Hacker News new | past | comments | ask | show | jobs | submit login
BusKill: A kill cord for your laptop (michaelaltfield.net)
331 points by maltfield 6 months ago | hide | past | favorite | 261 comments



Archive link because the website is down: http://web.archive.org/web/20200102140351/https://tech.micha...

I was expecting a "kill switch" destroying the computer, but that's just a thing that switch off your laptop when unplugged. I guess you could also do this with bluetooth, for example.


"Kill cord" is jargon from jetskis, powerboats and treadmills, which often have a cord you attach to your body that cuts power if you are thrown off. [1]

On Linux there is blueproximity [2] that can lock (and if you like, unlock) your computer based on the proximity of a bluetooth device. My personal experience is that Bluetooth is frustratingly unreliable, and this package was no exception. But it's there if you'd like to try it!

[1] https://www.rya.org.uk/knowledge-advice/safe-boating/look-af... [2] http://www.daniloaz.com/en/automatically-lock-unlock-your-sc...


Bluetooth on Linux is an unprecedented abomination.

You’d think most of it would be similar to network interfaces, handled by the kernel with commands such as ip, iptables, etc to configure it?

Wrong! Instead it’s mostly done in userspace and the tools to talk to it are using D-Bus which is an opaque, inconsistent, hard to understand mess which you can’t easily interact with programmatically.

As horrible as BT itself is I’d give the protocol itself a break in this case and focus on the terrible implementation.


D-Bus is not part of the problem... it is just the common bus for communication between user processes. It is in fact a very straightforwards and well implemented specification.


> D-Bus is not part of the problem

Only in the sense that the bluetooth maintainers never completed the port to D-Bus. So, 25% of what you need to do with bluetooth needs to be done via kernel anyway.

Bluetooth on Linux is a prime example of how open source can fail.


The Bluetooth stack itself is an overcomplicated, terrible specification that leads to most Bluetooth chips have an _incomplete_ port of their own vital functionality.

It isn't shocking that the thing to talk to them isn't complete.


The debacle that was kdbus (and the technical motivation behind it in the first place) makes me wonder about that 'well implemented' part.


Is it possible that the bluetooth unreliability was a driver issue and others work fine?

In other words, did you test different bluetooth devices?


I only tested with my smartphone, as it's the only bluetooth device I reliably carry with me.

I'm sure there are configurations that work - blueproximity probably worked well for its author, or they wouldn't have released it! And I gather Windows offers "Dynamic lock" which locks the screen based on bluetooth.

However, having experienced bluetooth unreliability with Linux, Windows, Android and iPhone; and with mice, GPS receivers, cars, access control systems and sports watches; I am confident the unreliability was not unique to a single bluetooth device.


I used blueprox for years with no fuss. Might try a different bt dongle.


If you are doing proper OpSec, you would have whole disk encryption anyway, in which case destroying the computer is largely unnecessary, I think.

That said, the caveat of XKCD 538 (https://www.xkcd.com/538/) still applies.


In theory an adversary could deep-freeze the computer the moment the kill cord activates. Sufficiently cold RAM doesn't loose data immediately when it loses power, allowing the adversary to make a copy and read the decryption keys from RAM.

Though if this is part of your threat model you should be much more concerned about a thousand more mundane problems, like adversaries reconstructing keystrokes from keyboard vibrations that are easily measured with a laser, or reconstructing screen content from reflections on a spoon.


If your attack vector is adversaries ready to deep freeze your laptop, perhaps you should do your computing in a more secure location :)


It's pretty common for law enforcement to quickly freeze RAM when busting hackers. I've definitely read of cases where suspects encryption keys were pulled from RAM using exactly this method.

The killcord would have been useful for Ross Ulbricht (Silk Road) who was busted by the FBI after using his laptop in public - they grabbed it while he had it unlocked and didn't have time to put it in suspend.


> It's pretty common for law enforcement to quickly freeze RAM when busting hackers

I’d really love a citation on this, especially since “quickly” seems to imply that they’d do this out in the field.


If you can't prevent the device from powering down, you have less than a minute to freeze the RAM before the contents become useless. This can be done with a can of cold spray.

No idea how long you have to power it back on afterwards, tens of minutes to a couple of hours probably.

That said, the proper "kill switch" operation would be to explicitly wipe the key from memory before powering off (if you want to power off instead of just locking).


> you have less than a minute to freeze the RAM before the contents become useless. This can be done with a can of cold spray.

I wonder what their approach to a laptop with poor serviceability would be. I think it would take me more than a minute to get physical access to the ram of some modern computers.


> I think it would take me more than a minute to get physical access to the ram of some modern computers.

RAM is still one of the most accessible parts for most laptops & desktops.

Tablets and phones on the other hand make it much much harder.


That’s because you’re concerned with the laptop still being usable afterwards. :)


> Ross Ulbricht (Silk Road) who was busted by the FBI after using his laptop in public - they grabbed it while he had it unlocked and didn't have time to put it in suspend.

That’s pretty smart by the FBI agents to wait until it was unlocked and sneak up and take it. If instead they stormed in guns drawn, all Ross had to do was close the lid and bye bye evidence.


A secure location is an ICBMable location. (Not that anyone realistically has this problem, but “so safe that Bin Laden would still be alive” feels like the right level of overengineering when it comes to OPSEC.)


> Not that anyone realistically has this problem,

Drone strikes hit and kill hundreds of targets each year. Some on as little intelligence as an IP address used to click a link in a tweet.


There's sdmem for Linux boxes. It has a -l and -ll option that makes it reasonably fast. So a combination of a duress encrypted volume, then killing only "sensitive processes", then clearing cache via /proc/sys/vm/drop_caches, then sdmem followed by halt might be reasonable protection. Your second point, though, makes sense. It won't always be someone physically grabbing your PC.


I would expect the unmount of an encrypted filesystem to secure delete the encryption key from memory. My understanding of the memory freezing attacks is that you don't unmount it, you just kill the power by removing the battery.

With this method, you would still be able to freeze the RAM, reboot the computer, dump the RAM, and disassemble the kernel memory, and discover where the disk encryption key was stored: in that location, you'd find all zeroes.


My preferred method is a custom kernel build that does a few extra obfuscation steps before or after encryption on each data block. While you might find my key in ram, good luck decompiling my kernel module based on a bitrotted ramdump. Simply not storing the key contiguously unless there is an actual IO operation going in is a good start - scatter it around the heap so a simple search won't find it.


I've always heard that cold boot attacks like that require the ram to be frozen before the computer turns off (or the ram is removed).


In reality, RAM doesn't so much instantly lose its contents on power off anyway, the freezing just slows it down. IIRC there are cases of recovering significant portions of RAM a half hour or more after poweroff even without freezing.


You're right, I think an attack could be possible on some computers if the agents act very quickly. I don't think 30 minutes would be possible though, judging from what is said and shown in the original cold boot video:

https://www.youtube.com/watch?v=JDaicPIgn9U


I agree with your comment, I'm not disagreeing with you. Just offering a story I thought was interesting on a recovery technique that works in theory.

I read an article many years ago (I don't have a link but if you're interested google might find it) before ssd's were mainstream. They took a hdd and did one pass of overwriting it with /dev/zero.

Then they contacted some data recovery companies, told them they accidentally blanked the hdd with one pass, and ask for a quote to retrieve the data.

None of them had any interest in giving a quote or trying to recover the data even though in theory it could be recovered with a microscope or however they do it.

As you said, there are a 1000 more mundane ways that would be cheaper and more reliable than deep freeze.


How long does it take RAM to lose that data though? Most laptops take far more time to remove the ram than a PC and it's soldered down in a lot of cases.


Suprisingly long. I've played around with that a bit a while ago and sometimes up to minutes later you could still recover recognizable bitmaps. But definitely not something you should rely on if you want a bit perfect copy, the first bits start to flip immediately upon power loss, some of them take a lot longer and our brain is pretty good at such reconstruction from noisy data, especially if it knows what it is looking at.

I guess the higher the RAM capacity the shorter it would be because of the decrease in physical cell size.


It doesn't need to be that long if you can plug in a bootable disk and copy the memory off.


I'd like to see a post demonstrating this attack.


For getting encryption keys from RAM after shutdown there's this video mentioned by another commentor: https://www.youtube.com/watch?v=JDaicPIgn9U

For using reflections, there's this paper implementing reading screen content from various things like reading glasses, a can of coke or even the user's eye (including a discussion of limitations): http://gauss.ececs.uc.edu/Courses/c6055/extra/reflections.pd...

Right now I can't find something on reading keyboard vibrations with lasers, but here's one doing it acoustically and one doing it via acclerometer of a phone on the table:

https://security.stackexchange.com/questions/23322/keyboard-...

https://dl.packetstormsecurity.net/papers/general/traynor-cc...


> Right now I can't find something on reading keyboard vibrations with lasers, but here's one doing it acoustically and one doing it via acclerometer of a phone on the table:

And here's how to get the acoustics with a chip packet, or glass of water or pot plant: https://news.mit.edu/2014/algorithm-recovers-speech-from-vib...

I'm not sure if that's high fidelity enough to match to a keyboard, but I'm sure that if MIT can do it, someone else can do it better.


In practice such attacks tend to only be performed in forensics labs after running hardware has been seized.


I'm surprised there isn't a "ready to go" solution with a duress passphrase that boots a plausible, but "clean" system.


It's not quite ready to go, but it's doable with TrueCrypt/VeraCrypt: https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%2...


Why is it not ready to go? I used truecrypt hidden systemvolume years ago?

I do not anymore, but did it decreased?


TrueCrypt shuttered in 2014, though an independent audit didn't find any significant issues in 2015. [0]

VeraCrypt is one of the main forks that has picked up popularity, and has addressed some of the minor concerns of the audit.

The hidden volume hasn't had a high degree of success when it comes to deniability [1]. Some leaks closed, probably not all. With the design, it may not actually be possible to close all the leaks. (Especially as "Stoned" can break the full-disk encryption).

TrueCrypt doesn't use the TPM (and nor does VeraCrypt), because the authors didn't believe it added any security whatsoever (as it can't defend against a hardware keylogger, despite making coldboot attacks harder).

TrueCrypt is vulnerable to coldboot, evil maid and the "Stoned" bootkit. Depending on your security concerns, that might be fine, it might not. Other solutions may be better when dealing with those attacks.

[0] [PDF] https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_O...

[1] https://yro.slashdot.org/story/08/07/17/2043248/schneier-uw-...


The "plausible" part is what seems not out of the box to me. Some easy way for the decoy image to show recent real looking activity, and an easy way to use the real image. Probably some integration with a VM or container.


I took ready to go to mean "run a command and it spins up a plausible fake system". The tech of TrueCrypt/VeraCrypt, AFAICT, seems sound, but maintaining the contents of the fake system (so it's not an obvious decoy/placeholder) takes more work.


Deniable encryption is part of a few encryption solutions (probably more than listed below). [0]

[0] https://en.wikipedia.org/wiki/Deniable_encryption#Software


Not really ready-to-go, but can be set up in entirety in like half an hour with VeraCrypt


Well, you would probably want some stealth that doesn't provide that makes it less obvious. Like maybe the duress passphrase decrypts everything except a docker container you use for sensitive work, replacing it with a vanilla docker image.

Edit: Ahh, read up a but. I wasn't aware "veracrypt hidden volumes" are already pretty stealthy. Would probably require some work to make it plausible though...like recent faked web browsing history.


The VeraCrypt guide recommends "You should use the decoy operating system as frequently as you use your computer. Ideally, you should use it for all activities that do not involve sensitive data." You don't need to fake it per se, but section off what needs to be in the hidden operating system (rather than a standard VeraCrypt partition). You are therefore revealing real, thus plausible, information, but not the actual subset you want to hide.


Are we going too overboard hiding our fetish video collections? My family members just leave thier dvds lying around, meanwhile Im encrypting every hd I can.


you'll still have to explain why there is a huge blob of seemingly random data on your hard drive if someone looks close enough.


With whole disk encryption the whole drive is seemingly random data, that's the point.


