Next on the market: Tamper-evident Glyptal (since one of the many uses of that insulating varnish is to secure screws/trimpots/etc. against vibration).
Seriously, this is a clever off-label use.
Wouldn’t a tampering party simply peel back a sticker and replace it (maybe with a shot of glue to help it stick like new)? Peeling off stickers without damaging them is an art (hint: don’t use just your fingernail), but it’s hardly impossible.
The glitter nailpolish seems like a cooler idea, although it’s going to hurt repairability when all of your screwheads are filled in with acrylic. It also doesn’t help against USB stack injection attacks, but you would have to be Osama Bin Laden’s resurrected zombie to warrant that level of attack.
Honestly, just filling in all of the screwheads on your box with epoxy is already pretty good tamper resistance.
As a 16 year old at Arlec in the 1980s I used nail polish for this purpose while assembling light dimmers. It seemed to have been part of their production process for decades.
Not really. The nice thing about acrylic, as us ex-electronic-tech types remember, is that it doesn’t adhere unreasonably to metal and is fairly brittle; you can chip it free fairly easily when you need to. (At least that’s true on normal-sized screws with traditional heads; dunno about the tiny stuff.)
If it bothers you, slap a tamper-evident label over the opening and then paint the randomizer across that…?
Well, they’d have to put it in the microwave with a glass of water. That would probably damage the electronics.
If it’s just nail polish, then presumably a Q-tip with nail polish remover should deal with that if you need to open it yourself.
I remember reading decades ago that this method was used to ID warheads. They used to then photograph the glittery resin from multiple light directions because even if you could imitate the placement of every flake of glitter you’d never match their orientations.
It should be great against tampering on a workplace/school or other places where your devices and everything are subject to common-men law, but why would any border agent care to disguise their tampering? It seems this has just been deemed legal. You’d probably complain and be received with a shrug.
A little acetone won’t hurt your computer, if you keep it off the plastic parts and the screen.
One major motive for tampering with something is to plant a bug (hardware, software, firmware or some combination) on it. The longer a bugged device continues to be used normally, the more valuable the data likely to be revealed.
It isn’t about redress, because you aren’t getting any, it’s about whether or not you end up unknowingly continuing to use a device with a keylogger, screen scraper, or other nasty embedded.
Once upon a time, these measures only made sense if you were a member of the tin foil hat brigade. I can’t believe it has come to this.
I think that believing the British royal family to be reptoids, or that US highway signs have secret markings to guide the satanic UN NWO/ZOG occupation forces is still safe territory for certifiable nutcases; but they’ve really been chiseling away at it…
You are correct, but from what we’ve seen so far, the NSA has the bugs delivered off-the-shelf (funny, you probably even pay for them).
But it should be a good measure when entering non-aligned spy countries that don’t subscribe to NSA reports.
We know that they intercept-and-tamper orders made by high-priority customers. No word at present on hardware more generally. I, for one, don’t exactly trust a gigantic blob like the UEFI firmware; but I’d also suspect that the NSA doesn’t want any really good tricks getting baked into every $80 motherboard shipped worldwide. The little people are already 0wned to hell and back through the online service providers, so wasting good hardware/firmware exploits on them seems a touch… prodigal.
It’s possible that I’m too optimistic, and they really have that many subtle exploits available that they can afford to splurge; but their deployments are presumably counterbalanced by a desire not to have 3rd party security researchers or hostile governments discover their exploits, which is something that becomes much more likely the more widely they are deployed.
This topic was automatically closed after 5 days. New replies are no longer allowed.
