This article series is about my personal experiences with some types of tamper evident seals. As physical security countermeasures, seals are designed to allow detection of unauthorized physical access to equipment and therefore deter attackers from tampering with it. Like many researchers, I’m intrigued by the security mechanisms that I come across and want to find out how well they hold up in practice.

Unfortunately, most stickers that I have looked at do not do too well against fairly basic low-tech attacks. I will show some examples of this here and in the following articles.

Consulting

I’m a freelance Security Consultant and currently available for new projects. If you are looking for assistance to secure your projects or organization, contact me.

Introduction

In the context of the off-the-shelf electronic security products, the tamper evident measures are usually implemented as adhesive stickers with vendor-specific designs, often shiny and with holographic appearance.

Potential security goals of tamper evident seals:

  1. Give the end customer a trustworthy indication that the product is still in its original state as packaged in the factory.
  2. Increasing the cost and complexity of counterfeits.
  3. Spotting used products during refunds.

Cryptocurrency hardware wallets and other secure computation devices have particularly strong requirements for point #1. Regular vendors might have a general interest in increasing the complexity of counterfeits, handling returned units or making it harder for customers to falsely resell devices as new, but success for them could be represented by “catching 4 out of 5 used returns from common customers” or “halving the market of high-quality counterfeits”, particularly so if the focus is on being cost-effective simply in terms of sticker price vs. reduced support cost, for example.

The situation is different for security products that handle important secrets, particularly if they are associated with monetary value. Supply chain attacks which replace hardware components or firmware contents may fully compromise the secrets that the user creates on the device. There are a number of scenarios where it is conceivable that malicious modifications of the package do happen, for example at an untrustworthy intermediary seller. Consequently, requirements for the strength of tamper evident seals are significantly higher if one expects them to withstand attackers that have multiple spare units and time.

Strategy: Circumventing the Seal

Seals are usually applied to some essential part of the product packaging or the device itself so that they need to be removed when first accessing the device. One attack strategy is to get creative with alternative means of opening the package without disturbing the sealed area.

Also, a customer might not check the rest of the package as closely as the seal, or might not know what to look for.

Re-Opening Glued Seams

A simple - but not very effective - variant of this attack is shown here:

Trezor One package opened along the glued cardboard side with a blade
Trezor One package opened along the glued cardboard side with a blade
Trezor One package after attack, without re-gluing
Trezor One package after attack, without re-gluing

One can see that this allows access to the device without opening the seals themselves. The thin cardboard edge could be reglued after this step to make the package more convincing. However, unless done very well, this particular attack probably leaves some marks such as cuts or dents in the side, so it is not very elegant.

Re-Sealable Plastic Enclosures

The YubiHSM2 comes in a clear plastic case with a numbered tamper evident seal in the front. Normally, the seal is removed and the case is unlocked at the front to take the device out. However, the small plastic hinges at the end can be cut to get access to the device and then closed again to hide the tampering and make the lid mechanism work normally again.

Here is a closeup view of the cut:

YubiHSM2 package, detail view on hinges
YubiHSM2 package, detail view on hinges

The device contents can then be taken out:

YubiHSM2 package opened at the plastic hinges
YubiHSM2 package opened at the plastic hinges
YubiHSM2 package opened at the plastic hinges
YubiHSM2 package opened at the plastic hinges

To confirm that the case can be restored to its original function, I used a regular lighter to melt the plastic hinges back together. The result is not perfect but works reasonably well. I’m sure that more professional results can be achieved with other tools, for example by using the tip of a soldering iron on a low temperature setting.

YubiHSM2 package, re-sealed hinges
YubiHSM2 package, re-sealed hinges

Half-Opening Enclosures

I’ve recently noticed a second attack variant for the previously shown plastic package design. By opening the case at the front a few millimeters while the seal is still in place, the device can be pulled out of the half-opened enclosure from the side without damaging the case or seal.

YubiHSM2 package side attack
YubiHSM2 package side attack
YubiHSM2 package side attack, seal image
YubiHSM2 package side attack, seal image

This attack only left a little dent in the middle of the seal, which is not something that is easy to spot or attribute to an attack.

Thoughts On Packaging

To generally prevent physical circumvention of individual seals through gaps and less well secured sides, vendors would either have to use multiple seals to cover each side or come up with defensively designed packaging that is very tamper evident or robust in itself.

Further details will be discussed in part II and part III of this article series.