Last i checked, you don't have to explain sh!t. Besides, I would just tell them i boot from a live cd only to prevent system compromise..


> Last i checked, you don't have to explain

Exactly. One of my favourite vids is Don't Talk To The Police, it's the right thing to (not) do.

https://www.youtube.com/watch?v=d-7o9xYp7eE


The common plausible explanation is you securely erased the disk or partition before. This would produce the same randomness signature.


Are there any known cases of western police forces beating people with wrenches until they gave up passwords?


I think waterboarding is more common. For US citizens they're usually stuck with just solitary confinement, which is a working form of torture but is kind of slow.


A few months in prison for not revealing the password can be unpleasant, too.


Or, under the RIPA act in the UK, a maximum of five years.


That would be far too direct and brutal. Put them in prison until they talk and let the inmates know that they are refusing to decrypt their PC. The inmates will soon enough make their own assumptions why and do the beating themselves. Of course protective custody would be an option, but that is just even further isolation and mental torture.


Sure, read up on Northern Ireland.


Good opsec blends into the crowd.

If the FBI traces illegal activity to a cafe / library / wework office, and you're the only one with a kill cord attached to your belt with a carabiner, guess who they're going to target first.


Shared medium (i.e. wireless spectrum) means anybody can do that, without being too conspicuous. A wire is significantly harder to DoS ;)

(Plus I tried several solutions to do this; BT is not really well suited for proximity detection, teeming with false positives and false negatives)


It appears that it runs a script of your choosing, so you could make it more violent if you wanted (start trashing data, clear cache etc.).

I'd be careful though, as you don't want any "misshaps". It's not likely worth going that far unless you're doing something very sensitive.


You could get similar outcomes to that if you used FDE and had it power off the machine fully. But then also your cat might ruin your day with one step :purplegirlshrug:


I suppose if the drive is encrypted and requires a passphrase at boot, it's effective for FBI raids, etc.


Ross Ulbricht would like to have a word with you.


Two undercover agents distracted him while a third snatched his running and logged-in laptop. https://www.businessinsider.com/the-arrest-of-silk-road-mast...

That sounds like exactly a good use case for this. Or maybe that's what you meant?


they snatched his computer while it he was using it - open and unlocked


I think most MacBook Pros have some accelerometer functions you can access. I wonder if you could create a util to detect if your laptop was picked up and automatically log you out.


Indeed. My point is he had full disk encryption and password at boot and it didn’t stop the govt from accessing his data.


It was logged in and running when they snatched it. Hence why a breakaway mag connector and dead-man shutdown script might have been helpful.


In this case that may not have been useful, assuming law enforcement knows about the cord. Law enforcement will plug in a mouse jiggler (simulated moving USB mouse), having the script detect rogue USB devices and shutting down at that moment would add another layer of protection. I saw that solution a few years back... Maybe this works doubly well for devices with USB and USB-c power connections now... Since law enforcement try to keep power running on machines seized in this way.


How would they know about the cord? Or something more stealthy, like Bluetooth?

I don't think a mouse jiggler would help. A dead-man script would force a fast, ungraceful OS halt. Maybe after emptying some caches and wiping memory.


Whenever I read stuff like this I am forced to wonder just what the fuck people are doing that they feel such a pressing need to hide their data from law enforcement.

I mean, I have plenty of things to hide just like any other reasonably interesting person, but none of it is outright criminal.


There's no shortage of things someone might find morally acceptable themselves while still being potentially criminal. Or grey area stuff, like a business that sells marijuana in a state where it's legal, since the US federal government doesn't consider it legal.

Or use cases like a crypto wallet. Where legality isn't the main concern.


This would be useful outside of "hiding from law enforcement". Plenty of people have jobs where the compromise of their laptop could cause significant damage to their employer or their customers. Many people ready this thread should be taking these precautions.


Parent specifically mentioned "FBI" though, not other actors, specifically law enforcement.


If you happen to have an opinion that is not shared by the current powers-that-be, law enforcement will be happy to look at your data under any pretense it can cook up.

And they'll be equally fine with - ooops! accidentally, of course! - leaking info that you'd like to stay hidden, even if it's not anything criminal.


In other words, it's just a bunch of self-important tech asshats deluding themselves into believing they are important enough to warrant FBI attention?

Eh, believable, but I think it's more likely a lot of them are evading taxes or committing securities fraud.


I would probably look into it if I was already on some government agency's radar for whatever reason. You've probably broken a ton of obscure laws yourself without knowing it.


Journalism, perhaps? https://pressfreedomtracker.us/all-incidents/san-francisco-p...

Or politics (see Watergate), or being a public defender, or environmental activism, or... the list goes on.


Yeah, all reasonable, I just have difficulty believing that the people who post things like the parent are actually involved in any of those activities.


Maybe I sell marijuana in a US state where it's legal, but still have reservations about the Federal government. Or maybe it was just an example and I happen to find the topic interesting.


They could be organizing protests in Hong Kong. Or be a union organizer in South Africa.


Have you ever remembered something that you left in a home directory on someone else's server but only after you no longer had access to it? It wasn't sensitive but then, it wasn't something you'd leave in a public place like foo.com/~name, either. You can't convince yourself they had the inclination to just delete all your trash. You know of at least one person who might have gained access (you don't know whether) and he probably would have engaged in some voyeurism. Everyone who knew him after you were gone knew that he was an asshole, and your one brief interaction with this person indicates that's an understatement.

Did that feel good? Well, it was preventable. That's a kind of thing that a reasonably interesting person might want to prevent.

Anyway, this happened. Not that I'm, like, supposed to be reasonably interesting or anything. ;)


Yeah, it's fine to have stuff you want to hide for a lot of reasons. The problem I have with what the parent posted is that the specifically invoke "FBI" as what they're afraid of. That suggests to me that they aren't just hiding embarrassing or private information, but specifically something illegal. Now, as other posters have mentioned, parent could be an activist or something, but frankly I doubt that everyone I've seen post something similar is. I'm left with the conclusion that in addition to being holier-than-thou assholes and pedants, a lot of tech people are also casually engaged in things like tax evasion and securities fraud.


Yeah it is kind of silly. If you aren't truly anonymous, you blow out some of your deniability just by discussing deniability. You said law enforcement and I straw manned another thing today. Great.


Sigh. I used FBI raids as an illustrative example. Which you've now extrapolated into a weird set of accusations.


I used to have my laptop setup to require my specific Yubikey to be inserted to allow waking from sleep and booting, and when you pulled it out it locked the machine, logged you out, suspended, or shutdown depending on which modifier key you were holding down when you removed it.

Worked pretty well as a "kill switch" when getting up from my desk.

I probably have the udev scripts laying around somewhere.


I'm using a similar setup on macOS, except mine does not use modifier keys; it just logs me out.

YubiCo even provides the documentation to set it up via OpenSC. I guess you can also set macOS up to hibernate and destroy the FileVault key.

(My adversary is not government etc (who can execute a cold boot attack anyway), it is thieves while I'm in transit, and clients around the office.)


Just curious; is this the Yubico guide you're referring to?

macOS Logon Tool Configuration Guide https://support.yubico.com/support/solutions/articles/150000...

Unfortunately, it's not currently compatible with Catalina.

Here are a few more resources for macOS users:

Simple Daemon for lock and unlock macOS with Yubikey https://podtynnyi.com/2017/03/07/simple-daemon-for-lock-and-...

Locking macOS to a Yubikey 4 with PIV and PAM https://www.richard-purves.com/2017/02/13/locking-macos-with...

HOW to lock and unlock screen upon removal and insertion of Yubikey on macOS https://confluence.panio.info/display/PUBL/HOW+to+lock+and+u...


No, that guide uses PAM and OTP. This [1] is the guide. It uses OpenSC and the smartcard feature of the YubiKey (not all support this but my YubiKey Neo (3rd gen) and YubiKey Nano 4 both do). Neither of them supports FIDO2 though; other than that they are feature rich.

[1] https://support.yubico.com/support/solutions/articles/150000...


Thanks so much for your reply, Fnoord.

Does that approach allow instantly locking the screen if the YubiKey is removed? It's not mentioned in the guide, so I just want to be sure.


Yes, it does, though I had to set it to lock immediately in System Preferences (triggers immediately the screensaver; first guide you linked explains how to do this). I'm using the Word Of The Day screensaver, so it is really inspiring to get back from grabbing a cup of coffee.

Also, remember you only need to enter the PIN, which I'd argue is a good thing as I don't want to enter my password in public (I don't even know my password out of my head). If you boot up, you need a password of a username to unlock FileVault, but I use a different username for that (who does not have root, though for forensics this is an attack vector).


And enable "Turn on screensaver when login token is removed" at System Preferences -> Security & Privacy -> General -> Advanced


Sounds like a good way to hit the 10k usb-c lifespan


Isn't USB-C designed to wear out the cable (or dongle) and not the port?

So if you used a Yubikey to log in and out ten times a day, you might need to replace it every three years. Of course you'll make the same amount of connections if you require it only for login, assuming you don't leave it connected.


Lets see. Say you work 5 days a week. That's about 260 days a year (without vacations etc). Say you unlock your device 4 times a day when you work. That is 1040 times a year. Does your device even last 9-10 years? Well, if it is a MacBook, Apple ditched support for all <= 2012 MBPs. Not sure when they did, but this was true at start of last year for sure.


I would definitely unlock my device more than four times a day. Often times my periods of focus last 30 minutes. Half the time that’s a task switch, the other half I get up to walk. This doesn’t account for meetings interrupting me.


I have a Macbook Air 2012 which is still supported by Apple (I get new OSes and OS updates every year).


Try to get the screen or battery replaced. To be fair, they're easier user serviceable than newer MB(A/P)s. For example, me with my MBP 2015 will have a harder time to service it once it gets EOL (hardware-wise) than you have now with your MBA 2012.


I've replaced the battery twice, last time in september 2019, and this last time it costed me 60 EUR, and the battery life is much better than the original one.

I might want to replace the battery again in the next 3-4 years if I still have this laptop, and you might be right in that this might not be possible, but at least today it is.


Oh it is likely possible via iFixit or other aftermarket. Just not officially via Apple.


Yep, I just googled my model + battery, and ordered a new battery from iFixit. Took like 15 min to swap the battery myself.


Windows users may want to try the built-in Bluetooth proximity locking feature:

Lock your Windows 10 PC automatically when you step away from it https://support.microsoft.com/en-us/help/4028111/windows-loc...

While macOS doesn't include such a feature out of the box, apps like Near Lock https://nearlock.me exist.

EDIT: Just found Rohos Logon Key for Windows and macOS:

https://www.rohos.com/products/rohos-logon-key-for-mac/

It "converts any USB drive into a security token for your computer" and can "automatically lock your Mac screen when the key is unplugged".


Ross Ulbricht had his laptop snatched by an undercover FBI agent while he was using it.

This kill cord might have saved him some grief.


Better opsec would have saved him some grief as well.

Before even touching on his habitual use of coffee shops near his residence to run the Silk Road...

> The connection was made by linking the username "altoid", used during Silk Road's early days to announce the website, and a forum post in which Ulbricht, posting under the nickname "altoid", asked for programming help and gave his email address, which contained his full name.

By the time the FBI was watching him and had connected his name to I don’t think there’s a lot that he could have done to avoid arrest.


He would still have gone to prison no matter what (the government can make up evidence), but they may not have been able to seize his Bitcoin without stealing his laptop.


Does that matter with a double life sentence.


No clue how prison works? Do watch a few documentaries. Money's important inside.


Bitcoin on the outside is hardly "money"


Aside from the much better idea of, you know, not keeping a journal of all of your incredibly illegal activities and attempted hits - this may have actually prevented the government from accessing said journal. He was definitely going to be busted in either case but it could've shaved some years off his eventual sentence.


Indeed.

Better, perhaps, would be to trigger wiping the LUKS header and deleting the boot partition.


The hard question is how to put an easy-to-use self-destruction mechanism in an existing machine (only the NSA can make a customized machine), and, at the same time, ensure the safety of the self-destruction mechanism. A self-destruction button is a safety risk if it can be triggered accidentally or maliciously, on the other hand, a secured self-destruction button is a safety risk if it's too hard to trigger.

