Introduction to Tamper Evident Devices

Video thumbnail (Frame 0) Video thumbnail (Frame 2299) Video thumbnail (Frame 4957) Video thumbnail (Frame 7334) Video thumbnail (Frame 10895) Video thumbnail (Frame 12289) Video thumbnail (Frame 14131) Video thumbnail (Frame 17226) Video thumbnail (Frame 18539) Video thumbnail (Frame 19665) Video thumbnail (Frame 20674) Video thumbnail (Frame 22875) Video thumbnail (Frame 24673) Video thumbnail (Frame 26545) Video thumbnail (Frame 27758) Video thumbnail (Frame 29501) Video thumbnail (Frame 30634) Video thumbnail (Frame 34703) Video thumbnail (Frame 36981) Video thumbnail (Frame 38319) Video thumbnail (Frame 40085) Video thumbnail (Frame 41407) Video thumbnail (Frame 42626) Video thumbnail (Frame 43814) Video thumbnail (Frame 45601) Video thumbnail (Frame 47091) Video thumbnail (Frame 48394) Video thumbnail (Frame 50322) Video thumbnail (Frame 51709) Video thumbnail (Frame 53911) Video thumbnail (Frame 55012) Video thumbnail (Frame 56053) Video thumbnail (Frame 58429) Video thumbnail (Frame 59476) Video thumbnail (Frame 61228) Video thumbnail (Frame 65591) Video thumbnail (Frame 68274) Video thumbnail (Frame 70804) Video thumbnail (Frame 71889) Video thumbnail (Frame 73490) Video thumbnail (Frame 74565) Video thumbnail (Frame 75584) Video thumbnail (Frame 76982) Video thumbnail (Frame 78872)
Video in TIB AV-Portal: Introduction to Tamper Evident Devices

Formal Metadata

Introduction to Tamper Evident Devices
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
datagram - Introduction to Tamper Evident Devices Tamper evident technologies are quickly becoming an interesting topic for hackers around the world. DEF CON 18 (2010) held the first ever "Tamper Evident" contest, where contestants were given a box sealed with a variety of tamper evident devices, many of which purport to be "tamper proof." All of these devices were defeated, even by those with little experience and a limited toolkit. Like the computer world, many of these devices are overmarketed and it is difficult for the average person to compare different tamper evident technologies. This talk covers the design and uses of tamper evident devices used in the commercial and government sectors. We'll dig into the nitty gritty of how many of these devices work, the methods by which they can be defeated, and live demonstrations of defeats against common tamper evident devices. Be advised: this talk is for only the stealthiest of ninjas; pirates need not apply. datagram has taught about locks, safes, and methods to compromise them for many years, including training to private companies and government agencies. He has spoken many times on physical and digital security at various conferences and is a part-time forensic locksmith. datagram runs the popular lock and security websites and datagram is the leader of "The Motherfucking Professionals," the team that won the first Tamper Evident contest at DEF CON 18.
Web page Computer Solid geometry Neuroinformatik Wiki Term (mathematics) Energy level Website Software testing Information security Computer forensics Information security Computer forensics Social class Row (database)
Proof theory Term (mathematics) Different (Kate Ryan album) Authorization Cuboid Normal (geometry) Water vapor Authorization Information security God Product (business) Proof theory
Game controller Functional (mathematics) Nuclear space Materialization (paranormal) Water vapor Product (business) Natural number Term (mathematics) Energy level Representation (politics) Cuboid Integrated development environment Information Information security Pairwise comparison Arm Key (cryptography) Nuclear space Digitizing Physicalism Software maintenance Integrated development environment Personal digital assistant Telecommunication System programming Information security Transportation theory (mathematics) Routing
Type theory MUD Cuboid Pattern language
Revision control MIDI Frequency Ring (mathematics) Key (cryptography) Ferry Corsten Multiplication sign Right angle Open set Table (information)
Email Different (Kate Ryan album) Projective plane 1 (number) Flag Pattern language Family Address space Computer programming Formal language Physical system
Type theory Factory (trading post) Chain Energy level Cuboid Similarity (geometry) Right angle Incidence algebra Number
Dependent and independent variables Electric generator Firewall (computing) Combinational logic Neuroinformatik Product (business) Residual (numerical analysis) Spring (hydrology) Different (Kate Ryan album) Intrusion detection system Oval Telecommunication Videoconferencing Cuboid Information security YouTube Adhesion
Point (geometry) Radical (chemistry) Sensitivity analysis Different (Kate Ryan album) Videoconferencing Planning Right angle YouTube
Revision control Digital photography Telecommunication Tape drive Cuboid Website Booting Product (business) Reverse engineering God
Point (geometry) Covering space Type theory Group action Telecommunication Water vapor Liquid Right angle Black box Cryptography Mereology
Metre Type theory Business reporting Multiplication sign Forcing (mathematics) Normal (geometry) Water vapor Software testing Power (physics)
Type theory Transportation theory (mathematics) Different (Kate Ryan album) Multiplication sign Bit Mereology Position operator Diameter
Data model Slide rule Proof theory CAN bus Nuclear space Information security Product (business)
Proof theory Word Right angle Information security Information security Product (business)
Identifiability Water vapor Stress (mechanics) Mereology Mechanism design Mechanism design Different (Kate Ryan album) Software testing Damping Right angle Quicksort Pairwise comparison Fiber (mathematics) Disassembler Fingerprint Vulnerability (computing)
Type theory Hoax Data storage device Materialization (paranormal) Data storage device Mereology Information security Theory Software protection dongle Element (mathematics)
Type theory Divisor Different (Kate Ryan album) Electronic mailing list Right angle Endliche Modelltheorie Bounded variation Graph coloring Row (database) Number
Slide rule
File format Multiplication sign 1 (number) Water vapor Mereology Graph coloring Number Type theory Digital photography Spherical cap Different (Kate Ryan album) Cuboid Utility software
Fitness function Right angle Number
Digital photography Slide rule Different (Kate Ryan album) Right angle Water vapor Shape (magazine) Mereology Game theory
Digital photography Type theory Process (computing) Bit Endliche Modelltheorie
Spring (hydrology) Hard disk drive Hidden Markov model Software testing Bit Braid Thumbnail Tangent
Area Serial port Confidence interval Forcing (mathematics) Sheaf (mathematics) Mereology Scherbeanspruchung Number Degree (graph theory) Mathematics Proof theory Ring (mathematics) Software testing
Digital photography Arm Length View (database)
Curvature Ring (mathematics) Variety (linguistics) Different (Kate Ryan album) Bit Disk read-and-write head
Degree (graph theory) Wiki Ring (mathematics) Angle Friction Drill commands Drill commands 1 (number) Videoconferencing Mereology YouTube
Type theory Serial port Flag Sound effect Euler angles
Degree (graph theory) Goodness of fit Digital photography Email Different (Kate Ryan album) Multiplication sign Flag Moving average
Digital photography Thread (computing) Physical law 1 (number) Fitness function Sound effect Right angle Pattern language Water vapor Bit Mereology Product (business)
Standard deviation Envelope (mathematics) Tape drive Water vapor Cuboid Moving average Software testing Water vapor Quicksort Adhesion Form (programming)
Serial port Information Tape drive Multiplication sign Tape drive Combinational logic Residue (complex analysis) Entire function Residual (numerical analysis) Type theory Order (biology) Right angle Information security Local ring Physical system Adhesion
Clique-width Tape drive Tape drive Residue (complex analysis) Open set Bookmark (World Wide Web) Residual (numerical analysis) Type theory Oval Partial derivative Right angle Partial derivative Adhesion
Texture mapping State of matter Texture mapping Limit (category theory) Shape (magazine) Wave packet Residual (numerical analysis) Position operator Film editing Envelope (mathematics) Orientation (vector space) Distortion (mathematics) Software development kit Adhesion Distortion (mathematics)
Texture mapping Tape drive Pattern language Mereology Information security Adhesion Sound effect
Particle system Digital photography Texture mapping Tape drive Combinational logic Residue (complex analysis) Right angle Adhesion Sound effect
Wiki Type theory Information Internetworking Disintegration Data storage device Mereology
welcome to introduction to tamper-evident devices i'm datagram and you're probably going who's this asshole
so I have a pretty solid background in tamper-evident technologies I just gave a 2-day class earlier this week at blackhat on this very subject I also do a lot of non-destructive entry stuff so I think lock-picking safecracking making friends with guards and so on and so forth I also do forensics particularly forensic locksmithing so determining if locks have been picked or bumped or opened with things other than a key and like many of you I also do computer security and like many of you it's also a bullshit term that I use so we don't have to talk about it so much I run a couple websites such as la quickie lock-picking forensics and eventually tambour wiki will have something more than a cool splash page that I got bored and made i'm also the leader i am i beliee der and my book I'm the leader of a tamper team called the motherfucking professionals and for the record if anybody is wondering why we picked that name it's cuz John used to ask me like like can we do this and I'm like John please I'm a fucking professional so that's that we won the tamper contest last year which was the first-ever tamper-evident contest ran by DT and I'm proud to say that this year we've won all four levels all right so what the hell are
tamper-evident there's a court here and I'm not Jesus so this is a professional conference okay so what's the difference we have terms we all work in security we all have retarded things that we wonder why do people say that why do why is that on every box I buy four security products so these three terms tamper resistant tamper proof and tamper evident as the fourth kind of pseudo term is anti tampering so what do those mean so a product that's tamper resistant is actively made to deter tampering now what tampering is may vary depending on the product but generally it's anything other than normal use so for our water bottle if we if we take off thanks I I didn't realize I needed this prop but thanks ah fuck so the the water bottle has this little seal so if we take the seal off and put something in the water that be tampering as long as we put it back and it looks right something that's tamper proof doesn't exist but a lot of companies use the term to denote so oh my god to know something that's you know cannot be tampered with and you know that by definition means every definition that you can think of for tampering would be protective against so it's the same like saying you know this computer's hack-proof or whatever so we all think that's retarded and that's retarded and then our last term is tamper evidence so that's something that doesn't necessarily resist tampering much like our water bottle but it is determined to leave evidence of whatever methods of tampering that you did to the product so
tamper evident itself anything that leaves evidence usually in a general sense we did we say tampering is unauthorized access alteration or replacement you can also use counterfeiting and so on and so forth so
why don't we just use locks where we would use these tamper evident products because you know locks actively prevent entry that's their goal some locks are a tamper evident they're you know meant to show that that the lock has been opened with something other than the key but that's not always the case so the main thing is is it better to prevent an attack or detect an attack right so think about that think about shipment of nuclear materials is it better to prevent someone messing with it or better to detect when someone has messed with it because by attempting to prevent we assume that we'll be able to detect all of these methods you know by default or that they would not happen tamper devices that you know by their very nature nature that's the Jaeger kicking in they enforce you to inspect them because again they're not locks they're not resistant to tampering or physical abuse and locks are pretty expensive by comparison you know these tamper seals are just little metal or plastic things that look a lot like locks they're essentially one-way locks but they cost a lot less and think of also the cost of maintaining you know key maintenance and key control and distributing keys and disposing of keys and all that kind of stuff and then you also have to consider you know environmental considerations you know will lock function in this environment will it get jammed up will I have to replace the keys will have to repin the lock so on and so forth
so who uses tamper heaven advices the answer is all of us we just may not think of them as such so food and drug packaging again our friend the water bottle at blackhat I took the fire extinguisher from the room and I put it on stage and they got really mad about it but those all have tamper seals on them too you know they inspect them or do whatever they do for the US Fire Marshal and then they reseal them to show you know that that's been inspected and oh so on so forth a lot of drugs pharmaceuticals you know tylenol everything that kind of stuff all have little tamper seals on them so that you know when you buy the bottle you open the box you take off the shrink wrap you open the bottle all that kind of stuff all our you know little tamper indicating devices so we can tell if our pills have been screwed with pretty much everything you know warranty protection all of our DVD players and electronics like that usually have a little tamper sticker to determine when we've opened the case the customs Border Patrol use these a lot to secure cargo shipments and all the kind of stuff and then also think about confidentiality so how do you determine you know if I send a letter to to you how do you know I sent it or it wasn't modified in route you know it's easy with like digital stuff easier but it's a lot harder with physical things right because you know we have to inspect them and then how far are you willing to go to inspect them to ensure that that's the real real deal we also use them a lot for international stuff and at government level three-letter agency level kind of stuff so for example nuclear safeguards when we transport or or I actually don't know what we do nuclear materials but whatever we do with them we seal them all these little containers that have the plutonium or whatever and we also use these heavily for treaty enforcement between countries so agencies like the IAEA and United Nations they'll say hey you know country a you know we're not gonna make bombs the country B agrees so how do you enforce you know this idea of two countries agreeing to something when you know you can't just have representatives of each government you know watching everything they do so think in terms of like Pakistan and India and North Korea China in all these these nuclear arms treaties we have to say okay we're not going to make bombs how do we enforce that a lot of that comes back to tamper seals we seal them and then determine if they've been tampered with you know when when the inspectors come however routinely it is so we're gonna
