Glitter nail polish: The new way to secure your data

Security experts have found that glitter nail polish can work for securing your laptop or data against physical tampering.

Published Date
02 - Jan - 2014
| Last Updated
02 - Jan - 2014
 
Glitter nail polish: The new way to secure your data

Security experts have discovered nail polish, metallic paints and stickers can be used to provide additional security to your laptop against physical tempering.

Researchers Eric Michaud and Ryan Lackey made a presentation at the Chaos Communication Congress in which they stated that glitter nail polish can work as a tool for checking whether your laptop has been tempered with.

The Security researchers noted that physical tampering with machines is a growing problem especially business men travelling to China as they face problems with data theft and hardware tampering. So apart from travelling with your laptop 24/7 there is little you can do to make sure your laptop is not compromised.

Eric Michaud and Ryan Lackey have suggested using the technique called Blink comparison. Users can create a security seal that is impossible to copy using glitter nail polish. However, experts recommend taking a picture of the seal to confirm that the paint blob is not reapplied. They recommend using a software program to compare the two images which may not be visible to the human eye. Astronomers use this technique to detect small changes in the night sky.

They added that by taking the picture with a cellphone that users can keep with them at all time will alert the user if their original picture has been tampered with or replaced. The experts recommend using a two-stage remote verification system that will allow the two pictures match precisely, before permitting the user to log in to a potentially vulnerable system such as a VPN. The security researchers stated that they will soon be releasing an inexpensive tool that will support this two step verification process.

This makes it non-skippable by users,” said Michaud, CEO of Rift Recon. “If the user doesn’t do the check, it doesn’t work.”

Source: Wired