Glitter nail polish: The new way to protect your data

Glitter nail polish is the perfect way to ensuring your laptop hasn't been tampered with as its random pattern is extremely hard to replicate, experts say

Security experts have come up with a novel way to ensure your laptop or tablet hasn't been tampered with and your data compromised - glitter nail polish.

Physical tampering with devices to steal data, or install malware for monitoring purposes, is becoming an increasing problem, especially when travelling, where border officials can easily confiscate devices for ‘inspection’.

Problems with hardware interference and data theft have been particularly reported by business travellers to China. The UK government meanwhile has the right to suck all the data from a device and store it when people enter and leave the country.

Many people do fit tamper-proof seals over ports and screws, but these can easily be opened cleanly or replicated in minutes by anyone with minimal training, security researchers Eric Michaud and Ryan Lackey said, while presenting at the Chaos Communication Congress, reports Wired magazine.

The pair’s answer - create a seal that cannot be copied. Glitter nail polish is the perfect candidate for making the seal, the pair added, as a completely random pattern is created, unlike with standard paint or a sticker.

Once applied, a photo can be taken on a device such as a smartphone that will not leave your side - or can be left at home - to ensure the image has not been tampered with.

Taking a second picture once you’ve returned from a trip or become suspicious that your laptop has been meddled with, then running the two through a program that allow the two images to be rapidly switched between, will allow you to spot any differences if the glitter nail polish has been removed and repainted,  Mr Michaud and Mr Lackey explained.

The technique is inspired by that used by astronomers to spot minute changes in the night sky.

In the next few months the pair plan release a cheap piece of software that will allow the images to be easily analysed, as well as enable a second step whereby a device cannot be connected to a company system - and potentially compromise it - until the images have been verified.

Comments