The NSA laptops have two buttons on one side of the machine, to destruct crypto keys, one needs to open a cover and press two buttons simultaneously. It's a pretty good self-destruction button. But you cannot find it in your laptops.

Or perhaps you can design your kill switch like the Russian nuclear Dead Hand - the automatic nuclear retaliation mechanism is only armed if a safety switch has been explicitly switched on, in peacetime, the switch is turned off to avoid an accidental nuclear apocalypse. But remember to arm the switch every time you travel with your laptop became a question.


If your /boot is on a USB drive and you set up with detached header then the disk can already be 100% random data. On the down side, that USB drive is not very deniable and the system can't be set to destroy it since you probably don't keep it connected. Still, you could boot the machine at home, put it to sleep, leave /boot at home, and wake it up whenever you've reattached this kill cord. If you absolutely need to be able to reboot, use kexec (in theory).


I will sometimes go to the university library to do some work and I'm always amazed at people who will go to the restroom or something and leave their laptop sitting there without a lock or even logged out.

I always use a kensington lock and lock my screen whenever I have to leave my laptop. If I had a macbook I would be taking it with me. I know the locks won't stop someone who really wants to steal it but with so many unattended laptops sitting around it makes it less likely they will go for mine.


What do you attach the other end of the kensington lock to?


The desk?


The article keeps saying "self-destruct" but that's not what happens.

But if your hard drive is encrypted, this is a pretty good solution for most people.

Maybe if you can get BusKill to activate a mini thermite explosive under your hard drive.


I remember watching a Defcon conference where they tested different methods for destroying a hard drive in place. And they found that thermite actually doesn't damage the platters (well at least not enough for data to be unrecoverable).

Hard drive platters are surprisingly heat/chemical resistant. I think they found that the best method was to physically destroy the platters.


I remember watching that talk years ago. I was disappointed in the lack of rigor of their conclusions.

The whole point of thermite-based HDD destruction is to get the platens over the Curie temperature so the magnetic field is gone, not to physically destroy them. They point this out in the start, but then never talk about whether this was achieved or not in their experiment (assumably so they could go on to the actual explosives).

It was entertainment, and I'd take any results with a grain of salt.


The guy worked on it further. He eventually solved the original challenge.


Highly recommended by me, too: Zoz at DefCon 23, entitled "And That's How I Lost My Other Eye...Explorations in Data Destruction"

https://www.youtube.com/watch?v=-bpX8YvNg6Y


Did they test SSDs?


Making it self-destruct is the easy part, just change "DISPLAY=:0 xscreensaver-command -lock" to "sudo rm -rf /" or whatever you like. It's understandable that the author didn't want to put a destructive command in his example configuration.


Assuming you were actually going to use something like this, you're likely using full disk encryption.

At that point, the better option would be (IMO) to simply blow away the first 2 MB or so of your disk (where the LUKS master key is stored), run a "sync", and execute an immediate "reboot -f" (along with, perhaps, the other options that skip spitting out the warning message, writing an entry to utmp/wtmp or whatever, and so on).

There wouldn't be a real need to actually zero/wipe the entire drive (which would take a bit, even at SSD speeds).


A drive wipe might take too long though, especially if they grab the laptop and shut if off. After a simple shutdown or lock, disk encryption really is the primary protection here.


Change encryption key to random value, discard random value.


It appears breakaway mag USB-A connectors are pretty cheap: https://www.amazon.com/Griffin-Breaksafe-Magnetic-Breakaway-...

From tidbits in this thread, it sounds like a Veracrypt hidden volume with a distress passphrase, plus a fairly simple dead-man script wouldn't be hard to set up. Something like: kill sensitive processes, drop caches, wipe memory, then panic the kernel.


I checked amazon earlier, and it looks like this thread may have put those things out of stock. Guess a lot of people like the idea!


If all the killcord does is turn off the machine, just use a laptop with no battery.


That's somewhat less convenient, don't you think? This works if you're at the park typing a paper up, or at a Starbucks where all the outlets are in use, for instance.


A man just died in Oakland today trying to recover his laptop that was snatched from him in a Starbucks.

http://nypost.com/2020/01/02/man-dies-after-trying-to-stop-t...

Definitely don't go running after your stolen laptop, let it go.


I'd definitely give chase. To me, it is worth dying for. Not because of the laptop, but out of principle for vigorously fighting these ridiculous crimes. We all need to collectively fight back against crime or it will be normal (as it is now).


Don't chase criminals because it's foolish. You are letting the opposition lead you into their plan where they control the setting.

Be smart, be the one in control of the situation.


Oakland's a bit of a special place. I have friends living there who have been robbed at gun point, for example, and if you go into a Subway the workers are often behind bulletproof glass because they've been held up so often. Chasing a crook in Oakland is just going to get you dead, not change anything there. Not smart.


Wow, sounds like not a hot tourist spot probably then. Not sure why people would want to live there when safer and cheaper places in the US.


That'll be a lonely hill to die on. We in California collectively decided that theft under $950 is not a big deal and should be fought less vigorously: https://en.wikipedia.org/wiki/2014_California_Proposition_47


That was a mistake. Criminals now very purposely run off with just shy of $950. Theft is way up in California.

Meanwhile, in Texas you'd just shoot the laptop thief, either as soon as aware of the imminent theft or as the thief flees. It's fully supported by the law:

https://lawofselfdefense.com/statute/texas-sec-9-42-deadly-f...

Law enforcement in many communities would congratulate you for a job well done.


Controversial opinion maybe, but I personally don't think anyone deserves to lose their life for stealing a laptop.


I don't think that's controversial, I think most of the world shared that opinion.


That's a great thing about having different states with different laws. Cultural norms around the country vary.


Rather than outsourcing the pros and cons of a bill to professionals you employ with time to research it (politicians), you ask millions of uninformed people vote on passing “The Safe Neighborhoods and Schools Act ”?


I’m just assuming the above is not in good faith, but for anyone else that might be persuaded:

You being killed by a criminal over an iPhone or laptop is not going to change anything. Fund your police, vote to change laws enough that they’re spending their time on things that are relevant, and if you’re honestly willing to die for the rule of law, become a police officer.

Otherwise your body will be one more on the list of “people that died for no reason.” It’s not tough, righteous, or whatever else to die for no reason - and even if it were, if you’re going to make a stand and sacrifice your life, make it over something more than a laptop.


> I’m just assuming the above is not in good faith

Not GP, but your assumption is wrong.

It's not about the laptop. It's about standing up for yourself and doing your part towards society. You obviously don't agree with this stance and that's fine, but it's not your place to dictate what values are worth standing up for and what aren't.

I, like GP, fully intend to go after a thief. If he goes after my life, then I go after his. Either he gives up the laptop, or one of us gets killed.

It's as simple as that.


> It's as simple as that.

Nothing is ever as simple as that. Not only is it a foolish, immoral and illegal, you've also just communicated murderous intent. Have fun spending 20-to-life in a cell because you thought ultraviolence would be a good way to do your part towards society.

I've had more than my fair share of violent confrontations, and I assure you, no matter how well you think you are prepared, once the metallic taste of adrenaline hits you, all your plans and delusions of grandeur go out the window.

A bit of violence can be acceptable. Murder over property is not.


> you've also just communicated murderous intent.

No I have not. It's your bias that colored it that way. Reread my comment. I never said I want kill a thief for stealing. I simply stated that I will take back what is mine. If, and only if, the thief tries to kill me will I respond in kind.

Again, it has nothing to do with grandeur and everything to d with doing what is right. I will take back what is mine, and threatening my life wont stop me.


I agree with the underlying principle, however force on force is always a dangerous proposition, especially when it's not planned. Even without weapons it can seriously hurt a bystander (you run into a weak or child, he falls down on concrete...), and all bets are off if a gun is drawn (especially in a crowded area).


There's no resolution to the question of "what is the right action in response to the situation" that applies to everyone.

It's always irrational to risk oneself for a principle, that might (or might not) be for the benefit of society.

If you aren't going to do it, fine. I'm not inclined either. But have the grace not to gratuitously criticize those who do. Try not to see them in the dichotomy of heroes or idiots, just as people who provide some leavening to society.


I'm not sure what makes laptop theft any more ridiculous than another crime, but "crime is bad and it should stop" isn't really an ideal that's advanced by getting shot or stabbed and killed.


Someone else resisting a criminal advances my ideal of not being a crime victim, no matter who gets shot or stabbed...so it's bewildering to me why people should say it's stupid. I mean, there's a word for people who slag off those who benefit them, and it is "ingrate".


Ideally we should all stand up to injustice, but maybe try to avoid senseless loss of life over trivial things. If nothing else consider the opportunity cost of not being able to standup later when it might really matter.

Obvious loss of life is extreme and trivial things is subjective, but I think the point stands. There is a practical consideration to be made about what the risk profile is and what the degree of crime is. Clearly charging a man holding a loaded gun because he swiped some gum would be silly. Charging a man with a loaded gun because he’s about to shoot a kid, different set of equations.


"try to avoid senseless loss of life over trivial things"

I do, thanks. I just think it's distasteful, dare I say boorish, to call other people's sacrifice "trivial" when it probably benefits me, even if slightly.

I don't think we live in a world where armed robbers are categorized as gum-stealers and child-shooters and never the twain shall meet. Some people are suspicious of even non-criminals having or using guns, believe it or not.

I'm not saying worship every vigilante as a hero, just accept that disproportionate reactions to antisocial behavior are never going to go away, are a fundamental part of human behavior, and can be stupid from an "economically rational person" perspective and beneficial to society, including you and me, some of the time.

If you call something another person is willing to risk their life for "trivial", you really don't care about their life. It's transparently an insincere reaction to feeling badly about being passive.


A gentle warning: different Linux distros handle UDEV "remove" differently, and incompatibly, so few people actually use this message it's not well tested (try shipping code for a device that DOES need it!).

Debian was a particular problem until they switched to SystemD (which I think is possibly the only udevdaemon that gets it right) - even so some distros (Ubuntu I'm looking at you) screwed up starting the udevdaemon before they mounted root writable meaning that scripts run from it couldn't really do anything useful

Fortunately most distros are switching to SystemD so this will likely work in most places


BTW - a clue for budding writers of UDEV scripts - you can't run daemons directly (udevdaemon will kill them when the scripts that started them exit) - you can use "at now" (after you install at of course) to start a secondary script that will be allowed to start your daemon for you

(that way you can write code that works with all init systems, largely by avoiding them)


I maintain a fork of Upstart that I call startup. It integrates with udev (or busybox's uevent, or any other event source) so you can start daemons based on device events and then supervise those daemons. systemd has something similar where you can place a SYSTEMD_WANTS stanza in a udev rule and it will pull in a systemd unit, but I really dislike that model because it is hard to discover the policy that led to a unit being activated. With startup/Upstart, the policy is in the job configuration itself.

Source for startup: https://gitlab.com/chinstrap/startup

Example of the udev events in action: https://gitlab.com/chinstrap/pinebook-pro/blob/master/etc/st...


I guess I'll share in this thread.

---1---

I have a OnePlus 6T with the stock ROM exclusively for my British phone number. On the 25th of December, someone from Canada logged into the GMail account used on that phone, from a OnePlus 3T.

The password was one randomly generated in KeePass (all of them are except for useless websites). They managed to change the password to the account, but seemingly nothing else, so that's just weird.

I received the notification on my other email, and recovered the account, reset the password, replaced with a new one.

---2---

Last week, I opened up a laptop I use for storage (3 drives fit inside, perfect for backups) and noticed a network drive with a Chinese name. It disappeared when I clicked on it. The laptop is always on connected to my router and to a VPN server.

Now I need to completely wipe the phone, root and use a custom ROM, as well as wipe the laptop (and two other computers?), upgrade OpenWRT on the router and change all of the passwords I guess. Yes, I still haven't done it heh.

---

----------->I am curious about your comments on this.<-----------

---

Never had anything really suspicious like this actually happen to me.

