Random Mosaic – Detecting unauthorized physical access with beans, lentils and colored rice
December 2021
The history of mankind is also a history of secrets, attacks and defense of the confidential. Steganography, cryptography and technical tools support us in protecting the private. The antagonists of confidentiality operate - depending on the actor - outside or inside legal frameworks, often adapting them with bogus arguments.
If we have objects or devices outside our view, we cannot rule out that there was unwanted/unauthorized access to them and the confidentiality and integrity possibly no longer exists. If there has been an unauthorized access (attempt), it is in the interest of the affected parties (owner/proprietor/transmitter/receiver) to know about it in order to initiate any follow-up measures and not to think themselves in a false sense of security.
For thousands of years, seals have been used in various forms with the goal of certifying the confidentiality and integrity of letters, for example. Attacks on these protective measures are similarly old. This continues to this day, but these attacks are now taking place on a very different level. A lot has changed since then, especially due to digital communication and the widespread presence of technical devices, as well as the accumulation and automated analysis of data. Modern communication tools reach very deeply into our lives, so their confidentiality and integrity should also be a very high priority.
Below we show a few examples of these attacks, summarize known countermeasures and introduce a new method.
Table of contents
Intrusions and attacks
Tampering in transit (supply chain interdiction)
While the U.S. government has claimed for years that Chinese companies are building surveillance technology into devices exported to the U.S. (such as networking equipment), it was revealed in 2014 in the book “Global Surveillance” by Glenn Greenwald that the NSA’s “TAO” (Tailored Access Operations) unit has been intercepting and tampering with technical devices in transit since at least 2010. Netzpolitik.org summarizes:
... continue reading