Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why ? They could embed some sort of a trusted platform module with crypto and (physical) intrusion detection, just like payment terminals.

If you open the case, the system deletes the keys and you can say bye-bye to your contract.



Physical intrusion detection can be defeated. All it takes is one person to open it up to document where the microswitches are, and a careful bit of work with some tin snips and you're in.


Yes all physical security can be defeated but you could make it exceptionally difficult to do. As an example, I used to work on financial terminals and sat across the isle from one of the security engineers. They actually embedded conductors in the case that created a known EM field when the case was closed. If you opened the case, it disturbed the field and erases the keys. If you drill a hole in the case, it disturbs the field. If you melt the case and insert a metallic object (screw driver or knife) it disturbs the field. This was just one of the physical security measures.

tl;dr - modern physical security is much more than microswitches.


Do these systems still hold up when an attacker has practically unlimited physical access to the device and you do not?

This seems like a very challenging environment for tamper detection.


I'd like to see that stand up to mom vacuuming right next to the unit.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: