#1 By: Cory Doctorow, December 31st, 2013 16:01
#2 By: technogeek, December 31st, 2013 16:17
Next on the market: Tamper-evident Glyptal (since one of the many uses of that insulating varnish is to secure screws/trimpots/etc. against vibration).
Seriously, this is a clever off-label use.
#3 By: Jason Andresen, December 31st, 2013 16:39
Wouldn't a tampering party simply peel back a sticker and replace it (maybe with a shot of glue to help it stick like new)? Peeling off stickers without damaging them is an art (hint: don't use just your fingernail), but it's hardly impossible.
The glitter nailpolish seems like a cooler idea, although it's going to hurt repairability when all of your screwheads are filled in with acrylic. It also doesn't help against USB stack injection attacks, but you would have to be Osama Bin Laden's resurrected zombie to warrant that level of attack.
Honestly, just filling in all of the screwheads on your box with epoxy is already pretty good tamper resistance.
#4 By: Michael Smith, December 31st, 2013 17:01
As a 16 year old at Arlec in the 1980s I used nail polish for this purpose while assembling light dimmers. It seemed to have been part of their production process for decades.
#5 By: technogeek, December 31st, 2013 18:27
Not really. The nice thing about acrylic, as us ex-electronic-tech types remember, is that it doesn't adhere unreasonably to metal and is fairly brittle; you can chip it free fairly easily when you need to. (At least that's true on normal-sized screws with traditional heads; dunno about the tiny stuff.)
If it bothers you, slap a tamper-evident label over the opening and then paint the randomizer across that...?
#6 By: retchdog, December 31st, 2013 18:50
Well, they'd have to put it in the microwave with a glass of water. That would probably damage the electronics.
#7 By: adonai, December 31st, 2013 18:54
If it's just nail polish, then presumably a Q-tip with nail polish remover should deal with that if you need to open it yourself.
#8 By: digitalArtform, December 31st, 2013 19:47
I remember reading decades ago that this method was used to ID warheads. They used to then photograph the glittery resin from multiple light directions because even if you could imitate the placement of every flake of glitter you'd never match their orientations.
#9 By: Sigmund, January 1st, 2014 15:23
It should be great against tampering on a workplace/school or other places where your devices and everything are subject to common-men law, but why would any border agent care to disguise their tampering? It seems this has just been deemed legal. You'd probably complain and be received with a shrug.
#10 By: Rob, January 1st, 2014 19:36
A little acetone won't hurt your computer, if you keep it off the plastic parts and the screen.
#11 By: fuzzyfuzzyfungus, January 2nd, 2014 06:34
One major motive for tampering with something is to plant a bug (hardware, software, firmware or some combination) on it. The longer a bugged device continues to be used normally, the more valuable the data likely to be revealed.
It isn't about redress, because you aren't getting any, it's about whether or not you end up unknowingly continuing to use a device with a keylogger, screen scraper, or other nasty embedded.
#12 By: PrometheanSky, January 2nd, 2014 09:14
Once upon a time, these measures only made sense if you were a member of the tin foil hat brigade. I can't believe it has come to this.
#13 By: fuzzyfuzzyfungus, January 2nd, 2014 12:47
I think that believing the British royal family to be reptoids, or that US highway signs have secret markings to guide the satanic UN NWO/ZOG occupation forces is still safe territory for certifiable nutcases; but they've really been chiseling away at it...
#14 By: Sigmund, January 2nd, 2014 13:00
You are correct, but from what we've seen so far, the NSA has the bugs delivered off-the-shelf (funny, you probably even pay for them).
But it should be a good measure when entering non-aligned spy countries that don't subscribe to NSA reports.
#15 By: fuzzyfuzzyfungus, January 2nd, 2014 13:26
We know that they intercept-and-tamper orders made by high-priority customers. No word at present on hardware more generally. I, for one, don't exactly trust a gigantic blob like the UEFI firmware; but I'd also suspect that the NSA doesn't want any really good tricks getting baked into every $80 motherboard shipped worldwide. The little people are already 0wned to hell and back through the online service providers, so wasting good hardware/firmware exploits on them seems a touch... prodigal.
It's possible that I'm too optimistic, and they really have that many subtle exploits available that they can afford to splurge; but their deployments are presumably counterbalanced by a desire not to have 3rd party security researchers or hostile governments discover their exploits, which is something that becomes much more likely the more widely they are deployed.
#16 By: Cory Doctorow, January 5th, 2014 16:01
This topic was automatically closed after 5 days. New replies are no longer allowed.