use the local carriers to do the dirty work for them.


https://archive.ph/sNJgw (page hugged to death?)


Ctrl F tamper tape

amazon dot com tamper tape

You can't open the case in a way that doesn't make it obvious it was opened.


I always wondered what prevents the "red team" from ordering the same tape from amazon and reapplying it in the end. I suppose you can sign it, but that has dubious security. Am I missing something?


That's the exact reason why techniques based on hard to duplicate random patterns exist. Anyone can buy off the shelf tamper resistance seals, they mostly work against unsophisticated attacker. Better ones have a serial number, which mitigates this problem. Although you still have to trust the manufacturer (or different factory) will not produce a custom order with whatever serial numbers you want (especially in case of state level threats), or simply reusing serial numbers due to poor practices and simply not caring about effectivity of their security product, which as shown by physical lock manufacturers isn't rare. On more problem with off the shelf tamper seals is that attacker can buy analyze and practice bypassing/reapplying them. I guess you could also have the random pattern embedded within tamper seals thus giving better duplicate protection compared to serial number, not sure how much tamper seals have this feature.


Not to defend the tapes, but typical use case of holo tape is to make your own pattern, which comes with big setup cost and small marginal cost of production, so it's not economically feasible/reasonable to copy it for one-off stunt.


I'm sure we've come a long way since the Xbox 360, but I trivially defeated the tamper tape in mine with my moms hairdryer.


Tapes/stickers are relatively easy to bypass without being evident.


"As anarchists, we must defend ourselves against police and intelligence agencies that conduct targeted digital surveillance for the purposes of incrimination and network mapping." (https://www.anarsec.guide/recommendations/)

I wonder who the anarchists are that are afraid of "incrimination and network mapping" and what it is they're doing them that makes them afraid of that


Even organizing a labor union to strike can get you targeted by cops or even killed in some countries...


For “anarchists”, read “Chinese/Russian dissidents”. How about that?


The point of anarchists is that states are evil. If they want to do something about that, that means the state should be undermined to free it's subjects. That means attacking the state apparatus, which usually sees a very strong response from the security services.

In general one of the defining features of a state is a monopoly on legitimate violence. It stands to reason that challenging a state then involves violence, and sees violence used in retribution.


It's a big leap from thinking there shouldn't be states to undermining them through direct attacks; there aren't many of those, I think. But it is true that security services frequently overstep their boundaries, and that not all countries have proper guarantees during a judicial process, so even innocent anarchists may have something to fear.


“It's not that I have anything to hide, I simply have nothing I want you to see.”




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: