Preventing shipment interception, providing hardware integrity verification


#1

I had an idea that I thought may be worth considering - What if Purism sealed the boxes using some sort of unique paint / multi-candle wax seals to ensure that the boxes haven’t been tampered with en voyage? Perhaps taking a photo of said seal and sending a digital copy via encrypted email to them, presumably for an extra fee of course. I think it’d provide peace of mind to a lot of customers.

Any thoughts? :slight_smile:


Librems outside USA
Laptop arrived today. Shipping box was tampered
Purism enables interdiction
Waste of resources to ship your own OS?
#2

I was thinking the same thing. After watching Jacob Abbelbaums talks this seems very important, I got my librem 15 today and there was no seal whatsoever… concerning…


#3

We have tested an interdiction prevention process. That process is eerily similar to cat’s proposal.

  1. We uniquely seal the surrounding bag and/or box.
  2. We photograph that unique seal.
  3. We post that unique seal to the user’s account and/or encrypted email.

We have tested that to find out both cost, and process, and hope to announce that offering soon.


#4

What can I say, great minds think alike I suppose? :wink:

I imagine this wouldn’t be something in place by the time my already ordered Rev 15 ships, would it?


#5

I am eager to see more about this box sealing/interdiction prevention process. This is probably the only thing preventing me from buying a Librem laptop.


#6

Having recently watched Jacob Applebaum’s various presentations on YouTube, this is extremely important to me too.

Please keep us updated, Todd!


#8

This video shows that the CIA has been known to take packages of electronics after they’re shipped, plants malware on the device inside and then forwards the package on to you. (30:35 of video explains this process)

How can Purism prevent this? What packaging can fool proof this method of attack?


#9

What the fuck that is crazy.
Hell.
We’re gonna have to ship in destroy-content-if-opened-before-date boxes …


#10

I’m thinking of holographic seal tapes for the future (and maybe there could be some sort of holographic tape that changes if it gets attacked by a hair dryer?), in addition to having pictures of the motherboard taken before shipment… Other ideas?


#11
I’m thinking of holographic seal tapes for the future (and maybe there could be some sort of holographic tape that changes if it gets attacked by a hair dryer?), in addition to having pictures of the motherboard taken before shipment… Other ideas?

I like where both ideas are going. If the package snatcher’s intentions are to put malicious code on the computer, at the lowest levels, then a picture won’t show that.

Is there a way to display some sort of “last time booted up” message or something similar? Is that a BIOS feature that could even be implemented?
Then you could at least know with time stamping and package tracking information when it booted up last.

How about shipping the battery and power charger separate, a few days apart?


#12

holographic seal tape can be defeated by using a syringe to inject acetone just under its surface, temporarily disabling the adhesive. after the attacker is done, they just put it back.

  1. purism makes laptop signing key, fingerprints available on puri.sm, github, keybase, and business cards.
  2. glittery nail polish over the screwholes. this is discussed on several sites.
  3. signed picture of nail polish emailed to user and available by user login.

the glitter pattern is random and very difficult to reproduce.

one problem is blink testing, taking your own picture and overlaying to spot differences, is also difficult. you cant put your camera in the same place, have the same settings, and lighting that the factory did. the only way i can think of around this is a few pics, or maybe a short animation showing a few different angles, and having the user visually inspect that the pattern is close enough. it should still be difficult or time consuming for the attacker to make a close pattern. a well funded adversary could have the resources to build a custom glitter sprayer, so this may not deter a nation state.


Preventing shipment interception, providing hardware integrity verification
#13

This actually ain’t such a bad idea.


#14

Damnit @pixel now you’re depressing me :wink: I hope glitter nail polish is not our only remaining option…


#15

you welcome! :slight_smile:

i’ve thought of self adhesive tape with the nail polish on it, but the adhesive could also be vulnerable.


#17

The other topic is closed, but I worked in cyber for the gov’t and I know for a fact that many, many, servers, new from the manufacturer, have chips replaced and additional functionality has been added to those chips. Same with laptops, desktops, phones, you name it. My last investigation before I retired was a nasty one ad no information was available for… at least not unclassified information. The EPO server was the primary target and before they took it away I compared it to valid schematics of the server and it was not kosher. Not even close.


#18

First of the reason why opensource is advocated in security therms is that you can check it. The same should work with hardware no? If you publish the schematics, you should be able to check if all the components are as they should be. that should work too no?

The second thing, would be to check the firmware. So maybe the way to go is to create a tool to check if nothing has been tempered with that side maybe by doing checksum on the firemware, installed coreboot, check if there is any additional hardware or stuff like that…

Isn’t it possible to realise those things?


#19

What about dispatching the laptops in “kit” form, like a kit house… ?

Post some parts (top and bottom aluminum cases and charger, and perhaps the SSD drive. A week later post the mother board WITHOUT the parts you already posted like the SSD Drive or such… and we assemble once all parts are received. So it can not be booted in transit, and shows on paperwork as PC “parts” NOT a PC… ? Or do they NOT need to boot it up to install their malware… ???

I have two laptops on order with you but what is the point if they will be compromised as they leave Purism / USA, before they arrive in my country… ? If I were them, targeting all laptops from a company like Purism would be a good idea… obviously someone ordering a Purism laptop is a much more “interesting” target :frowning:


#20

You basically just described Novena!


#21

update. self adhesive tape was a total fail. too easily stretched. was hoping for something cleaner than gooping up the screw holes like that.

nail polish over covers (i.e. battery on some laptops) can sometimes break in hard to see ways.

look forward to seeing what you come up with.


#22

It does not literally have to be nail-polish, it could be easy-to-clean; it just has to survive non-tamper shipping but absolutely not survive any tampering (of course, TLA could formulate their own and replace it, but the glitter arrangement would be different.