In what I am sure is only a first in many similar demonstrations, researchers are able to add or remove cancer signs from CT scans. The results easily fool radiologists.
I don’t think the medical device industry has thought at all about data integrity and authentication issues. In a world where sensor data of all kinds is undetectably manipulatable, they’re going to have to start.
Research paper. Slashdot thread.
Posted on April 12, 2019 at 11:13 AM •
Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering.
Posted on May 4, 2018 at 6:19 AM •
“Do Not Disturb” is a Macintosh app that send an alert when the lid is opened. The idea is to detect computer tampering.
Do Not Disturb goes a step further than just the push notification. Using the Do Not Disturb iOS app, a notified user can send themselves a picture snapped with the laptop’s webcam to catch the perpetrator in the act, or they can shut down the computer remotely. The app can also be configured to take more custom actions like sending an email, recording screen activity, and keeping logs of commands executed on the machine.
Can someone please make one of these for Windows?
Posted on April 24, 2018 at 6:04 AM •
Brian Krebs is reporting sophisticated jackpotting attacks against US ATMs. The attacker gains physical access to the ATM, plants malware using specialized electronics, and then later returns and forces the machine to dispense all the cash it has inside.
The Secret Service alert explains that the attackers typically use an endoscope — a slender, flexible instrument traditionally used in medicine to give physicians a look inside the human body — to locate the internal portion of the cash machine where they can attach a cord that allows them to sync their laptop with the ATM’s computer.
“Once this is complete, the ATM is controlled by the fraudsters and the ATM will appear Out of Service to potential customers,” reads the confidential Secret Service alert.
At this point, the crook(s) installing the malware will contact co-conspirators who can remotely control the ATMs and force the machines to dispense cash.
“In previous Ploutus.D attacks, the ATM continuously dispensed at a rate of 40 bills every 23 seconds,” the alert continues. Once the dispense cycle starts, the only way to stop it is to press cancel on the keypad. Otherwise, the machine is completely emptied of cash, according to the alert.
Lots of details in the article.
Posted on February 1, 2018 at 6:23 AM •
Edward Snowden and Nathan Freitas have created an Android app that detects when it’s being tampered with. The basic idea is to put the app on a second phone and put the app on or near something important, like your laptop. The app can then text you — and also record audio and video — when something happens around it: when it’s moved, when the lighting changes, and so on. This gives you some protection against the “evil maid attack” against laptops.
Micah Lee has a good article about the app, including some caveats about its use and security.
Posted on January 3, 2018 at 6:17 AM •
Last year, I wrote about the potential for doxers to alter documents before they leaked them. It was a theoretical threat when I wrote it, but now Citizen Lab has documented this technique in the wild:
This report describes an extensive Russia-linked phishing and disinformation campaign. It provides evidence of how documents stolen from a prominent journalist and critic of Russia was tampered with and then “leaked” to achieve specific propaganda aims. We name this technique “tainted leaks.” The report illustrates how the twin strategies of phishing and tainted leaks are sometimes used in combination to infiltrate civil society targets, and to seed mistrust and disinformation. It also illustrates how domestic considerations, specifically concerns about regime security, can motivate espionage operations, particularly those targeting civil society.
Posted on May 29, 2017 at 10:22 AM •
Here’s an interesting case of doctored urine-test samples from the Sochi Olympics. Evidence points to someone defeating the tamper resistance of the bottles:
Berlinger bottles come in sets of two: one for the athlete’s “A” sample, which is tested at the Games, and the other for the “B” sample, which is used to corroborate a positive test of the A sample. Metal teeth in the B bottle’s cap lock in place, so it cannot be twisted off.
“The bottles are either destroyed or retain visible traces of tampering if any unauthorized attempt is made to open them,” Berlinger’s website says about the security of the bottles.
The only way to open the bottle, according to Berlinger, is to use a special machine sold by the company for about $2,000; it cracks the bottle’s cap in half, making it apparent that the sample has been touched.