go over a little history and then we're going to talk about two basic types of seals so this will just give you a brief overview of all the kind of stuff that use in modern day so the original idea was that we used a lot of clay or mud and we'd dry it over something so think of a box we're gonna cover it in clay and then put this pattern so for you to gain access to the box you have to figure out how to remove that clay and put it back when you're done so that may or may not be difficult especially when it's you know 1800 or 800 BC you don't know what the fuck you're doing this is
another example from you know a long long ago and so we would let's say we have our box again we tie rope around it right so this is called a belay and it's a little piece of clay that fits over the rope and then you stamp it in and it squishes into the rope and dries so again like our box covered in clay you'd have to remove that to access the rope to open the box the Pope is awesome and
he has a ring which he's kind of baller in that sense right he has a ring so there's a guy there's two guys there's two guys one guy when the the new pope well when the old Pope exits he has to melt his ring right when the new guy comes in some other guy makes him a new ring and then they use that for stamping table insignia and so you could see here's a real old version but a tradition still continues to this day and usually they do wax nowadays in mid
1800s we started combining locks with seals and and it's pretty cool because you know again we think why not use locks why you seals why not use both have the best of both worlds so this is an example of a real old padlock and you can see on the right here there's this little piece that kind of swings open and that allows you access to the key way so they figured well why don't we just put the stamp over that and then close that up and then to get access to the key way you'd have to remove the stamp right now we'll ignore any you know well what if you don't need to use the key Wade open lock there's also a lot of locks from this time period that have a little glass plate so when you lock a little glass plate slides over the keyway and you'd have to shatter that to get access to it during World War 1
World War two we started doing a male censorship and probably before that so essentially what it is is you send a some piece of mail somewhere along the way the censor says ok flag that so they cut it open right then they see they read what it is they determine if it's okay to go through they tape it back up and then they put a stamp over it you could see over in the top left here they even write what language the letter was in and then again we also use this kind of similar stamping stuff to make sure that our mail has gone through the mail system properly a very cool story is
beginnings of the Cold War beginnings of the CIA they had a lot of difficulty with communicating back and forth that excuse me the CIA had a lot of difficulty communicating with agents in Moscow so what they did was they they did this elaborate program where they bought you know thousands of different postcards and they sent them to and from different - addresses different recipients and they put different things on them like you know in Moscow from Russia With Love so on and so forth and then when they reach their destination the CIA would go back and look at them determine which ones had been tampered with by the Russians and and then determine which methods they used - to try and detect tampering and then which postcards weren't didn't qualify for whatever censorship censorship or tampering that the Russians did so through all this they they look at the patterns say well if we send it to you know Ohio and it's in this rural rural area maybe it doesn't get flagged and so on and so forth so it's a very very cool project and I think it's a lot of it's in Family Jewels if you want to look that up to read more about it I don't remember the name of the project but it's also documented a lot in the book spy craft I just think it's a really cool thing that you know seventy years ago we were thinking well how do we detect mail tampering and how can we prevent it how can we get around people doing it because obviously you can't you can't tamper everything that goes through the mail system it's just not logistically possible so you got to pick and choose in the 1980s in Chicago there
was a lot of scares where Tyler pills were replaced with cyanide pills and so you can see on the left is Tylenol on the right is cyan cyanide Tylenol so people started dying from this and there was this huge scare where
tylenol was rushed off the shelves and johnson johnson owner of tylenol said we can't detect tampering at the factory level so it must be further down the chain and to this day it hasn't been determined how this happened there were a lot of copycat kind of things like a a woman fed her husband a cyanide tylenol and then went to her local store and put like you know a dozen cyanide boxes mixed up in there so that other people would die and they think it's just another freak occurrence you know all the boxes have been tampered with kind of thing obviously it didn't kill tylenol but similar incidents killed a number of other aspirin or pain medication type companies so now we get
to more modern-day steals after the whole fiasco in Chicago we instituted the federal anti tampering act and so all pharmaceutical pharmaceuticals now have to have you know these different layers of protections so they could just like computer security where we have defense-in-depth you know we don't just have a firewall or a what the hell do we use in computer security these days we don't have an IDs or all that kind of crap so now you have to open the box and inside the box you take you a little spring crap off you attempt to take the childproof container off and then despair usually and then there's this little wax adhesive combination seal that's over the actual pills themselves
on a lot of electronics we use these little warranty stickers right so this is the first generation of this particular Xbox tamper seal and it's just this little silver seal that says Microsoft if you try and pull it up it leaves a little residue that says void or opened or whatever it is and so there started to be videos so people will taking these off on YouTube and Microsoft I believe there are official responses that well that's cool and we're always looking to make our product better so they instituted a new seal and
now there's videos of this being removed with a hairdryer on YouTube it's essentially a sticker so I think you're all comfortable removing stickers at one point or another
we use these a lot one thing I found out recently was that the duty-free bags at airports you could actually take different kinds of chemicals on board planes with as long as they're sealed in the duty-free bag now depending on where yeah right well we shit and it's funny for me because I actually it's not legal for me to fly because I have all these dangerous chemicals that I use for the tamper stuff and I can't be like hey can I bring this gallon of acetone on board I paint my nails a lot so huh so I found out that you can actually take these on you know with certain size certain chemicals as long as they're sealed now depending on your Airport depending on where you're going you know domestic international you can you may be stopped and they may remove these from your persons before you get to the terminal and you can only buy them after you check in and crap like that but I think it's very interesting that we rely on these on the right is a check and deposit bag that is used by a lot of banks the one in the picture is actually a Bank of America bag but there's a lot that are almost extremely similar and you just throw your cash in and seal it up and then obviously if someone wants to steal it they're just gonna steal the whole damn thing and it's not gonna matter but if somebody tries to take you know a portion of it they have to figure out how to get that out and then reseal it without leaving evidence now obviously the mission missing cash may be evidence but think of you know if we want to transport sensitive documents or company secrets and so on and so forth in these I got substance so on and
