Preventing shipment interception, providing hardware integrity verification


#43

We have not yet introduced anti-interdiction support, but now that we have a more solid operational flow with regard to assembly and shipping, we can revisit the anti-interdiction flow. Here is what we cannot and then can do; first we are not legally able to release the schematics, sadly, this is something as we grow leverage we do hope to do, but it will take time to get there; releasing the schematics doesn’t make looking for interdiction or tampering easy for most users.

What we are planning is this order flow:

  1. User places order, requests anti-interdiction support (+ $99)
  2. High-resolution photo of motherboard is taken during assembly
  3. Security seal of center screw, Trammell Hudson’s fuzzy nailpolish approach and photo of security seal
  4. Tamper resistant tape on inner bag or box and photo of tamper resistant seal
  5. Photos from #2, #3, and #4 are uploaded to the user’s my account page for viewing
  6. User receives package, confirms whatever level of anti-interdiction he/she feels comfortable in testing, be that the tamper resistant tape photo matches, or the security seal matches, or the high-resolution photo of the motherboard matches.

This is something that we have been working on for a few months now, such as getting the my account page to display the uploaded photos, getting the assembly flow to include an anti-interdiction section, and to confirm that this will suffice as a good anti-interdiction solution.

If you who are involved in this thread like this approach, or would appreciate to see this implemented, or have comments or suggestions along these lines, please reply here, and we will factor that into our upcoming anti-interdiction offering.

Thanks for the lively and healthy discussion on an important (yet often overlooked) area of security.


#44

Firstly I would like to say that this is great news.

Obviously this would vary from model to model and between revisions, but would it vary from laptop to laptop? For example, do some components have unique IDs visible?


#45

Yes, we put a serial number sticker inside, as well as various drive configurations, ram sizes, and wiring tape, all make each motherboard photo unique in their own way.


#46

Thanks to everyone here for your attention to an important topic. Although nothing is perfect, perhaps for starters simple physical deterrents would be the most manageable.

Custom designed, self sealed bags could cover the entire machine. That, and tamper resistant tape placed strategically on machine innards and photographed seems like a simple and relatively inexpensive place to start. Sparkle nail polish is cheap. If it were me, I’d change up the bag designs or use multiple designs and use a Sharpie marker to make unique markings for the photograph.

Pictures of individual machines (both insides & packaged) could be emailed to the consumer after the machine is sent, with instructions to photograph the product in its received form and to remove the tape before using.

This is far from perfect and I am a novice end user, but it seems to me that something is better than nothing while more sophisticated ideas are discussed. It requires the labor of communication after sending but that would create one more layer of specificity… sort of a physical password, as well as an opportunity to get feedback in real time about whether tampering is occurring, and if so, how often.


#47

Hi Alex,

I am no computer expert so I’d like to clarify a comment you made about using a mouse, and for that matter, and your thoughts on using an external keyboard too… I’m I correct to assume these extensions can compromise or tag my new computer? I use an ergonomic keyboard (made by microsoft) and a mouse. If these attachments shouldn’t be used, what would you suggest if anything for one to purchase? If Purism doesn’t have it, there’s probably nothing in the commercial market to have, and I would have to adapt to keep my computer safe. Thank you for any assistance. BEST!


#48
  1. thats a fair price. id pay it.
  2. thats glittery nail polish, though i suppose fuzzy could work as well. it would be harder to photograph. finding a good glitter nail polish is difficult. it has to look similar at different angles. a blink testable setup would be great, but even with blink + filters, this is very difficult. make sure you put enough on there that the attacker would have to kinda drill the screw driver to get through it.
  3. try the syringe trick on the bag. maybe you’ll find one it doesnt work on. [edit: just realized, syringes are sharp, so if the bags not too thick, it would cut it :slight_smile: ]
  4. this means trusting your web site. you should put the sites fingerprint in multiple places so the user can verify this as well. such as keybase, github, business cards (with your pgp keys of course) etc. yes, its paranoid, but sys admins,journalists, and govt employees (military, intelligence, and law enforcement) will (should) appreciate it.

#49

Prepare to wait when you order one. Months of waiting. With no updates. By the time it ships, hostile nation state adversary will have long forgotten about you.


#50

Presuming that you can trust the source. The best solution is to make it reasonably difficult but not impossible to compromise during shipping. If it were impossible to compromise the item during shipping, then the adversary (presumably government) would infiltrate the source (or it’s suppliers) and compromise the item before it ever shipped. But if the adversary believes that it can compromise every shipped item, then you can show up at the source and cart away the item yourself. Just don’t leave it unattended when transporting the item yourself.
Just my thoughts on the topic.
Rob


#51

Are there any updates to this? I thought I read purism was going to implement some sort of tape or something but is anything actually happening with respect to identifying shipment interception?