What is Tamper Evident Bypassing?
I started writing this article two years ago and only finally finished it! The idea to write about tamper evident bypassing and what it is came up because we had an interview to get into a new school one morning and we were asked about tamper evident bypassing. We were asked what it is and we realised its actually hard to put in words. We also realised that we have all this stuff about it on our site and on our YouTube channel but we never really talk about what it is, so here goes. By the way… we got into that school so yay!!! It’s the best school!!!
What are Tamper Evident Seals and What Are They Used For?
To understand tamper evident bypassing you need to know a bit about what tamper evident seals are. Tamper evident seals are just what they sound like. They are a seal that tells you if someone has tampered with something. They don’t stop someone getting in, but you can tell if anyone has. Dad said it’s whats called a detective control. It detects but doesn’t stop.
Tamper evident seals are used as an extra layer of protection so if someone tries to get into it, you can see some type of evidence like markings or something broken. That way you know someone has tampered with that object or whatever you have put the seal on. An example is you often see tamper evident labels on electronic devices so the people that sell them know if you have opened them and tried to fix them or done something else that will cancel your warranty. You also see them on containers you see on container ships so you know if someone has been in and stolen stuff or maybe put their own stuff in there to try and smuggle, like pirates!
So What Types of Seals Are There?
There are quite a few different tamper evident seals that are used to seal and stop people opening or getting through to stuff. Here are a few different types.
Security labels are labels that are specially designed to show when someone has tried to remove them. There are three main types of security labels.
- Total Transfer Labels: When you remove these labels they leave some type of message behind and ruin the label. It’s a message that usually reads ‘void’ or ‘security’ on the surface it was placed on.
- Non-Transfer Labels: When you take them off they don’t leave a message behind but usually rip, leave the glue part behind, or come apart in some way ruining them.
- Egg Shell Labels: Also known as destructible labels because when you remove them they rip into lots of tiny pieces, like a broken eggshell making them impossible to reuse or to put back together. I might call them Humpty Dumpty labels ????
Here’s another article that goes into more detail about security labels and has some pics and videos so you can see them being removed!
Security tape is used to secure packages like boxes. It looks like normal packing tape but is usually red or orange. It is a lot like the total transfer labels as it’s specially made to show if someone has tampered or tried to get into the thing you sealed it with by leaving behind a void or security message. Once its off you cant put it back on. We once bought some orange security tape when we were at Kiwicon in New Zealand and got through it without much effort. You can see a video of it below. We are using shellite to unstick the glue.
Barrier Seals provide a bit more protection and try and stop easy theft. They are usually metal and can only be removed with a key, bolt cutters, or pliers. They are used a lot for cargo travelling long distances like on shipping container doors. These include bolt seals and cable seals. We once saw two people cable seal themselves at a security conference and spent the next 2 days with files filing them off their wrists. So if you see warning signs at any security conferences that say “Don’t tamper evident seal yourself” you know why! ????
This is a bolt seal – Part of a tamper evident competition we went in
Security bags are meant to keep things secret or safe from being looked at or touched. So they are used for sending secret documents or for things like criminal evidence. They are a plastic bag but once sealed they are like total transfer labels and if you open them it leaves a void message. They can be really hard to get into without wrecking the bag.
This is a bag we tried to get into by freezing. It didnt work 🙁
Pull Tight Seals
Pull tight seals are used for going through two small holes and keeping something shut. For example, through two zippers on a travel bag so you know if someone has opened your bag. The good ones are meant to have a high temperature resistance to stop heat type attacks but should also be flexible so they don’t just snap easily.
What is the Difference Between Tamper Evident and Tamper Proof?
Tamper-proof is more about stopping someone from tampering. It’s making it so someone cant tamper with something. An example is tamper-proof screws. You cant use a normal screwdriver. You need one with a special head. Its sort of a silly term cause nothing is really tamper-proof. If you get the right screwdriver you can undo the tamper-proof screws.
Tamper evident doesn’t stop people tampering, it’s more about showing that tampering has occurred by leaving a void message or visible proof.
What is Tamper Evident Bypassing Then?
So tamper evident bypassing is working out how to get through different types of seals without anyone knowing you have. This might be working out how to remove a label, get into something, then put the label back. Someone looking at the label shouldn’t be able to tell it has been tampered with. Sometimes you attack the seal other times you might find a way around the seal by attacking what it’s protecting.
Ok… So Why Do We Want To Bypass Them?
When I first went to BSides Canberra in 2017 I was looking around and saw the tamper evident bypassing table. Me and my dad went there and tried a few of the seals. It’s kind of a puzzle and puzzles are really fun and challenging which I really like. As well I also want to grow up to be like my dad and his team. It was really fun learning how security seals work. Apart from being fun, if we test them it also helps find problems with them so the makers can fix them so bad people can’t get past them.
Also it’s a great way to meet new friends!
Me at BSides Canberra 2018 teaching someone to bypass tamper evident seals
Boo has a passion for bypassing tamper evident devices, having first got her tiny 6 year old hands on them at BSides Canberra in 2017. When she isn't bypassing tamper evident devices or lock picking, she can be found writing code, programming her robot, performing gymnastics manoeuvres or taking other children down in the MMA dojo.