I don't even have anything good/useful on my devices, except a Keepass database with passwords to all bank accounts/emails/etc. If that's been opened, I'm a bit fucked, but I'd be receiving notifications on my phone and other emails.


Sounds like maybe a SIM swap attack? In addition to password changes I would look into Google's advanced protection program (https://landing.google.com/advancedprotection/) and get U2F or FIDO2 setup on your account.


Why are you under the impression that accessing your KP database is guaranteed to alert you. I can't imagine how that could possibly be true without the master key being stored in some service running somewhere and you're notified when it's used. Which, well, would explain how your key was compromised. Otherwise it seems highly misleading to assume that no email = no compromise.

Doesn't really matter though, it would've been mitigated by not keeping the KP database decrypted at rest or by using 2FA. Both of which are SOP for hardware token users.

For real, at this point if you don't have a yubi/nitrokey on your keychain, I assume you just don't care about actual account security.


I would assume that whoever that was now has a copy of your keepass database. However, it may be that your computer was simply added to a botnet, in which case the harm done to you personally may be minimal.


FYI, you could also do this with your charger. (It sends udev events.) It's a lot less likely to get weird looks.


So this project is already dead.


Another solution would be to just remove the battery and plug the laptop in. While this removes the portability, it is still an alternative solution.


Maybe a decade or so ago this would be a good answer. But unless you're one of those ThinkPad people who are still pulling for the X220 to make a come back.... A majority of modern laptops don't have user removable batteries.

Yes, they could still be removed in some cases, but its often not for the feint of heart and not something many people would want to undertake.


Is it really the majority? Or just on macbooks and the high end lines like that? I didn't think my laptops were that old (3-5 years) and they all have removable batteries.


I hadn't thought about it, but I have a newish business class Dell and I don't think it does have a removable battery. On the other hand, I have a Dell laptop from circa 2011 and it does; in fact I got the extra large one that sticks out awkwardly.


> A majority of modern laptops don't have user removable batteries.

Yet another major regression in the state of computing since the 90s.


Yep. Same effect, really, and in fact this is more likely to be secure because there's a chance that pulling power will damage something or scramble data on disk.

The article's solution is amusing and "cool" but not really secure at all. If you're worried about physical security of devices, don't take them to coffee shops.


  echo o > /proc/sysrq-trigger
(read linux/Documentation/admin-guide/sysrq.rst before you try this)


shutdown -h now or the more recent incantation (from memory) systemctl shutdown would be less violent. AFAIK it can't be stopped either, and at least it sync's and umount's filesystems properly.


Violent is the point-- shutdown might be prohibitively slow. Or it'll get stuck waiting to umount a network share. Or maybe, you want the DRAMs to go dark and start losing ASAP, I don't know. If you must, simply precede 'o' with some sequence of 's', 'e', 'u' so it'll go down hard and fast, but still a bit controlled. I find that 'u' succeeds more often if done after 'e'.

FWIW, this is just what I do with the keyboard (but more slowly) when something went wrong enough that I can't even switch to a text VT and recover. Sometimes even 'b' won't hard reset it-- which indicates everything was already hosed, or maybe just the keyboard. Presumably the umount didn't work either, but I gave it a chance.


SilkRoad guy would of loved this :D


Ross Ulbricht, who was apprehended at a public library while logged in to various accounts. As I recall a plain clothes agent distracted him while others then tackled him.

("would've", not "would of")


According to the book "American Kingpin", they had worked their way into the administration staff for the Silk Road, and used the site admin IM chat to ensure that he was using his laptop and actually signed into his account before rushing him in the library.


Yup. Simple approach that was very effective.


That's pretty impressive.


This article goes into pretty good detail of his takedown https://www.wired.com/2015/04/silk-road-1/


Other English speakers I know complain about our orthography: bought, caught, draught, etc. But, yet, here we are with a “word” pronounced “of” and spelled “‘ve”! Now that’s awful orthography!


In case you're serious and unaware: it's a contraction of "would have," hence the apostrophe. It's not a single word spelled weirdly.


The word should be pronounced the way the contraction actually is would (ha)ve.

But people are lazy. And words like caramel get blurred over. Or the one that bugs me the most of saying ‘ta’ instead of to.

My favorite is the Futurama universe where the word ask is official changed to ax instead.


It's not pronounced "of", it's more like "ev", exactly like the contraction of words it's made up of. Would have.


In my household I'm the English nerd, although I have no degree behind it. I'd correct my wife when she wrote "would of" but then I listened closer when she talked: She wasn't saying "would've" she was saying "would of".

That's when I gave up. There are a million other reasons to love my wife, and her proper use of 'would've' wasn't one of them to begin with :)


Does your wife actually pronounce these differently? Small sample size but as far as I can tell I pronounce these identically. (CA - native speaker)


She does not. They are the same to her. We're also native speakers from the Reno NV area, which is heavily influenced by Sacramento and San Francisco language.


əv


To me "would of" and "would've" are pronounced exactly the same.

If I said "would ev" that would sound weird. It would sound very similar to "whatev":

https://www.urbandictionary.com/define.php?term=whatev


Well, nothing else in english is pronounced like it is written, so I don't think this is a good reason to misspell things.



I agree completely. No one should write "would of".


others have covered the correct full form, but to the issue of the pronunciation, it's not pronounced "would of" it's MISpronounced "would of". You can make any weird confusing pronunciation you want out of anything if you're willing to say it "wrong". The correct pronunciation of the contraction, as another hinted at is basically "would have" without the h and the a becoming an sound "uh" instead of an "ah" sound.


After that incident I basically wrote this program in java that monitors a usb port for a device with a given ID. If it does not find it then it locks the computer.


What if someone plugs in a rubber ducky or some other kind of sophisticated USB while you turn your head for just a second?

There are USB devices that are so small, you can barely even see them in the port when plugged in.

Perhaps a hard-to-remove USB plug? (like child-proof plugs you might see in an electrical outlet)


There are udev rules to defeat this kind of thing, law enforcement use USB mouse jigglers to keep computers awake for example, these can be filtered out and ignored.