so forth don't I we also use these to seal evidence bag similar to the the
plastic bag here on the right there's a lot of evidence bags that look the same
this is just a manila folder with some evidence tape over the edges but we use these pretty heavily for this kind of stuff
we started using these not too long ago in electronics so all these sites like hackaday that you know people are like oh my god I got the latest new iPhone awesome version holy shit and and I took it all apart and then I reprogrammed it so that like titties appear when I boot up or whatever and and so companies are active actively trying to stop that you know stop reverse engineering other products stop modification again we could go back to like X boxes and stuff where they don't want you to monitor or do anything against what they want you to do with it so they started making both tamper evident and tamper resistant electronics so in the photo is just this little chip and all the leads are coated in a thin layer of epoxy so if you wanted to remove this chip or get access to the leads you'd have to remove that and then figure out how to repair it you could go
hardcore and become the government where you just coat the whole damn thing in in epoxy for the entire PCB so you just have it's essentially just a little black box at that point where you don't really know what it does but it just plugs in somewhere and then hopefully it works has used a lot on little DRAM chips too and military crypto electronics a lot of these are also tamper resistant where they destroy themselves if they detect tampering and so on how many of you have
a Blackberry or an iPhone if you take off the back right now you could see a little white seals and some of them are water sensors and some of them are little covers for the screws so that you know if you wanted to take your your device apart you have to remove all those little stickers or break them when you put the screw screwdriver in so all these are little warranty protection type things though the water sensors don't really evidence tampering so much since they're the only thing they do is detect water right or other types of liquids but for the most part just water so a lot of people ask me well what about like tilt sensor is on on packaging like you send a crate you put a tilt sensor it that's kind of a tamper-evident device that but that's more of a cover-your-ass device so you know if something happens in transit then you could say well the tilt sensor went off so this this must happen how
many of you have to take a piss test for work a funny story in the contest this year there was a medicine ball though the look that looked pretty similar and I filled it with apple juice and there's a picture of me drinking it like that yeah and and another team used jack and water that looked a lot like p2 I don't know what's with us in PE but let's stop talking about Pete anyways anyways we use these for a lot of medical type stuff so specimen containers and and you can see the blood vials in the center and then even some you know more expensive medicine bottles will actually have a tamper evidence seal so that you have to physically break it and it's not like the normal seals like the one on the left here or the normal kind of water bottle seal it's it's meant to not be able to go back to the way it was you all have gas
water and power all of your little meters have little tamper seals on them and they're just these little tiny plastic things and again tamper evident things don't resist force you could just snap these off with your fingers it's just a little piece of plastic but if it's gone the next time the guy comes to check your meter you know he files a report saying something may have been tampered with and then they choose to investigate or not for a cargo
transportation we use more heavy-duty seals for the most part we'll talk about different types of seals in a bit but these are called bolt seals and there's essentially just a one-way lock that snapped through the Hospit the ia IAEA
does a treaty monitoring for North Korea and this is an example of a cup seal that they use and so this half of the cup seal is actually not unique so you could technically replace it with one of the same size in the same hole diameter in the same hole position but what they do is they take a little a knife and they scratch it up in here and they add little dabs of solder and then they take a picture of it they seal it up the next time they come they inspect the outside when they're ready to remove the seal they cut it open and look at this and compare it with the picture to determine if it's been tampered with this is a
photo of marine sealing a can of nuclear material with just a little tamper seal and if you remember back to our evidence slide this is essentially that same little red adhesive just being applied to the the nuclear container so as with
most security products there's less bullshit and so one thing I found really funny is that everyone who sells zip ties markets them as tamper proof and I thought that was pretty funny now how many of you are uncomfortable opening a zip tie did not think so what if it's a pulled tight zip tie little more tricky huh step it up
there's also dedicated tamper companies and most of them represent their products as being more secure than they really are and that was one of the motivations for DT starting the contest last year and continuing it on this year and next year so you'll see it's just a little sticker similar to our Microsoft warranty sticker when you pull it up it just says void and the wording to the right says impossible to reseal or reuse another one is these little metal
padlock security seals which sounds very intimidating but essentially just this little French frangible as that word we'll find out later it's just this little shackle that fits through the body and it snaps into place and it says positively tamper proof we'll get back to him later so what
makes something tamper evident right is a water bottle tamper evident is an envelope tamper evident you know all these things yeah but are they designed to be such so something that's tamper evident should be durable to everything I'm going to try walking around we'll see how it works something that's tamper evident should be durable but it should be weak it should not resist physical attacks right it should be a one-way lock mechanisms there's extremely few seals that are actually resealable because you know think if it's resealable it's essentially a lock that you can lock and unlock at will given the right tools and skill and a lot sort of stuff tamperer seals usually have unique identifiers to prevent you from just swapping one out and counterfeiting it and they're sensitive to basically everything other than a tug test and so what a tug test is is where you seal your seal and we'll talk about this particular seal in a second you seal it up and then you just pull it right so we know it's locked so what if I pulled it and it snapped right if I'm just pulling lightly then that may evidence tampering right and there also you should be very weak to things like temperature or different chemicals and so on and so forth so how do we inspect tamper seals and this is a talk all on its own but we can think we just look at them casually I go to to do and then you can look at them closely and see if there's any little scratches or missing pieces you can also disassemble them if they are disassembled and then you can get two serious science where you know you're saying what what evidences in on the seal or their fingerprints their their hair and fiber that kind of stuff then there's also seals that have traps or alarms so think of a an example of a trap would be the fuck was that an example of a trap would be like the the little ink things when you go to the department store and all the clothes you want to buy the ink things so if you try and remove that it sprays ink everywhere and so that's considered a trap an alarm is more like when you're in the same department store and you just try to walk out and all the siren goes off so what does defeating a
