Tampering with Tamper-Resistant Screws

A wide array of products are secured with tamper-resistant screws. From restroom partitions and vending-machine coin-mechanisms to double-cylinder deadbolts and access-control keypads, these specialized machine-screws are employed to keep mischievous people from messing with stuff. These fancy screws are good for some applications, and they are not good for others.

First we’ll address what they do well. Tamper-resistant screws can be installed in place of any existing screws. They’re designed to be difficult to remove without special tools –tools that unauthorized personnel are unlikely to have. These screws work well for this purpose, in relatively low-security applications; and they cost quite a bit less than locks do. When the threats to be defended against are nothing more than a little vandalism or minor theft, for example, tamper-resistant screws are a very good solution.

Their usefulness in higher-security applications is limited not useless, but limited. Security screws should not be used without an understanding of those limits, so let’s discuss those limits. This article will address a few of the most common types of tamper-resistant screws: one-way screws, spanner screws, and a tamper-resistant variation of Allen-head screws with a protruding pin that keeps regular Allen wrenches from working. These three types of screws are shown in that order in Figure 1. The principles discussed in this article apply to other types of tamper-resistant screws as well.

A one-way screw is designed to be installed with a standard flat-head screw-driver, but the shape of the head is intended to prevent a one-way screw from being easily removed with a standard flat-head screw-driver.

A spanner screw has two small holes drilled in its head and is designed to be installed and removed only with a special spanner screw-driver.

Likewise, a tamper-resistant Allen-head screw is designed to be removed only with a specially modified Allen wrench having a small hole drilled in its end to accept the protruding pin in the head of the screw.

While it is relatively difficult to remove these screws without the proper tools, it is not impossible. In order to make good decisions on whether these fasteners should be used for a given security application, it is important that we first understand just how difficult it is for hoodlums to remove them, as well as, perhaps, what kind of evidence a hoodlum is likely to leave behind.

Figure 2 shows our three screws installed in an aluminum plate. The one-way screw, on the left, was installed using a standard flat-head screw-driver. Notice the counter-clockwise ramps in the screw’s head. A screw-driver turned clockwise engages the screw-head and forces it to rotate, but a screw-driver turned counter-clockwise slides up the ramps and accomplishes nothing. The intention is that the screws can be installed with a standard screw-driver but can not be easily removed without a special removal tool that digs into the ramps to get a good grip.

Unfortunately, one-way screws are relatively easy to remove with a standard flat-head screw-driver. All one has to do is push hard while turning counter-clockwise. When a one-way screw has been particularly well torqued by the installer, it may become necessary to use what I call a “poor man’s impact driver” as shown in Figure 3. Smack the screw-driver’s handle with the heel of one hand while turning the screw-driver with the other. It hurts a little, but with nothing more than two hands and a flat-head screw-driver, one-way screws can be removed with little hassle.

What evidence does the attack leave behind? Some gouges in the ramps, as shown in Figure 4. The proper tool would leave gouges as well, so if you want to rely on these gouges as evidence, be sure to install each one-way screw only once. Establish and enforce a policy that any removed one-way screw will always be replaced with a new one.