Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-08-01 19:06:06 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix notrace.how footnotes

Browse source
This commit is contained in:
anarsec 2024-04-15 21:38:33 +00:00
parent cba3b08223
commit 3c2946baac
No known key found for this signature in database
8 changed files with 27 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

6
content/posts/tamper/index.md
View file

@ -14,14 +14,14 @@ a4="tamper-a4.pdf"
letter="tamper-letter.pdf"
+++
If the police ever have [physical access](/glossary/#physical-attacks) to an electronic device like a laptop, even [for five minutes](https://www.vice.com/en/article/a3q374/hacker-bios-firmware-backdoor-evil-maid-attack-laptop-5-minutes), they can install hardware keyloggers, create images of the storage media, or otherwise trivially compromise it at the hardware, firmware, or software level. One way to minimize this risk is to make devices tamper-evident. As the No Trace Project Threat Library [notes](https://www.notrace.how/threat-library/mitigations/tamper-evident-preparation.html), "Tamper-evident preparation will make it possible to discern when something has been [physically accessed](/glossary/#physical-attacks) — it's not possible to prevent a powerful enemy from obtaining physical access to your computer when you are away, but it should be possible to detect when they do."
If the police ever have [physical access](/glossary/#physical-attacks) to an electronic device like a laptop, even [for five minutes](https://www.vice.com/en/article/a3q374/hacker-bios-firmware-backdoor-evil-maid-attack-laptop-5-minutes), they can install hardware keyloggers, create images of the storage media, or otherwise trivially compromise it at the hardware, firmware, or software level. One way to minimize this risk is to make devices tamper-evident. As the No Trace Project Threat Library [notes](https://notrace.how/threat-library/mitigations/tamper-evident-preparation.html), "Tamper-evident preparation will make it possible to discern when something has been [physically accessed](/glossary/#physical-attacks) — it's not possible to prevent a powerful enemy from obtaining physical access to your computer when you are away, but it should be possible to detect when they do."
<!-- more -->
['Evil maid' attacks](https://en.wikipedia.org/wiki/Evil_maid_attack) work like this: An attacker gains temporary access to your [encrypted](/glossary/#encryption) laptop or phone. Although they cant decrypt your data, they can tamper with your laptop for a few minutes and then leave it exactly where they found it. When you return and enter your credentials, you have been hacked. The attacker may have [modified data on your hard drive](https://media.ccc.de/v/gpn20-32-poc-implementing-evil-maid-attack-on-encrypted-boot), replaced the firmware, or installed a hardware component such as a keylogger.
# Tamper-Evident Laptop Screws
Let's start with your laptop. For a seal to effectively alert you to intruders, it must be impossible to remove and replace without leaving a trace, and it must also be unique—otherwise, the adversary could simply replicate the seal and youd never know theyd been there. Glitter nail polish creates a unique pattern that is impossible to replicate, and if you take a photo of this pattern, you can use it to verify that the nail polish has not been removed and reapplied in your absence, such as during a [covert house search](https://www.notrace.how/threat-library/techniques/covert-house-search.html). The presentation "[Thwarting Evil Maid Attacks](https://media.ccc.de/v/30C3_-_5600_-_en_-_saal_1_-_201312301245_-_thwarting_evil_maid_attacks_-_eric_michaud_-_ryan_lackey)" introduced this technique in 2013.
Let's start with your laptop. For a seal to effectively alert you to intruders, it must be impossible to remove and replace without leaving a trace, and it must also be unique—otherwise, the adversary could simply replicate the seal and youd never know theyd been there. Glitter nail polish creates a unique pattern that is impossible to replicate, and if you take a photo of this pattern, you can use it to verify that the nail polish has not been removed and reapplied in your absence, such as during a [covert house search](https://notrace.how/threat-library/techniques/covert-house-search.html). The presentation "[Thwarting Evil Maid Attacks](https://media.ccc.de/v/30C3_-_5600_-_en_-_saal_1_-_201312301245_-_thwarting_evil_maid_attacks_-_eric_michaud_-_ryan_lackey)" introduced this technique in 2013.
Mullvad VPN [created a guide](https://mullvad.net/en/help/how-tamper-protect-laptop/) for applying this technique: first apply stickers over the laptop case screws, then apply the nail polish. An [independent test](https://dys2p.com/en/2021-12-tamper-evident-protection.html#glitzer-nagellack-mit-aufklebern) noted:
@ -117,7 +117,7 @@ This excerpt assumes that we take the cell phone with us, but [as discussed else
# Physical Intrusion Detection
"Defense in depth" means that there are multiple layers of security that an adversary must bypass in order to succeed. [Physical intrusion detection](https://www.notrace.how/threat-library/mitigations/physical-intrusion-detection.html) should be in place in addition to tamper-evident laptops and storage. That way, even if a covert house search doesn't interact with the tamper-evident storage (for example, because the goal is to install [covert surveillance devices](https://www.notrace.how/threat-library/techniques/covert-surveillance-devices.html)), you can still find out about it.
"Defense in depth" means that there are multiple layers of security that an adversary must bypass in order to succeed. [Physical intrusion detection](https://notrace.how/threat-library/mitigations/physical-intrusion-detection.html) should be in place in addition to tamper-evident laptops and storage. That way, even if a covert house search doesn't interact with the tamper-evident storage (for example, because the goal is to install [covert surveillance devices](https://notrace.how/threat-library/techniques/covert-surveillance-devices.html)), you can still find out about it.
Haven is an Android app developed by the Freedom of Press Foundation that uses the smartphones many sensors — microphone, motion detector, light detector, and cameras — to monitor the room for changes, and it logs everything it notices. Unfortunately Haven is currently unmaintained and unreliable on many devices. Until [a good alternative is developed](https://github.com/guardianproject/haven/issues/465), make sure to test the functionality of Haven on your device before relying on it. We don't recommend using home surveillance cameras without privacy features, because then the police can have easy knowledge of your comings and goings without needing to set up their own surveillance cameras.