seal mean so this is kind of ambiguous defeating a seal doesn't mean just pulling it apart because it's pretty easy just to pull most of these apart and so by defeating it we mean that we open it and we reseal it which sometimes is the harder part and we leave little to no evidence of tampering as little as possible so there's vulnerabilities kind
of everywhere so we can think of there's problems with the design something that the end user just can't fix there's problems with procuring seals so what if I start a malicious tamper seal company that sells flawed seals right and you buy seals from me what about storage of your seals if somebody has access to your seals before you install them can they be tampered with and then made vulnerable to different attacks what about installation you can definitely install a lot of these wrong to reduce the security they offer and then of course the the biggest thing is the human element you know to identify tampering you need to have somebody actually look at it there's no good automated way to do it now you can say oh of course we have electronic tamper seals that will alarm and do that kind of stuff but that kind of stuff tends to make us lazy so we we just need to say you know when the guy pushes the button to see if it's been tampered with it tells them no and there's a lot of ways we can fake that and then think about also how you remove or dispose of the the old seals when you pull them off the container when they get to their destination if you just kind of throw them in the dumpster out back can somebody go through them and get parts or get materials from that that would allow them to better tamper the seals that you're using still so the
first thing we're going to talk about is called mechanical seals and these are a little plastic and metal type seals that that physically prevent you from doing what you want so think of it like a little hasp on a door and we have this little tiny tamper seal around it to open the door you need to break this seal in theory so zip ties
seriously zip ties we're not joking when I say zip ties are a basic tamper-evident seal again show of hands how many people are worried about a zip tie fully sealed zip tie those are tricky okay so the first thing we're
going to talk about is the beaded cable seal and I have one here you want to pass it around wow that was off I'll seal it for you and you know just pull on it lightly see how it feels don't tighten it too much but play with them see how they feel and essentially
it's just this little little cable that fits through the body and once you push it through enough it locks into place so it's basically a fancy zip tie how confident are you that you could beat this now what one guy cheese I thought you guys were pros and I had like the whole fully lockup tie thing down so I tried to do this earlier when I was
drunk and I ripped the shim but you could essentially just put a little cocaine through there and get it around the cable and you push in and once you get it through you're essentially doing the same thing with a zip tie where you're separating the teeth from the cable then you could just pull it back out and there's a lot of these seals and
they look different now and then but they're essentially the same thing right they're just these little plastic or metal pieces and you snap them together and they're they're glorified zip ties some are two-sided some are four-sided some have two rows with a divider in the middle so you got a shim both of them and again shimmies not the only defeat think of you know a lot of these don't have serial numbers can we just swap in another one of the same color of the same model lots of lots of different defeats so again go back to you know our list of different places we can attack them and just think of all the different things we could do to these basic little seals next type of seal we're going to
talk about it's called the plunger seal now one thing I should mention is that all the companies that sell these have really tarted names for them so they all call them truck seal so it makes it really hard to talk to somebody say hey you know that truck seal and they're like Oh which of the 5000 are we talking about so I call just kind of how they interlock because it's easier for me and hopefully I just give enough talks that everybody else starts using the terminology but it's essentially just this little piece that
snaps in so it's similar to our little cable seal but it's a it covers the the piece that we would want to manipulate and you can see that the little flames is here kind of prevent you from sticking something in and pushing those little legs back but on most of these they're capped so the way that they seal this is that they form the body they put the little white piece in the detainer and then they cap it right and then whenever you're ready you just snap it into place so I don't know why that slides there
but okay so you can actually take caps from other ones and you could just pull the caps from existing ones just using a little a little screw you just screw it in there and pull it out sometimes you could use heat or boiling water to make it easier but you could just pop that out and then put a new one in there and no one's the wiser and once you have the cap out you have you know full access to the internals so if it becomes a zip tie again and so you can see here in the photo the the you know we for our team we have a big box of different little caps ready to go so it saves us time when we want to do defeats we just pop the existing one out and then pick the right color and you know if we damage the white part in any way it's hard to see if it's right here if we damage that we just pop a new one in because they're all the same - and none of these little pieces or serialised are unique so
there's other little plunger seals that are pretty common as well again these are used a lot by the the utility companies and they're essentially just the same thing there's just a different little format and you can see the one on the left doesn't even have a serial number so if we find the same type of seal with you know with the serial number think can we print a new one on it because we have blank ones sure why not
the padlock seals are called so because they resemble padlocks and they're kind of nifty the one on the left just uses little spring-loaded detainers that shoot out when you push the shackle in so you can think can I sim that can I just put a little piece of wire and get around that you can actually just remove the shackle you can cut it and take the pieces out and then put a new one in if you have it and you know all these other kinds of defeats we talked about the one on the right is funny because it sucks
so this is our tamper-proof seal right and so it's just this little piece that that clips in similar to our plunger seal so we have it here and you try and pull it doesn't work so you could of course just go in there with the lockpick and push those little legs back and pull it out but what I thought it was a really funny attack is you could take another shackle which is funny because you see they have these little tabs so it's supposed to be where you can put a serial number so you can't just replace the shackle so it will assume that they're serialized but you just take another one and you kind of fit it down here they see somebody knows where I'm going with this oh wait for it and you take them out and you're reseals super you guys want to play with this should I pass it around don't fuck it up for all the people in the back I'm not throwing it so I'll have fun with that at the tamper-evident contest if they're still set up after the talk they have some practice skills if you want to just take one home to play with I unfortunately don't have well I do have a million seals but I didn't bring them but I'll have a couple extras up here afterwards the next seal
