[HN Gopher] Make your electronics tamper-evident
___________________________________________________________________
Make your electronics tamper-evident
Author : walterbell
Score : 86 points
Date : 2024-08-03 19:25 UTC (3 hours ago)
(HTM) web link (www.anarsec.guide)
(TXT) w3m dump (www.anarsec.guide)
| bdcravens wrote:
| I had to disassemble our relatively new Roborock vacuum to clean
| it fully (it found a piece of dog waste and made a lovely mess).
| I removed every screw I could find and still couldn't remove the
| bottom cover. That's when I noticed what looked like a hole with
| a plastic filler, but was actually a bit of wax covering the
| final screw. I presume this was a simple way to determine if the
| device had been tampered, for warranty purposes.
| meowster wrote:
| Just a friendly reminder for everyone: in the United States,
| companies cannot legally void your warranty for removing
| "warranty void if removed" stickers or similar (like wax
| seals).
|
| Companies can only void the warranty on specific items that you
| damage. As long as you don't damage anything when opening up
| electronics, ask them to put in writing why they are voiding
| your warranty (chances are they'll "help you just this one
| time" instead).
|
| The FTC is finally cracking down on companies that use such
| warnings.
|
| (Magnuson-Moss Warranty Act - same law that lets you or third
| parties do work on your vehicles without voiding the
| manufacturer warranty.)
| wgrover wrote:
| Here's some work I did a couple years ago using some of these
| principles to fight counterfeit medicines:
| https://www.nature.com/articles/s41598-022-11234-4
|
| A side note: I think there's an unmet need for algorithms that
| can convert photos of these random patterns into text (or
| something similar) that can be stored in a database and searched
| quickly for matching patterns. I've tried image similarity
| algorithms like the ones used by e.g. Google Reverse Image
| Search, but they seem poorly suited for this task. I ended up
| writing my own crude algorithm in the paper above that converts a
| pattern into a set of strings, and it works OK, but surely there
| are better ways to do this.
| twerkmonsta wrote:
| Very cool! This seems almost like physical cryptography. Maybe
| there is a better term for it, but I'd be very interested in
| other work along these lines.
| wgrover wrote:
| Thanks! There are related structures in electronic circuits
| called physical unclonable functions (PUFs) that find uses in
| cryptography - you might find them interesting:
| https://en.wikipedia.org/wiki/Physical_unclonable_function
| walterbell wrote:
| A university spinoff using the interaction between RF and
| nearby devices, https://www.physec.de/en
|
| https://www.sciencedirect.com/journal/computer-
| networks/vol/...
|
| _> We describe the first MITM-resistant device pairing
| protocol purely based on a single wireless interface with an
| extensive adversarial model and protocol analysis. We show
| that existing wireless devices can be retro-fitted with the
| VP protocol via software updates, i.e. without changes to the
| hardware._
| the_svd_doctor wrote:
| Very cool. I actually learned something by reading just the
| abstract, which does not happen often.
| twerkmonsta wrote:
| I would love to hear more about the kind of work done by people
| that need this level of security.
|
| Like is the NSA covering their laptop screws in glitter nail
| polish? Are covert CIA agents? SOF?
|
| Who needs this level of secrecy that would not have the physical
| security in place to protect the device in the first place?
| bediger4000 wrote:
| I bet some reporters, Bart Gellman, Ellen Nakashima, Jason
| Leopold, Kim Zetter maybe, do this kind of thing.
|
| Anna Merlan, Tim Marchman, those 404 Media folks probably.
| Reporting on crime syndicates probably leads you to be
| paranoid.
| dotancohen wrote:
| It seems that this might blow other types of cover, though.
|
| If the border guard notices glitter-covered screws on Ordinary
| Joe's laptop, that might tip off the Imperial Guards to keep a
| close eye on him during his stay.
| praptak wrote:
| That's why it is good to make general public aware of these
| techniques. The more people use it the better for the people
| who really need to use it.
| matheusmoreira wrote:
| If success requires getting people to care about anything
| at all we've already lost. Electronics should just come
| with tamper-evidence as a feature. They should come with
| these things pre-applied so that _everyone_ has them
| whether they care or not. Then they can 't single you out
| for having them.
| walterbell wrote:
| Some HP PCs have tamper detection of cover removal,
| anchored in TPM and security coprocessor,
| http://h10032.www1.hp.com/ctg/Manual/c07055601.pdf
| arkwin wrote:
| In the book, "This Is How They Tell Me the World Ends: The
| Cyberweapons Arms Race" or "Pegasus: How a Spy in Your Pocket
| Threatens the End of Privacy, Dignity, and Democracy" (sorry, I
| read both recently), the author describes an incident where
| when she got back to her hotel room one night her door was
| open, the safe was open, and her laptop was laying there. She
| did cybersecurity reporting and wed how some governments abuse
| spyware to spy on their citizens.
|
| I imagine the target audience for this type of security would
| be journalists and cybersecurity researchers whom governments
| might target. I'm sure other jobs could use this information to
| protect themselves better.
