We just acquired a new laptop! And given our work with security, we do everything we can to protect our hardware. Even if it means using glittery nail polish. In this post, we'll show you one of our methods for tamper protecting our workstations.
What exactly is tamper protection?
Let's first talk about what tamper protection is. Basically, it's when you keep an object from being physically accessed by someone you don't trust. Think about clothing stores and those annoying plastic devices found on apparel which are meant to keep you from stealing.
Of course, we'd have to go through great lengths to make our hardware fully tamper proof. But what we're doing is making it possible for us to detect if someone has made changes to our computers, thereby making the device no longer trustworthy.
Identifying vulnerable areas
If you look on the back of a laptop, you'll find screws that can be removed to give access to the hardware inside. Exposed ports, such as the one for docking the laptop, are also a vulnerability.
These are the key areas which we want to be able to identify for tampering. In order to do so, we bring out the professional materials – stickers and nail polish.
Step by step
First, we cover each of the screws with a black sticker which blends in nicely with the laptop's black finish.
Then we paint the border of the sticker with glittery polish. It's important with the glitter because the outcome will always be unique.
Then we cover any necessary ports with one of our very own Mullvad stickers. This also gets a coat of polish along the edge.
After the polish has dried, we take a high-resolution photo of each area.
Lastly, the owner of the laptop uses her private PGP key to sign the photos which are then stored in vaults on several computers running Qubes (Mullvad's preferred operating system). Voilà! If at any time we suspect that the device has been tampered with, we can compare the seals with the images.