we're going to talk about is also called a padlock seal but for different reasons so you see they have different designs different places they put the cereal different little shapes up here in different shapes of the clip but
essentially they're all the same thing it starts open right and then you fix it to whatever you want to put it on and you snap it closed and the little legs dig into these this middle piece and the barbs prevent you from pulling it out and it's actually a tough little
co-wallow that I didn't push anything we
skipped several slides for no reason
okay so one cool attack is you can just clip it off whatever it's on and then you dunk it in salt water or anything that's you know conductive and you you can use a battery or a power supply and you attach the leads to each side and you can just essentially you rust it really fast and because you know the main part of the the seal is plastic it's not affected so you just rust these little metal pieces until they're gone you pull the old clip out and put a new one in and it works like a charm so here's a picture of it once it's been
through the electrolysis process and then now it's ready to take a new clip now it's a little difficult to do sometimes you have to you know scrape out whatever little bits of the old clip might be in there but it's a really cool attack and it only takes about half an hour and again this doesn't need to be on the thing that you're attacking you just clip it off and then put it in your solution and go the other seal we're
going to talk about is called metal cable seals and this is the first of three seals this type of seal not necessarily the models that we're going to demo these this is the first of three that's approved by Customs and Border Patrol for for their sealing needs for all they're tamper stuff so they use the heavier duty cable seals but essentially the same idea and there was there was one that they use in this year's tamper contest and I think all the teams defeated it or at least the majority of them so essentially what it is is you
put the cable through one side I have another one here so you put the cable through one side and then it should lock into place just like a little little beaded cable seal and there's a little spring in there that pushes a little gear so when you try and pull back the teeth of the gear and the braiding of the cable make it so you can't pull out so what we could do is just shim it right so I have one prepared you can see past this tug test you want to you come here so just tug on that that cable a little bit to make sure it's locked give them a thumbs up if it's locked alright people think I'm bullshitting I'm sometimes so we got a audience participation and all that so I have my shrimp kind of just inserted but you know you see it's still locked so we're gonna do is we're gonna do the same we did for the other one well we just kind of put it through oh but I scrunched it oh I broke it oh I'm tarded okay it's done I tart I'm tired shut up yeah this one's long hmm oh it started I've ruined it sorry too much Jager you can thank dark tangent for that what
you can also do is just put a little magnet on it and it'll it'll pull the the gear away and then you can pull the cable out so hard drive magnets work obviously need a different magnet depending on the size of the gear the strength of the spring and the size of the cable but definitely doable the next
C we're gonna talk about is called the metal ball seal and these are every company I could find that sells these sells them as tamper proof no tamper resistant no maybe you can tamper it tamper proof every company I can find and so what it is is on the top is
unsealed and so you pull the strap through and then normally there's obviously the ball over this section but there's rings clipped around each side they don't go through right there's a ring like this and it snaps together under you know the force and when you push the strap through it pushes the Rings through and they snap together when both sides can fit through the holes and then you can't pull your strap out so let's talk about well how can we
defeat this because this is a pretty complicated lock it's very simple and design but how do we defeat it right so to defeat it by you know so-called picking we'd have to rotate the Rings back and spread each of them to get the strap out so that's pretty hard and you know there's some in the confidence area you could you can look at it's a very small little area that you have to work with and trying to rotate and spread in that area is very difficult we could always try you know cutting the strap somewhere that they might not look at and repairing it it'll probably fail the tug test but maybe that's a basic defeat you could try and then what about can we counterfeit it can we change the serial number can we take another one and ricci realize it can we make our own strap and then see realize that these are all you know varying degrees of difficulty but just think about that what else can we do anybody ideas thoughts comments concerns guys are quiet I'm sorry you can manufacture the Rings but how do you get the Rings in there apart and how do you get new ones on because that bolt doesn't there the ball doesn't come off even if you cut the Rings ah I'm sorry vibratory no that will not work cuz you need to actually spread the Rings nice try though okay so the the defeat we came up with for this year's Stamper contest is we
made dyes to recruit metal balls so we get our target metal ball seal we cut the ball off we take two halves from other seals we put them back on after we separate the Rings and take it take it apart put it on wherever it's supposed to go and then we just recruit it right
so can you tell which of those photos has has a tampered seal any of them one two three of them well I didn't tell the people at blackhat so I guess I can't tell you but there's at least one of them that's been tampered with it's difficult and it's kind of a contrived thing obviously because you only see one view of the seals but it's very difficult to tell so think of this from arm's length very difficult to spot the
next seal we're going to talk about is a bolt seal and we talked about this a little bit earlier there's lots of different varieties and you know do they serialize both the bolt and the body is the the bolt all metal or is it covered in plastic and then they have various little anti-spin techniques so here's
what most of the insides look of them and there's there's two varieties one uses a little clip and one uses a ring so this is an example of the clip one it's just you put your bolt through and then the clip snaps around the head of the bolt and then you can't pull it out you can also see on the left it has these flats to prevent you from twisting the the bolt while it's in you could twist it if you turn hard enough but you'll chew up the plastic and again that'll leave evidence of tampering so
let's talk about some basic defeats through these we could just cut part of it off and then try and reseal it and see how it how it works potentially difficult it's easier on the all metal or all metal bolts but varying degrees of success we could also
drill and repair or replace the bull so I think to think is that hard it's pretty hard depending on the ball some the ones actually don't spin probably a little easier so you don't have to worry about the bolt moving around but you just put a drill at an angle which is a difficult thing in the first place and you just go down there and hit the hit the little ring or the clip oh well I'll tell you about something we
