Re: Security fasteners

On 3/5/2025 2:56 PM, Dave Platt wrote:

In article <vq68c3$1p096$1@dont-email.me>,
Don Y  <blockedofcourse@foo.invalid> wrote:

What value "security fasteners"?  One can purchase "drivers"
for damn near any of them, cheap.
>
Is the intent to discourage *casual* disassembly (given that
anyone determined to do so can purchase same)?

 That's probably part of it.
 

                                           Perhaps to
be able to argue (in a court of law) that the other party
took "extraordinary measures" to gain access to the internals
of your product (so, if he was injured in the process, it
shouldn't fall on your shoulders)

 Another part of it, likely.

I'm just looking at the types of places that I encounter them
(in electronic kit).  PTZ camera assemblies, securing the mounting
ears to servers, etc.
These are markets where the "user" would likely have ready access
to such tools; it's not like using them to secure parts of a
*dishwasher* or other device that would likely be used by
The Masses.

Or, the hope of *actually* preventing disassembly?

 In some cases, it's a question of "anti-circumvention".  Products
which are handling secured media (e.g. any high-definition video which
has Denial-of-Rights-Management involved) often have to meet a
security standard which requires that any access to the decrypted
media data would require the use of "non-ordinary" tools and
equipment.  If they don't, the DRM/encryption provider won't license
the product and provide the necessary product provisioning keys.
 Using "security" fasteners which can't be opened using a flat-blade or
Phillips screwdriver can be enough to move the product out of the
"access using ordinary tools" category, and be good enough to meet the
requirements of the media license holder.

<frown>  Seems like a pretty low bar, given that the tools are dirt
cheap (e.g., one can buy a set of "security bits" at Harbor Freight;
an Avsafe tool might be a bit more obscure but, in the days of internet
search, that doesn't seem all that high a bar, either!)

Back when I was working for TiVo, and this issue came up with one of
the vendors we were working with, I suggested that the only way to
really deter people from opening up the DVR case and trying to access
the disk and its contents, would be to install at least one alien
face-hugger egg inside each unit.  A few people open the cases, die
horribly, and unleash a plague of vicious acid-blooded monsters on
their communities... eventually the word would get around and people
would stop doing that :-)

We used a similar ("consequential") approach to protecting against
literal counterfeiting -- design the product so that copies (created
without knowledge of how they were detected as such) would fail
*randomly*.
A device that fails HARD when it detects that it is a counterfeit is
relatively easy to work-around.  OTOH, a device that just "misbehaves"
is difficult to diagnose as the cause-effect change, rapidly.
The user/purchaser gets disgusted with the shitty performance and
returns it -- or, gets word around that the particular vendor sells
crappy products (need not know that they are counterfeit).
I had a client who wanted a "foolproof" accounting system for
"amusement devices" (think "coin-op").  His hope (delusion?)
was that he could then entrust UNTRUSTWORTHY people with the
maintenance of his equipment (including access to the coin
handling portions thereof) and always be assured an accurate
accounting of "play".
I proposed a dozen different schemes -- and then demonstrated how
easily they could each be subverted (often with no/low-tech).
"Hire trustworthy people.  Better yet, require TWO people to
be present to perform such actions and hope BOTH can't be
compromised."  (this is how gaming establishments work; but,
then, there is "real money" at stake, there!)

Management wouldn't go for it, and decided that security torx screws
would be sufficient.

You can store "stuff" as charge and coat the die with aggressive
agents that would make microprobing (a live circuit) difficult.
But, all this (and any similar measures) does is raise the bar
for the "aggressor".

I.e., wouldn't a tamper-proof "seal" be cheaper and more
conclusive?

 For warranty purposes, possibly so.  However, this won't
"protect" the internals of a product where the owner has
no intention of ever letting the product get back into
the hands of the manufacturer for examination.

That's the nature of the question.  I don't see any sort of
fastener that does anything meaningful /if the device can
be in an unsupervised situation/.
[Note that fasteners on garage hardware (tension springs) are
simply painted RED and accessible using standard tools.  If
you are silly enough to dick with them, be sure to count your
digits afterwards!]
OTOH, if you expect to see the device *again*, all you want is
something that makes such tampering evident.
E.g., the "do not remove this screw" fasteners on disk drives are
just "hidden", undisguised, under an adhesive label.  That, alone,
should tell a casual user "don't mess with this" (cuz you gonna
break things!)