I have been informed that someone was successfully able to compromise the hologram on a Casascius Coin this afternoon at Def Con 21 in Las Vegas. Having been a regular attendee of Def Con for some time now, I figured it was a matter of time before I’d have the honor of being a subject of the “Hardware Hacking Village / Tamper Evident” section they have there.
I had a chance to speak with that person today, who goes by Stits (twitter: @stits) and he shared with me the process he went through. It was pretty intriguing, in a nutshell he says he used a particular solvent and method of application, and in the process, left a very minimal amount of visible damage to the hologram.
A few people have said as a result: “Oh no, what about my Casascius coins?” Not to worry. Keep in mind that for someone to accomplish an exploit like this, they have to have physical access to the coin. Every single coin I’ve sent out is an honest unexploited coin. Secondly, Stits compromises tamper-evident technology as a stated hobby, and although others can surely duplicate it, it’s not as though it’s super easy. Finally, I have always assumed that a compromise has been possible: I’ve disclaimed it from day one, noting that the core purpose of a Casascius Coin is as a proof of concept, not negotiable money. Clearly though, this reported success speaks to the need to inspect closely and trust your intuition when it comes to someone giving you a Casascius Coin second hand, sort of the same way you should be wary of bogus $100 bills at a Satoshi Square.
That said, now that I understand the exploit, there’s a few things I’m going to try, in order to make it more challenging. Specifically, I anticipate that the laser rimming I have been doing to the 1BTC silver coin recently might present an interesting obstacle. Stits says he’ll be getting one tomorrow (Sunday Aug 4) and will take a shot at it. My congratulations to him, of course, if he succeeds. Stits has been open and cooperative and felt willing to share with me plenty of information about what he understands regarding the materials I use in my coins.
Having been to Def Con repeatedly, you get the sense that there are skilled individuals who are going to be able to break into anything. In addition to computer security, Def Con prominently showcases exploitation of physical security, even offering a “Lock Pick Village” where attendees are offered lock picking tools for purchase, basic training, wide arrays of locks to attack, and contests for skilled/professional lockpickers, where the world’s highest security locks are consistently beaten in single-digit seconds.
Physical security is a cat and mouse game. I may improve my coins, and someone out there will beat it, particularly as they garner more attention and perceived value. That’s all there is to it. At my software business, I’ve taken our software developers and support department out there to previous Def Cons just to show them that the lay of the land is there’s highly skilled people who with determination can break anything, and that it’s always safe to assume that if they have a will to get into something, there’s probably a way, and that assuming nobody will try or succeed is never safe.
EDIT: Stits reports on Twitter that, in addition to the minor damage introduced at the hologram edge, others are noticing that the compromised hologram is not as “vibrant” as an untampered one. Exactly what the difference is (and whether the untrained eye would notice it without an untampered reference) remains to be seen, by me at least. I plan to send Stits some more coins, partly because I’m cool like that, partly because I’d like to give him the opportunity to refine his attacks, and partly because I’d like to experiment with some countermeasures and see what he thinks of them.