did this year we had a tamper O'Day what we did was we made a custom a custom a little drill piece and I just fit around the body of the bolt and we put it on our drill and it's spin it okay so we'd spin it and while spinning it we pull both sides and doing so causes friction between the little clip and the bolt and it slowly chews away the bolt and the clip until it can pop open and on tamper-evident wiki comm after the after the conference you guys can see all of our documentation there's some videos of us doing this on YouTube I think you just search DEFCON 19 tampering yeah DEFCON 19 tampering and you can see the video and it works really quick and it's pretty easy and depending on the design of the of the bolt you know it will leave no marks or little marks and it's kind of a beta thing we need to work on the design of the tool but for now it works really well even though it leaves some marks on the body from just having to grab it but we're working on
it so next thing we're going to talk about are called crimps and wraps so the
first type are crimps that are similar to our mechanical seals but essentially there are little pieces of the lead or aluminum that we squish and usually we swish them around a wire or something so it's just a little frangible wire and then you squish this piece over it and then you can't separate the wire so in this example this little flag just gets rolled up over a wire it's very tight and it's hard to pull the the wire out most of these like basic types of crimps aren't serialize so they're very easy to counterfeit if you have the same you know in this picture it has a USL C type thing they're very easy to defeat if you have the same type of crimp or if you can replicate that type of effect and there was a bunch of little crimps in
this years contest that everybody defeated so here's an example of a squeezed crimp so instead of the roll
that just rolls that little flag up you physically squeeze a little piece of letter aluminum and then you leave an imprint if you has a little imprint and these are kind
of cool because if you actually take the time to inspect them very thoroughly then you can get a pretty good degree of anti tampering out of them because think every time you crimp one of these little pieces it's going to deform in its own unique way so if you take a really high-resolution photograph of it and then you inspect it in that same same manner then you can potentially detect alterations to it or replacement there's a lot of lead seals in the conference in the contest this year they're all defeated I think we all basically use the same thing where we clip the the cable and then we we put it back in and crimped over it so that it's stuck again but there's lots of different things you could do and again so think about how far you willing to go to detect tampering because it's obviously expensive the more you do and the farther you go but you know are you willing to go that far think back to our example of Russia in the US with the postcards how much mail are you willing to censor or pass through this tampering to detect you know spies and all that kind of stuff this is a photo of the
seal crimping tool it's just a basic little hand tool there's these self
crimping seals that are pretty cool and essentially the same thing you thread a wire through the back but you could just snap them together with your fingers they suck pretty hard actually the ones that I found at least you can see on the right that one's actually you know fully locked thing and you could just essentially put a little lockpick in there and push out the parts that need to be pushed out and reopen it so this
is something that's more familiar to you guys and these are just little plastic wraps that fit around a lot of pharmaceuticals or food packages and that kind of stuff and they kind of have mixed mixed effectiveness a lot of people put these on their products just to say I have a tamper seal on my product with no I to how good it is or how valuable it is to you know quality assurance and that kind of stuff but the real question with this kind of stuff on food and pharmaceuticals what's your what's your real goal right so is your goal to prevent replacement of the pills replacement of the bottle is your goal to prevent people opening it and doing whatever they're going to do with full access what if we just take a needle and you know inject some kind of doping agent onto the pills would that be detected because obviously the most part you can bypass this little seal now again we talked about you know defense-in-depth we have the four are normal bottles we have all these layers of things that we have to go through to open it but think think of these things is that the right thing to do a lot of these that are used aren't very good and usually it's the design of the bottle like this kind of this kind of seal is similar and if you just put this in boiling water or just very hot water it'll it'll loosen up the plastic and you could just go pry it open and depending you know depending on the container what's inside of it you could just get one off full and then just put it back on at your leisure and the same is somewhat true for these although these little plastic ones are a bit more the heat affects them a lot more than you know these bigger plastic seals but a lot of them how many of you have ever bought a product where you just kind of wiggled it off and you got it off intact right oh he was just raising his hand you didn't have a question I'm tarted sorry how many of you you know think of the ones you couldn't take off how far do you have to cut up this little seam to get it off probably not all the way right usually very little if any at all so think how can we cut and repair that and think a lot of these are pretty easy to counterfeit because nobody really serialize ism so you could just if you have another one you rip this one off put a new one on and then heat it back up so it shrinks so think again how far you willing to go to detect tampering are you gonna take photos of the exact pattern that your little plastic wrap seals on to whatever you're doing as you get bigger and bigger you you know think like huge companies they can't afford to do this kind of detection it's just a well we put a tamper seal on it because the law says we have to the next and
last thing we're going to talk about are adhesives and he says are super popular for sealing a lot of stuff almost all the the packages we get are sealed with some form of adhesive and then you can also extend this to think about you know envelopes and that sort of stuff and and the bank bags we talked about earlier but adhesives are kind of they're not
very great and one funny thing is that there's no standard for high-security tamper adhesives there's one for mechanical seals but I thought the funny thing was is that they don't actually test for tampering for this standard until 2012 so there's all these seals that say you know we're compliant but it it doesn't mean anything just yet because they haven't enforced this tamper-evident testing so adhesives are kind of bad because they're misunderstood a lot of companies think you could just slap on a sticker you know on the back of your xbox and then you're great you know you know all the morons in the world you're just gonna rip it off and then go oh damn like you know I guess I can't stand it back now but you know think of a more sophisticated attack you know can we shim it can we just put like a piece of coke can or wax paper and just get it up can you know well heat help us get that off water steam solvents temperature again both hot and cold and then also there's always counterfeiting there was a funny situation earlier where they were judging the tambour contest and they said you know when you when you apply this tape because you know the goal of contest is to lift the tapes and put them back down they said you know did you get dust on here and I go no when you use this roll that's just how it looks and they didn't like that at all but but we actually have dreams of one day giving back to boxes for our tamper contest because we can counterfeit so much of it that we could just duplicate it but I've told that's bad form so we haven't done that yet so
