Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-12-15 08:29:19 -05:00
Code Issues Projects Releases Packages Wiki Activity

clarity and syntax edits

Browse source
This commit is contained in:
anarsec 2024-04-09 23:18:37 +00:00
parent 3660b0a2ec
commit 9a06111d64
No known key found for this signature in database
7 changed files with 106 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

10
content/posts/tamper/index.md
View file

@ -14,7 +14,7 @@ a4="tamper-a4.pdf"
letter="tamper-letter.pdf"
+++
If the police ever have [physical access](/glossary/#physical-attacks) to an electronic device like a laptop, even [for five minutes](https://www.vice.com/en/article/a3q374/hacker-bios-firmware-backdoor-evil-maid-attack-laptop-5-minutes), they can install hardware keyloggers, create images of the storage media, or otherwise trivially compromise it at the hardware, firmware, or software level. One way to minimize this risk is to make it tamper-evident. As the No Trace Project Threat Library [notes](https://www.notrace.how/threat-library/mitigations/tamper-evident-preparation.html), "Tamper-evident preparation will make it possible to discern when something has been [physically accessed](/glossary/#physical-attacks) - it's not possible to prevent a powerful enemy from obtaining physical access to your computer when you are away, but it should be possible to be able to detect when they do."
If the police ever have [physical access](/glossary/#physical-attacks) to an electronic device like a laptop, even [for five minutes](https://www.vice.com/en/article/a3q374/hacker-bios-firmware-backdoor-evil-maid-attack-laptop-5-minutes), they can install hardware keyloggers, create images of the storage media, or otherwise trivially compromise it at the hardware, firmware, or software level. One way to minimize this risk is to make devices tamper-evident. As the No Trace Project Threat Library [notes](https://www.notrace.how/threat-library/mitigations/tamper-evident-preparation.html), "Tamper-evident preparation will make it possible to discern when something has been [physically accessed](/glossary/#physical-attacks) - it's not possible to prevent a powerful enemy from obtaining physical access to your computer when you are away, but it should be possible to detect when they do."
<!-- more -->
['Evil maid' attacks](https://en.wikipedia.org/wiki/Evil_maid_attack) work like this: An attacker gains temporary access to your [encrypted](/glossary/#encryption) laptop or phone. Although they cant decrypt your data, they can tamper with your laptop for a few minutes and then leave it exactly where they found it. When you return and enter your credentials, you have been hacked. The attacker may have [modified data on your hard drive](https://media.ccc.de/v/gpn20-32-poc-implementing-evil-maid-attack-on-encrypted-boot), replaced the firmware, or installed a hardware component such as a keylogger.
@ -102,7 +102,7 @@ This excerpt assumes that we take the cell phone with us, but [as discussed else
# Physical Intrusion Detection
"Defense in depth" means that there are multiple layers of security that must be bypassed for an adversary to succeed. [Physical intrusion detection](https://www.notrace.how/threat-library/mitigations/physical-intrusion-detection.html) should be in addition to tamper-evident laptops and storage. That way, even if a covert house search doesn't interact with the tamper-evident storage (for example, because the goal is to install [covert surveillance devices](https://www.notrace.how/threat-library/techniques/covert-surveillance-devices.html)), you can still find out about it.
"Defense in depth" means that there are multiple layers of security that an adversary must bypass in order to succeed. [Physical intrusion detection](https://www.notrace.how/threat-library/mitigations/physical-intrusion-detection.html) should be in place in addition to tamper-evident laptops and storage. That way, even if a covert house search doesn't interact with the tamper-evident storage (for example, because the goal is to install [covert surveillance devices](https://www.notrace.how/threat-library/techniques/covert-surveillance-devices.html)), you can still find out about it.
Haven is an Android app developed by the Freedom of Press Foundation that uses the smartphones many sensors — microphone, motion detector, light detector, and cameras — to monitor the room for changes, and it logs everything it notices. Unfortunately Haven is currently unmaintained and unreliable on many devices. Until [a good alternative is developed](https://github.com/guardianproject/haven/issues/465), make sure to test the functionality of Haven on your device before relying on it. We don't recommend using home surveillance cameras without privacy features, because then the police can have easy knowledge of your comings and goings without needing to set up their own surveillance cameras.
@ -114,7 +114,7 @@ Haven should be used on a dedicated cheap Android device that is otherwise empty
# Tamper-Evident Software and Firmware
So far, we have only looked at making hardware compromise tamper-evident. It is also possible to make software and firmware tamper-evident. "Defense in depth" requires this - to trust an electronic device, you must trust the hardware, firmware, and software. Software or firmware compromise can occur [remotely](/glossary/#remote-attacks) (over the Internet) as well as with physical access, so it is especially important. Tamper-evident software and firmware are compatible with our [recommendations](/recommendations): Qubes OS or Tails on laptops, or GrapheneOS on a smartphone.
So far, we have only looked at making hardware compromise tamper-evident. It is also possible to make software and firmware tamper-evident. This is required for "defense in depth" - to trust an electronic device, you must trust the hardware, firmware, and software. Software or firmware compromise can occur [remotely](/glossary/#remote-attacks) (over the Internet) as well as with physical access, so it is especially important because the other measures won't detect a remote firmware compromise. Tamper-evident software and firmware are compatible with our [recommendations](/recommendations): Qubes OS or Tails on laptops, or GrapheneOS on a smartphone.
For GrapheneOS, [Auditor](/posts/grapheneos/#auditor) is an app that allows you to be notified if firmware or software has been tampered with - you will receive an email when Auditor performs a remote attestation.
@ -128,9 +128,9 @@ With the measures described above, any 'evil maid' would have to bypass:
2) The tamper-evident storage, and
3) The tamper-evident glitter nail polish (for an attack that requires opening the laptop), or HEADS/Auditor (for a software or firmware attack)
These layers are all important, although they may seem redundant. The expertise and cost required to successfully execute the attack increases significantly with each layer, making it much less likely to be attempted in the first place. The best practice is to [obtain a fresh device in such a way that it cannot be intercepted](/posts/tails-best/#to-mitigate-against-physical-attacks), and then consistently implement all of these layers from the beginning.
These layers are all important, although they may seem redundant. The expertise and cost required to successfully execute the attack increases significantly with each layer, making it much less likely that an adversary will attempt it in the first place. The best practice is to [obtain a fresh device in such a way that it cannot be intercepted](/posts/tails-best/#to-mitigate-against-physical-attacks), and then consistently implement all of these layers from the beginning.
This means that every time you leave the house with no one home, you turn off sensitive devices and put them into tamper-evident storage, take the necessary photos, and activate Haven. This may sound tedious, but it can be done in less than a minute if you leave unused devices in storage. When you get home, first check the Haven log. Next, verify the tamper-evident storage.
This means that every time you leave the house with no one home for a significant amount of time, you put the turned-off devices into tamper-evident storage, take the necessary photos, and activate Haven. This may sound tedious, but it can be done in less than a minute if you leave unused devices in storage. When you get home, first check the Haven log. Next, verify the tamper-evident storage.
Laptop screws can be verified monthly, or when something suspicious happens. Neither HEADS nor Auditor require much effort to use properly once set up; Auditor runs without interaction and HEADS becomes part of your boot process.