For users who are concerned about an unauthorized person physically tampering with a MacBook Pro, MacBook Air, or MacBook, nail polish (yes, that kind of nail polish) can offer a bit of security, or at least demonstrate potential evidence that hardware has been fiddled with.
Now of course this does not apply to the vast majority of computer users, and these type of deep security concerns are only relevant to a very small group of people. But for those where these type of worries are legitimate, then some selectively applied nail polish can offer a very low-tech method of signaling when an “evil maid” attack has occurred against computer hardware.
The basis is simple, and this is a well known trick in security circles, and the idea behind it is pretty straightforward: flip a laptop over and use nail polish on the screws that must be used to access the internal components of the computer. By painting over the screws on the bottom of MacBook Pro hardware with some nail polish, it serves two purposes; it becomes more difficult to open the hardware, and it is nearly impossible for someone to access the physical internal components of the Mac without it being obvious, because the nail polish will have to be removed before the screws can be accessed. If someone attempts to get to the screws to open the hardware, perhaps to access the hard drive or ROM, they’d have to scrape off or chip through the nail polish, leaving visual evidence that some funny business was going on. Is nail polish on laptop screws foolproof and perfect? No of course not, but it can help. And if you’re in the realm of information security or intelligence, these type of precautions can matter.
Yes, painting screws with nail polish or some kind of sealant will likely void the warranty on a MacBook Air / Pro since you are physically altering the hardware, but if you’re more concerned about securing your hardware and avoiding tampering than product warranties, than it’s a tradeoff that may be worth it. It’s certainly a bit more involved than some other common InfoSec and SecOps tricks like taping over a webcam, but many professions do it anyway for the added security.
All of this may sound a little paranoid, but believe it or not, physically tampering with hardware for a variety of reasons does happen, and it’s typically aimed at accessing sensitive data contained on the target machine (yet another reason to use FileVault disk encryption on all Macs), particularly to users who are in security operations or who may have trade secrets of some sort on their computers. These type of unauthorized hardware access situations are sometimes referred to as “evil maid” attacks, presumably because they can (and do) happen in a hotel room to an unattended laptop, likely while the target person is busy, whether at dinner, out sightseeing, taking a swim, or otherwise occupied. It may sound far fetched to most people, but in the security world it’s not so. There have been reports of people traveling and coming back to their laptop in a hotel room with screws missing, or shipping a device from overseas to have it arrive missing screws, or having been obviously opened and tampered with. Here’s one such example from Mac sysadmin @Kitzy who reported a questionable hardware finding on Twitter:
A MacBook Pro came back from a trip to China with half of its bottom case screws missing. Not suspicious at all. pic.twitter.com/v2k2AuKcIl
— John Kitzmiller (@JohnKitzmiller) January 26, 2016
Obviously this does not apply to the vast majority of Mac users, and unless you’re deep in the world of trade secrets, security operations, or intelligence services, you likely have zero reason to worry about any this. But, if you are concerned about someone fiddling with your hardware or gaining unauthorized access to the internal components, getting some metallic nail polish on Amazon for a couple bucks
And if you’re curious what an “evil maid” attack is or what it looks like, or how an evil maid attack works in the first place, the video below demonstrates an example of one such physical attack on a laptop. As you can see, a skilled individual can open up and modify a computer in about five minutes:
Evil Maid attacks can have multiple objectives; copying data from the computer, accessing data on the computer, placing new data onto the computer, deleting or removing data from the computer, installing malicious firmware onto the computer or hard drive, or performing any other modifications to the hardware for a malicious purpose, even something like installing a physical tracking module, a transmitting device, a recording module and microphone, GPS unit, or much more. As wild as this stuff sounds, the reality is we do live in an era of information security and information warfare, where these extreme type of efforts at hacking, spying, and other nefarious digital deeds are becoming increasingly commonplace.
Even the infamous Edward Snowden appears to have experience with using nail polish for this reason, where he cited on Twitter what he and his previous three-letter agency employer used:
@JZdziarski @EricMichaud @savagejen Loctite works for most, not professionals. Pros have solvents. At CIA, we used glitter.
— Edward Snowden (@Snowden) November 16, 2016
So if you’re closely guarding some data on a computer and you are worried about this kind of thing, get yourself some silver glittery nail polish from Amazon, paint your Mac screws, and you’ll at least have a visual indicator if something potentially nefarious happened.
(Glittered nail polish MacBook screw picture from Trammel Hudson on Flickr)
Interested in this topic? You may enjoy our many other posts on security topics. And of course if you have any thoughts, information, details, theories, ideas, concepts, opinions, or anything else to share on warding off unwanted physical access to a computer, share in the comments below!