the thing about this is that you could put whatever you want on a piece of tape but that doesn't make it any better than a piece of tape so this is an example called tamper evident tape and it's it's tape and it's it's not very good at being tamper evident now the main feature of this is that if you cut it you know think again to our target example if you just take your knife and you slice it open it's going to be very difficult to realign all these little lines so that they look right but again why do I do that when you could just put acetone or isopropyl or any of these things that you could buy on your local drug or hardware store or pharmacy to lift the tape so the real questions are
you know when you look at an adhesive is it serialized what's it applied to is that on wood is it on plastic is on metal is it on paper because all these things depend how well it's going to adhere and then you got to think you know what type of material is the adhesive the backing you know tapes are a combination of a backing so like your little plastic layer and they adhere under it so you combine that with you're sticking it to is gonna determine how well it sticks and how long you need to leave it before you it sticks because think think about a big company you're a shipping company you get an order in you want to get that out as fast as possible so that customers are satisfied so you slap tape on it and then you send it out right away well that tape hasn't had time to cure so it's gonna be a lot less resistant to attack so think about how do you integrate all this kind of information into making a more secure tamper-evident system and then you got to think what type of residue if any does the tape leave behind how much do you really need to remove to open whatever is you're working on because the answer is generally never all of it almost very rarely it is you have to remove the entire piece of tape right so
the two things we have and we'll just talk we'll go right into them is a full
residue tamper tape and that's where if you pull the tape up you know if you just physically force it up it'll leave behind a residue and that residue will be the full width of the tapes you can see here there's a little residue all the way to the bottom right and then a partial residue tape will only leave a
certain imprint there's also what's called no residue tape where when you pull it up it doesn't leave anything behind on the substrate but it voids itself so that the tape now it says void or whatever in the same way that this leaves behind residue so let's talk
about solvents because solvents are probably one of my favorite aspects of adhesives even though I never paid attention in chemistry in school so let's think about common solvents
acetone isopropyl carbon tetrachloride is funny because the CIA used to love it I don't know if they still do I'm actually not with the CIA if you hadn't noticed but yeah food but it's extremely dangerous so we don't really use it for the contests and I think it might even be illegal and in a lot of the nearby states but it's actually extremely effective at lifting a lot of adhesives methyl ethyl ketone is pretty strong but it could be useful for some stuff and then pretty much the sky's the limit you know any type of solvent will probably work on something you know again it depends on your backing depends on your adhesive depends on your substrate all this kind of stuff and so literally the sky's the limit there's huge amounts of solvents you can pick from I did a black hat teaser talk for the training and I didn't want to show solvent in it because I wanted it for the contest I wanted to be a secret so I replaced it with aromatic bitters so my goal was to no no I got I thought this out my goal was to identify all the bad teams by whether or not they added aromatic bitters to their their their kit so think about how do we inspect
adhesives because it adhesives and and envelopes and that kind of stuff we generally have a more of a drive you know when we see them we could tell if it's been tampered with or not so we look for cuts or tears or wrinkles any distortion you know if it has lettering we also want to look at has it changed place again how far are you willing to go to look at this kind of stuff is the texture of a different is the gloss different when you peel it up is the adhesive the same strength if it's supposed to leave a residue does it does it leave it properly has it been altered so there's lots of
stuff if he's the bad part about solvents is that if you use the wrong one you're probably screwed so this is just an example of a ruined tape and you
can see it just basically dissolves and leaves the security pattern behind and if we look at this again you could see
it even flared out to the sides here so it's all covered in blue ink if use heat
if you use too much heat pretty easy to ruin a lot of adhesives so here's an example one thing that a lot of solvents
do is that they affect the the gloss of the tape itself because you know generally speaking you don't want to put the adhesive on top of it of the banking backing you want it between whatever it's stuck to you in the adhesive because it doesn't really do you any good to have it on top of it because that's not what's holding it there so if you get it on top you might change the actual texture or gloss of the the backing itself you can also look even
you know as far as you want to get into this so look at you know is it actually stuck and when you peel it does it feel the same does it look the same so again
here's another example of heat with all the letters are all distorted and smeared big bubble marks let's say you
use solvent and the solvent lifts the tape but it damages the adhesive so the adhesive doesn't work right so you got to add new adhesive right if you want it to look right pretty difficult to do and you can see here's a photo of glue being stuck kind of around the edges from it being reseal here's an
example of aerosol adhesive so when you use aerosol it's a combination of whatever the sticky stuff is and the propellant that actually makes it spray out and here's a photo of all those little particles on the tape itself and so that's obviously not normal because that's not how normal adhesives come so
the things I want you to take away from this talk or that there's lots more seals there's hundreds of types of seals out there and little design variants that make certain attacks better or worse there's always room to improve your methods to defeat everyone's leaving geez and so how do we improve our defeats how do we improve more importantly our installation our storage our inspection methods because at the end of the day you don't need to beat the tamper seal you need to beat the people looking at them and that's generally a much easier thing to do and how do you integrate all this into you know whatever your business is so don't think that you could just slap a sticker on and then it's going to work the hard part about it is that unless you're crazy like me it's hard to to evaluate seals you know CLA versus gob and determine which one is better and there's no real information on the on the internet about how to do this so that's one of the goals of the contest that that DT is running is a starting this year all the documentation will be a public wiki every year for the contest so we do all our defeats we type it up and then once Def Con is over that all gets published to the internet so you can look up you know the this seal was this used in the contest how do people defeat it and what are ways that we can make it better that we can use it better in our business so I want to thank you
all for coming are there any questions