Preventing shipment interception, providing hardware integrity verification

This video shows that the CIA has been known to take packages of electronics after they’re shipped, plants malware on the device inside and then forwards the package on to you. (30:35 of video explains this process)

How can Purism prevent this? What packaging can fool proof this method of attack?

3 Likes

What the fuck that is crazy.
Hell.
We’re gonna have to ship in destroy-content-if-opened-before-date boxes …

1 Like

I’m thinking of holographic seal tapes for the future (and maybe there could be some sort of holographic tape that changes if it gets attacked by a hair dryer?), in addition to having pictures of the motherboard taken before shipment… Other ideas?

4 Likes
I’m thinking of holographic seal tapes for the future (and maybe there could be some sort of holographic tape that changes if it gets attacked by a hair dryer?), in addition to having pictures of the motherboard taken before shipment… Other ideas?

I like where both ideas are going. If the package snatcher’s intentions are to put malicious code on the computer, at the lowest levels, then a picture won’t show that.

Is there a way to display some sort of “last time booted up” message or something similar? Is that a BIOS feature that could even be implemented?
Then you could at least know with time stamping and package tracking information when it booted up last.

How about shipping the battery and power charger separate, a few days apart?

1 Like

holographic seal tape can be defeated by using a syringe to inject acetone just under its surface, temporarily disabling the adhesive. after the attacker is done, they just put it back.

  1. purism makes laptop signing key, fingerprints available on puri.sm, github, keybase, and business cards.
  2. glittery nail polish over the screwholes. this is discussed on several sites.
  3. signed picture of nail polish emailed to user and available by user login.

the glitter pattern is random and very difficult to reproduce.

one problem is blink testing, taking your own picture and overlaying to spot differences, is also difficult. you cant put your camera in the same place, have the same settings, and lighting that the factory did. the only way i can think of around this is a few pics, or maybe a short animation showing a few different angles, and having the user visually inspect that the pattern is close enough. it should still be difficult or time consuming for the attacker to make a close pattern. a well funded adversary could have the resources to build a custom glitter sprayer, so this may not deter a nation state.

4 Likes

This actually ain’t such a bad idea.

3 Likes

Damnit @pixel now you’re depressing me :wink: I hope glitter nail polish is not our only remaining option…

2 Likes

you welcome! :slight_smile:

i’ve thought of self adhesive tape with the nail polish on it, but the adhesive could also be vulnerable.

2 Likes

The other topic is closed, but I worked in cyber for the gov’t and I know for a fact that many, many, servers, new from the manufacturer, have chips replaced and additional functionality has been added to those chips. Same with laptops, desktops, phones, you name it. My last investigation before I retired was a nasty one ad no information was available for… at least not unclassified information. The EPO server was the primary target and before they took it away I compared it to valid schematics of the server and it was not kosher. Not even close.

3 Likes

First of the reason why opensource is advocated in security therms is that you can check it. The same should work with hardware no? If you publish the schematics, you should be able to check if all the components are as they should be. that should work too no?

The second thing, would be to check the firmware. So maybe the way to go is to create a tool to check if nothing has been tempered with that side maybe by doing checksum on the firemware, installed coreboot, check if there is any additional hardware or stuff like that…

Isn’t it possible to realise those things?

6 Likes

What about dispatching the laptops in “kit” form, like a kit house… ?

Post some parts (top and bottom aluminum cases and charger, and perhaps the SSD drive. A week later post the mother board WITHOUT the parts you already posted like the SSD Drive or such… and we assemble once all parts are received. So it can not be booted in transit, and shows on paperwork as PC “parts” NOT a PC… ? Or do they NOT need to boot it up to install their malware… ???

I have two laptops on order with you but what is the point if they will be compromised as they leave Purism / USA, before they arrive in my country… ? If I were them, targeting all laptops from a company like Purism would be a good idea… obviously someone ordering a Purism laptop is a much more “interesting” target :frowning:

1 Like

You basically just described Novena!

2 Likes

update. self adhesive tape was a total fail. too easily stretched. was hoping for something cleaner than gooping up the screw holes like that.

nail polish over covers (i.e. battery on some laptops) can sometimes break in hard to see ways.

look forward to seeing what you come up with.

2 Likes

It does not literally have to be nail-polish, it could be easy-to-clean; it just has to survive non-tamper shipping but absolutely not survive any tampering (of course, TLA could formulate their own and replace it, but the glitter arrangement would be different.

1 Like

Firstly, let me be clear: I highly respect and appreciate everything the Purism Team have done to date, want to support you and have an L13 and L15 on order, however am now feeling like I may need to cancel my orders.

THE PROBLEM
The real issue here for me, and surely must be for everyone else too (?) is what’s the point of stripping all the spyware / hack vulnerability out of these laptops to then allow it to be reinserted again during transit to the end user? Seriously, doesn’t this make the whole Purism project a fail, until we resolve this?

In the post “Preventing Shipment Interception”, solutions were proposed (holographic seal tapes, glitter nail polish over screws, etc) then quickly defeated with confirmed existing government practices (syringe to inject acetone under seal surface etc). To me, these solutions only help us confirm we have received a hijacked device which is then of no use to us. The real objective / solution surely is to deliver the Librem to the end user in a “guaranteed secure state”.

THE SOLUTION
Are there solutions that can be developed / offered (even at additional cost?) to receive in a “guaranteed secure state”? such as:

SOLUTION - Technical
Is it technically possible to deliver solutions like suggested by @pixel such as laptop signing key, fingerprints, etc, which would cryptographically sign the motherboard to prevent change, or similar ideas?

SOLUTION - Physical
Just sharing thoughts, but I may be interested in an “option” to choose some additional physical security. If we made it “too difficult” for them to quickly interfere with the laptop while in transit(?)
For example:
I) to choose one-way security screws, in conjunction with having you “super-glue” or “Loctite” the screws in the back cover. Also use super-glue to glue the back cover on even under the screws so they can not access inside. I accept that would mean I have to purchase a new replacement cover along with a replacement battery 2 years down the track, but thats a cost I would accept.

II) use stainless steel screws as they are a lot more difficult to micro-drill into the head and use an “easyout” (screw extractor) to remove the screw.

III) if points above were implemented and did actually stop a hardware / chip hack, but laptop was shipped in a bootable state, then we are still susceptible to boot / software install which still means delivered device may not be secure.

IV) deliver each Librem in multiple shipments for end user assembly(?) to avoid “boot-n-tamper” in transit(?) but then is susceptible to chip replacement hack as case is not super-glued together.

V) Other feasible solutions(?)

FINAL COMMENT
If you think this post is an over-reaction, consider this: Purism is manufacturing laptops DELIBERATELY designed to circumvent government malware / hacking / hardware monitoring, so if YOU were in charge of such monitoring, would you not specifically target ALL products dispatched by such a niche manufacture? I think this “delivered in a guaranteed secure state” is as important as all the other aspects you have so brilliantly addressed to date.

@mladen @jeff @pixel @jvader @todd-weaver and others, I would seriously appreciate your response to my thoughts above AND/OR other solutions as I am genuinely seeking a solution for us all, and so I do NOT have to cancel my orders.

Thx
bit

3 Likes

As evidenced by that threads discussion, we’re all in agreement on this. This industry has a history of things that look like over reactions until you see them in effect.

Now that we’ve given our feedback on that thread, Im waiting to see what they come up with.

Making it physically tamper proof would be awsome even post sale.

thats one reason i choose a retina macbook a few years ago, which has its ram soldered onto the motherboard. passwd the firmware, and no cold boot attacks, no decrypted drive (since the key is in the ram) etc. apple also doesnt allow for firmware password resets, making that harder too.

a randomly generated boot password could also be available to the user on the web site, or sent along with the pics etc in the email with the pics. part of the buying process would have to be uploading a pgp key.

these days, its no big deal for the paranoid to get ram maxed out. if they soldered it on, they could run memtest for a couple days before adding it to their inventory, or in purisms case, the eternal backlog.

2 Likes

Nothing is completely secure. This is pretty understood in the physical space. That’s why home security companies like tyco or or adt don’t sell things by saying - “buy our product and it is impossible for a criminal to break into your house!” That kind of security doesn’t exist in the physical world and it doesn’t exist in cyber space either. Anyone promising 100% impenetrable solution is selling snake oil.

4 Likes

@thomas.chiantia

“Anyone promising 100% impenetrable solution is selling snake oil.”

But security is a game of risk vs. reward…The goal is to make things incrementally more difficult to attack to dissuade attackers, not provide ‘perfect’ protection. Doing nothing is worse than having even rudimentary protections. To extend your analogy and flip it: homes with security system signs and yet lacking any real system, still get burgled less often.

My problem with Purism machines in their current state is that they are not much more secure than any other commercial laptop running Linux. They are finally starting to run Coreboot, but even that still retains a great deal of problematic binary blobbed code. The jump to Libreboot or a blob free Coreboot is NOT a small leap either. The ME has not been fully neutralized and could easily be ‘fixed’ by Intel to render the ME cleaner process useless. CPU bugs that demand microcode updates could be used by Intel to leverage ME updates as well, meaning previously ‘freed’ machines would be back under Intel’s lock and key unless you dare running with broken microcode.

You could buy a Raspberry Pi 3 for $35 and get virtually same end-result regarding libre vs closed firmware. Add the ability to acquire Pi’s virtually anonymously and you’ve tipped the scales.

Intel is simply a bad platform to start from if you want end-user control, privacy, and anonymity.

4 Likes

Thanks for your reply @M12321, appreciate your insight. My coding skills may embarrass me in public, but I appreciate security is a game, encompassing risk Vs reward, which I most certainly comprehend and practice, hence my “Final Comment” at the end of my post. I feel the Purism Librem the team have created so far is a good start if they can be delivered in a “guaranteed secure state”.

This topic was raised 18 months back and I would still appreciate a response from @todd-weaver or one of the Purism team members, so we know the official perspective on this and any possible action plans and timing.

Sincerely
bit

2 Likes

I think the glitter solution was not countered and is a pretty good first-approximation to tamper-evidence. Also taking a photo of internals that the end-user can compare.

This would have to be optional; I imagine most buyers do not have a PGP key (and telling them to generate one is sketchy because they may be buying a new laptop to replace a failing or untrusted one; you would not want the private key falling into the wrong hands or being lost to the buyer forever on a broken harddrive…maybe a throwaway just for the purchase, hut then web of trust is impossible).

1 Like