|
| Large government agencies can afford to design systems that
| probably do not need these requirements, and they also probably
| wouldn't have any sensitive information on any unattended
| device.
| BadHumans wrote:
| This sounds like a warning more than anything else. They are
| saying "we can get to you if we need to."
| daniel_reetz wrote:
| When a warning comes in this form it has the same
| implications as action. It's a distinction without a
| difference.
| secfirstmd wrote:
| At secfirst.org over the past 10+ years we've probably
| trained hundreds of journalists on this exact scenario and
| how to detect/mitigate it.
| wonder_bread_29 wrote:
| This is not the way security works in a professional context.
| Did someone search my hotel room? who cares? Did someone go
| through my phone? who cares? The real purpose of detecting an
| intrusion is not to protect something there. The purpose is the
| detection--and you don't want an adversary to know you detected
| their activity. It's a test. You don't have anything in this
| world that you can actually protect. So the question to answer
| is, "Am I of interest?"
| amelius wrote:
| The problem with this technique is that now you have to inspect
| the seal every time you leave your laptop unattended.
| mr_mitm wrote:
| I think that's quite obvious. You say that as if there were
| alternatives.
|
| Are there any other, more convenient techniques to defend
| against evil maid attacks?
| amelius wrote:
| Make the BIOS run a checksum of all the hardware.
|
| Automatically clear some memory when the laptop is opened so
| the BIOS can tell.
|
| Put important parts inside an epoxy. Add some transformer
| wire in the epoxy that will break when somebody tries to
| tamper with it.
|
| I'm not trying to be exhaustive. But stuff like that.
| mr_mitm wrote:
| You cannot trust the BIOS after an evil maid attack. And
| there can be sniffers on the physical layer inside the
| laptop.
| walterbell wrote:
| DRTM, SMM attestation and remote attestation have evil
| maid attacks in their threat model, with a firmware TPM
| or SoC enclave that isn't subject to mitm.
|
| Password keystroke surveillance (from sniffer, optical
| cameras or RF WiFi Sensing) can be mitigated by removable
| 2FA/smartcard.
|
| TEMPEST info leakage from displays, components or RF
| implants can be measured, as SDRs and machine learning
| lower decoding costs,
| https://news.ycombinator.com/item?id=41116682
|
| Some enterprise PCs can detect when the case cover is
| opened, e.g.
| http://h10032.www1.hp.com/ctg/Manual/c07055601.pdf
| BadHumans wrote:
| I have thought about this many times when thinking about the
| Framework Laptop. How easy it would be to swap one of the side
| ports with a malicious version that has something like a
| keylogger in it and you would never be the wiser.
| gary_0 wrote:
| > If the police
|
| Not just the police: if your data or the data of the organization
| you work for is considered valuable enough[0], you also have to
| worry about thieves, foreign spies/saboteurs, corporate
| espionage, a wayward relative looking for banking passwords or
| Bitcoin to fund their drug/gambling habit, or a particularly
| obsessive ex.
|
| [0] Mine isn't, and paranoia isn't one of my vices, so this is
| all academic to me.
| immibis wrote:
| but for most of us, it's the police (who are corrupt)
| lolinder wrote:
| Realistically, for most of us on this forum it's not even the
| police.
|
| For most of us the police where we live _aren 't_ that
| corrupt (though it's par for the course of internet discourse
| to pretend there's one monolithic "the police"), and most of
| us statistically speaking aren't in the minority groups that
| get disproportionately targeted.
|
| If that isn't you--if police where you live and travel _are_
| corrupt or if you 're a minority who gets disproportionate
| enforcement--then sure, it's the police.
| immibis wrote:
| I live in Germany, where it's illegal to not support
| Israel, and police have raided the homes of non-Israel-
| supporters. It's not likely - it only happened a few times
| - but it's possible, and protecting yourself is only
| moderately paranoid.
| fao_ wrote:
| I live in South Wales -- a few years back police officers
| responded to a call about a black man having a mental
| health crisis and choked- err, sorry, "restrained" him to
| death. The police in the UK (even in my specific county)
| have a non-zero number of tasers deployed against children
| under the age of 10. The state has arrested people for
| speaking against Israel.
|
| If our police are corrupt (they most certainly are), then
| it is entirely certain that the police in America, with a
| much worse record of abuses, is corrupt too.
| lolinder wrote:
| > entirely certain that the police in America, with a
| much worse record of abuses
|
| The fundamental misunderstanding that is unfortunately
| quite the norm in internet discourse is the idea that
| America has a police force. It does not. The US has a
| bewildering array of about 18000 federal, state, county,
| and local police forces that operate independently, have
| varying degrees of accountability to entirely different
| governments, and can't really be spoken about in
| aggregate without severely oversimplifying things.
|
| Of course, that doesn't stop people from trying to do so
| anyway, which is how you get comments like this where
| people generalize their own experience with a _different
| country 's_ police force on a _different continent_ and
| then assume from media coverage alone that "America's"
| is obviously worse.
| kube-system wrote:
| No, thieves are still way more common than corrupt police,
| particularly in high-income western countries.