Yet someone figured out how to open the bottles, swap out the liquid, and replace the caps without leaving any visible signs of tampering.
EDITED TO ADD: There’s a new article on how they did it.
In Room 124, Dr. Rodchenkov received the sealed bottles through the hole and handed them to a man who he believed was a Russian intelligence officer. The man took the bottles to a building nearby. Within a few hours, the bottles were returned with the caps loose and unbroken.
One commenter complained that I called the bottles “tamper-proof,” even though I used the more accurate phrase “tamper-resistance” in the post. Yes, that was sloppy.
Posted on May 16, 2016 at 6:03 AM •
This is really interesting research: “Stealthy Dopant-Level Hardware Trojans.” Basically, you can tamper with a logic gate to be either stuck-on or stuck-off by changing the doping of one transistor. This sort of sabotage is undetectable by functional testing or optical inspection. And it can be done at mask generation — very late in the design process — since it does not require adding circuits, changing the circuit layout, or anything else. All this makes it really hard to detect.
The paper talks about several uses for this type of sabotage, but the most interesting — and devastating — is to modify a chip’s random number generator. This technique could, for example, reduce the amount of entropy in Intel’s hardware random number generator from 128 bits to 32 bits. This could be done without triggering any of the built-in self-tests, without disabling any of the built-in self-tests, and without failing any randomness tests.
I have no idea if the NSA convinced Intel to do this with the hardware random number generator it embedded into its CPU chips, but I do know that it could. And I was always leery of Intel strongly pushing for applications to use the output of its hardware RNG directly and not putting it through some strong software PRNG like Fortuna. And now Theodore Ts’o writes this about Linux: “I am so glad I resisted pressure from Intel engineers to let /dev/random rely only on the RDRAND instruction.”
Yes, this is a conspiracy theory. But I’m not willing to discount such things anymore. That’s the worst thing about the NSA’s actions. We have no idea whom we can trust.
Posted on September 16, 2013 at 1:25 PM •
Interesting development in forensic analysis:
Comparing the unique pattern of the frequencies on an audio recording with a database that has been logging these changes for 24 hours a day, 365 days a year provides a digital watermark: a date and time stamp on the recording.
Philip Harrison, from JP French Associates, another forensic audio laboratory that has been logging the hum for several years, says: “Even if [the hum] is picked up at a very low level that you cannot hear, we can extract this information.”
It is a technique known as Electric Network Frequency (ENF) analysis, and it is helping forensic scientists to separate genuine, unedited recordings from those that have been tampered with.
Dr Harrison said: “We can extract [the hum] and compare it with the database – if it is a continuous recording, it will all match up nicely.
“If we’ve got some breaks in the recording, if it’s been stopped and started, the profiles won’t match or there will be a section missing. Or if it has come from two different recordings looking as if it is one, we’ll have two different profiles within that one recording.”
Posted on December 12, 2012 at 12:59 PM •
Related to this blog post from Wednesday, here’s a paper that looks at security seals on voting machines.
Andrew W. Appel, “Security Seals on Voting Machines: A Case Study,” ACM Transactions on Information and System Security, 14 (2011): 1–29.
Abstract: Tamper-evident seals are used by many states’ election officials on voting machines and ballot boxes, either to protect the computer and software from fraudulent modification or to protect paper ballots from fraudulent substitution or stuffing. Physical tamper-indicating seals can usually be easily defeated, given they way they are typically made and used; and the effectiveness of seals depends on the protocol for their application and inspection. The legitimacy of our elections may therefore depend on whether a particular state’s use of seals is effective to prevent, deter, or detect election fraud. This paper is a case study of the use of seals on voting machines by the State of New Jersey. I conclude that New Jersey;s protocols for the use of tamper-evident seals have been not at all effective. I conclude with a discussion of the more general problem of seals in democratic elections.
Posted on October 7, 2011 at 1:11 PM •
Sidebar photo of Bruce Schneier by Joe MacInnis.