Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This or the 'glitter nail-polish' pseudo-holographic identifiers both ignore that if you have a physically identical laptop save cosmetics, you can swap in the motherboard and hard disk from the replacement unit. Externally, it's identical, internally it's all compromised.


Presumably the laptop could be designed such that opening the case would separate some contacts in a circuit, which in turn would clear some important secret value from memory.

If you have a separate authentication device, it could warn you that this had happened, to prevent the attack of someone opening the case to add a circuit which broadcasts your key presses, for example.

This still only reduces the problem from keeping your laptop with you at all times to keeping your authentication device with you at all times, though.


I believe this is what TPM lock solves, but possibly not perfect.


If you put the nail polish on the screws or seams, you could make it where you couldn't take apart the laptop to replace the motherboard without damaging them, right?


If we fixed everything else then this wouldn't be hard to solve.

Have the machine generate a TOTP which you compare to the same code generated on a phone/second device.

To prevent or at least make nearly impossible a MITM of this, the TOTP is calculated by the TPM and only while the network card(s) are off.


We haven’t found a l33t who can swap an macOS motherboard in 15 minutes.


Hmm it took me 2 hours when I had to do this a few years ago, but I'm pretty sure I could do it in 15 minutes if I practiced a few times and had 3 drills with two torx and one phillips driver bits.

Swapping the SSD and adding a keylogger to the ribbon cable would be a lot faster too, maybe 5 minutes with practice.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: