Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Categories
Random page
Top Contributors
Recent changes
Contribute
Create a page
How to help
Wiki policy
Adapt videos to articles
Articles in need of work
Help
Frequently asked questions
Join the discord!
Help about MediaWiki
Consumer_Action_Taskforce
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Security through obscurity
(section)
Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
Purge cache
General
What links here
Related changes
Special pages
Page information
Cargo data
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Obscurity Cannot Improve Security == Obscurity in practice involves intentionally altering the appearance of something to make it difficult to understand, while keeping its end function unchanged. In software development, obscurity is often used because it can be implemented automatically, however it is also possible to apply obscurity in hardware. Companies use various methods to achieve this, such as: # '''Software Refactoring:''' companies may refactor computer code in production by renaming values from human intelligible to machine intelligible. As an example the function "sendKey()" may be renamed to "f_019278()" throughout the entire codebase. This does not truly promote security because any person can reverse-engineer what the code does and come up with their own naming schemes for the renamed values. A prime example of this is the video game Minecraft, whose source code is refactored in production. Minecraft's code refactoring has been bypassed years ago and projects such as the [https://docs.spongepowered.org/5.1.0/en/plugin/internals/mcp.html Minecraft Coder Pack] provide environments where intelligible code is viewable. # '''Software Obfuscation:''' companies may obfuscate computer code by changing the instructions. This may include adding instructions that do meaningless actions or replacing actual instructions with more complicated ones. The end result of this obfuscation is always that the end functionality of the program is unchanged even though the steps are different and possibly unintelligible. This can also involve adding decoy code that has no purpose at all and merely exists to slow reverse-engineering. # '''Software Encryption:''' companies may provide software in an encrypted format that must be decrypted before running. A problem to this form of obscurity is that the consumer will need a key to decrypt the program and run it, so a reverse-engineer could obtain this key and read the program. # '''Physical Refactoring:''' companies may remove identifying information from physical components or change component appearance. Notably in the [[Tom Evans Audio Copyright Strike]], identifying numbers were scraped from nearly all components to make repair more difficult. [https://www.youtube.com/@MendItMark Mend it Mark] was able to reverse engineer the entire product regardless. # '''Confidential Schematics:''' companies, like [[Apple]], may keep schematics confidential, however this will not deter someone with enough time and resources from reverse engineering a product and creating schematics of their own. # '''Physical Obfuscation:''' companies can design physical products so that they have the same functionality but are unintelligible. As an example, consider a set of scissors that can only be moved by a giant [[wikipedia:Rube_Goldberg_machine|Rube Goldberg Machine]]. The scissors still cut paper but the steps taken to cut the paper is ridiculously overcomplicated. Ultimately, vulnerabilities will exist in functionality regardless of how a product's appearance is changed. Obscuring product information merely increases the amount of time it will take to reverse-engineer a product and does not actually provide any benefit to security.
Summary:
Please note that all contributions to Consumer_Action_Taskforce are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (see
Consumer Action Taskforce:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:
Cancel
Editing help
(opens in new window)