| xyst wrote:
| My first exposure to "tamper evident" mechanisms was in an anime
| series called "Death Note".
|
| https://youtube.com/watch?v=zZBR9iQ7DRA3D
|
| The main character has a series of mechanisms (door latch height,
| paper in between door and wall, mechanical pencil lead in door
| hinge)
|
| One out of place tamper seal, can ignore. But all 3 broken?
| Someone was in the room.
|
| Personally used the paper trick when I was young and living with
| parents and siblings. Would easily know when somebody entered and
| trifled through my things.
|
| Also used that mechanical lead pencil trick with my "secret"
| drawer where I had created a false bottom lol.
| metadat wrote:
| I was honestly surprised, that is pretty cool! Some creative
| ideas and very clearly explained and illustrated.
| fao_ wrote:
| I've encountered the hair trick before, which is similar
| praptak wrote:
| I wonder if the colourful lentils trick could be bypassed by a 3D
| printer that recreates the pattern. This seems in range for a
| state actor. Or maybe even a hobbyist with lots of time.
| Animats wrote:
| There are DoD standards for this. Mostly for SECRET level.
| Containers for SECRET level material are supposed to be tamper-
| evident, but not extremely resistant to attack. Filing cabinets
| must have welded and painted joints, and good locks. It's
| possible to pry open a secure filing cabinet, but the damage will
| show. See page 5.3.1 of [1].
|
| The U.S. Navy does authorize label-type seals but rates their
| security as "minimal". See page 6.3 of [2]
|
| Defense Counterintelligence Agency has some security seal
| guidelines.[3] Probably outdated.
|
| There are "tamper-evident seals with residue." If you remove
| them, it makes a visible mess. [4] They also have bar-coded
| serial numbers. A well-resourced attacker with a lot of access
| time and a preliminary run to get a look at the seals and have
| duplicates made could probably remove and replace those. If
| you're facing that level of threat you probably shouldn't have
| anything of interest in an unattended laptop.
|
| [1] https://www.nispom.org/NISPOMwithISLsMay2014.pdf
|
| [2]
| https://exwc.navfac.navy.mil/Portals/88/Documents/EXWC/DoD_L...
|
| [3]
| https://www.dcsa.mil/Portals/91/Documents/CTP/NAO/security_s...
|
| [4] https://seals.com/security-tape-
| labels/?_bc_fsnf=1&Classific...
| 0cf8612b2e1e wrote:
| When the Americans secretly captured and dissembled a Soviet
| satellite, one of the night's many challenges was replacing a
| plastic seal covering some part. The engine had
| been removed, "but its mounting brackets, as well as the fuel
| and oxidizer tanks, were still in place," recalled Finer. That
| was when they hit a problem. The only way to see inside the
| machinery was to remove a four-way electrical outlet, but it
| was encased behind a plastic seal bearing a Soviet stamp. The
| team needed to leave the spacecraft exactly as they found it.
| But if the Soviets noticed a missing seal, the game would be
| up. Could they make a replacement in the middle of the night?
| ... "My technicians were working all that night," Zambernardi
| recalled. "That night we developed 280 photographs. We also had
| 60 samples of valves. We had samples of the fluid, rocketry
| fluid, or what have you." As they put the assembly back
| together, the CIA car returned: inside was a perfect
| counterfeit Soviet seal. They could now reseal the panel and
| conceal their theft.
|
| https://www.technologyreview.com/2021/01/28/1016867/lunik-ci...
| tg180 wrote:
| What a good read!
|
| I'd like to think that the counterfeit was the result of an
| early prototype of 3D printing. But in reality, it was
| probably the work of a mole or the office of disguise.
| rdl wrote:
| DoE was the premier defensive seals lab in the US but shortly
| after 9/11 they removed most of their open documentation from
| the internet.
|
| CIA has the main seals defeat capability in USG.
| llsf wrote:
| This reminds me an old James Bond movie, with Sean Connery, where
| he picks one of his hair, licks his sticky fingers to seal his
| hotel room door. It later tells him that someone entered his
| room.
| ghaff wrote:
| That type of thing was pretty common in spy novels. No idea how
| common it was in practice.
| walterbell wrote:
| Cameras continue to shrink in size and price. TEMPEST / Van Eck
| phreaking can be used to detect and locate hidden cameras,
| https://www.usenix.org/system/files/sec24fall-prepub-357-zha...
|
| _> For all spy cameras.. raw image.. encoding and compression..
| takes place in an inbuilt read-write memory whose operations
| cause electromagnetic radiation (EMR).. Whenever the visual scene
| changes, bursts of video data processing.. aggravate the memory
| workload, bringing responsive EMR patterns. ESauron can detect
| spy cameras by intentionally stimulating scene changes and then
| sensing the surge of EMRs.. Experiments with 50 camera products
| show that ESauron can detect all spy cameras with an accuracy of
| 100% after only 4 stimuli, the detection range can exceed 20
| meters even in the presence of blockages, and all spy cameras can
| be accurately located._
___________________________________________________________________
(page generated 2024-08-03 23:00 UTC)