> You could just have a usb thumb drive on a retractable lanyard (think RFID badges or DoD Common Access Cards), but what if that thin retractable cord just snaps–leaving the USB drive snugly in-place in the laptop?

You could also just use a thicker cord.

The project, no offense to the author, could be renamed: long USB cable with a magnetic usb attachment.

> As of yesterday, that’s [stolen laptop] a hard attack to defend against.

Which is just wrong; the author did not invent anything here - anyone I’ve known that’s ever been worried about this scenario has implemented it already with <yubikey/access card/arbitrary usb>.

* extra PSA: if you’re worried about this but somehow haven’t already required 2FA for all your accounts and admin access on your laptop, then you should re-evaluate your threat scenarios.


2FA doesn't matter if you're already logged in.


> extra PSA: if you’re worried about this but somehow haven’t already required 2FA...

I’m aware - I’m pointing out that it’s extremely likely you already have a physical device you can attach to a cord/chain/braided-steel-cable and use for the “snatch and grab” scenario. And that a snatch and grab is just so unlikely compared to any other security threat imo.


Er, why not just attach the laptop itself to your body? Low tech > high tech


> We do what we can to increase our OpSec when using our laptops in public. But even then, there’s always a risk that someone could just steal your laptop..."

Don't leave the house if you want to be safe.


Couldn't you just pair your computer with your phone (or something that you keep on you) via blue tooth, detect the loss of signal, and then trigger whatever action you'd like to trigger?


Phone too deep in your pocket means destruction of your computer? No, thanks.



I'd like to see a more practical solution for removing disk encryption keys from RAM.

For example, wipe the disk encryption key from RAM, but then pause all disk IO and present some kind of UI to re-enter the encryption key to continue using the system.

Encrypting all of system RAM can also quickly be done - perhaps a kernel module which in the case of a panic encrypts all of system ram with a key derived from your disk encryption key would be handy. Then when the key is available again, ram can be decrypted and processes resumed.


That what systemd homed is supposed to enable


Can someone explain to me in laymen's terms what this does? It renders the motherboard inoperable? Kills the display? How do you recover from this if you ACCIDENTALLY unplug it?


It locks the screen by executing "xscreensaver-command -lock"

So this is a "kill cord" in the meaning of a jetski, power boat, or treadmill where pulling out the kill cord triggers a fast but nondestructive stop.


It can do whatever you want it to do. The examples in the article were:

• whenever any USB drive is removed, trigger xscreensaver to lock the screen:

> ACTION=="remove", SUBSYSTEM=="usb", RUN+="DISPLAY=:0 xscreensaver-command -lock"

• whenever a specific USB drive is removed, shut down the computer:

> ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_MODEL}=="Micromax_A74", RUN+="shutdown -h now"


Nitpick, it can do whatever you want it to do that’s possible in software. You’ll be disappointed if you want to have it drill a hole in your hard drive ;)


Just build a USB-powered hard-drive drill, duh.


It appears to simply be a USB plug that works with a simple software driver to automatically log out if the USB is unplugged. The scenario is a snatch-and-grab of the laptop while the user is logged in to a highly-secure, high-value online account.

Not something most users likely need but I can imagine some TLAs being interested in something like this, as it looks pretty inexpensive to implement.


It simply uses udev to identify when the USB device is removed, then executes a linux command of your choosing. In the examples provided, he demonstrates a simple 'lockscreen' and 'shutdown' command.

It's clever, I'll admit, but the name leaves more to be desired with a name like 'buskill'


The article shows two different configurations, one that simply triggers the screensaver with a lock screen, the other to fully shut the machine down. Recovery from both of those is fairly straightforward.


> [...] rule that will trigger xscreensaver to lock the screen every time any USB drive is removed


Saw a demo 20 years ago at Infosec(UK) of a company selling a dongle which with corresponding pass, acted as a proximity authentication and locking when you walked away.

Today, most laptops have cameras which can offer the same level of proximity detection if you away from the laptop. That would make this type of solution doable via software that way, albeit a bit more of a software load overhead.

But for some killcord, I'd also have an alarm.


> most laptops have cameras which can offer the same level of proximity detection

Most people who would want a kill cord probably have the camera blocked :P


If that kill cord actually killed the laptop/drive over just shutting it down, I'd tend to agree.


This is a really neat project but it’s also not really a solution to anything.

First, it doesn’t solve for the scenario of person pointing a gun at you and telling you to access your top secret files for them. That will defeat most forms of security and so if physical access is a concern you probably shouldn’t be logging in at your local coffee shop.

Second, a thief who wants your computer for its monetary value isn’t interested in its contents. Your normal drive encryption and screen timeout restrictions have you covered there. They’re gonna wipe your computer, sell it, and move on.

Institutionally purchased hardware is often equipped with zero-touch provisioning (such as Apple Device Enrollment). These products can be bricked at the hardware level they moment they touch the Internet. They’ll need a new logic board, i.e. new soldered on storage, i.e. they’re not even necessarily worth stealing.

Third, the idea of a magnetic connector’s removal locking or bricking your computer seems awfully inconvenient. That’s gonna be constant false positives without a gain in security.

If you’ve got someone who is after you to obtain your secret company info and knows enough to cause mayhem, you’ve got much bigger problems than whether or not your screen is going to lock. They’re also probably going to use social engineering, targeted malware and spyware, not brute force physical access.


> it’s also not really a solution to anything

It's a solution to situations like https://en.wikipedia.org/wiki/Ross_Ulbricht#Silk_Road,_arres... , where the laptop is taken by people who (a) can legally seize it, (b) can legally search it, but (c) probably can't legally compel you to produce passwords.

(Not endorsing this usage!)


The author of the article clearly had that or something very similar in mind when he wrote this piece. It reads exactly like that story (I had the same thought as you).

It's a very good solution for people who don't know you have something like this. Clearly if the FBI (or whatever) knew of the USB kill device, they'd take a slightly different snatch and grab approach. However if the adversary doesn't think or doesn't know you have something like this, then it can be used to great effect.


Absolutely agreed.

I've read that LEO in the USA specifically try to grab laptops / phones while they are unlocked.

This seems to be designed as a defense against that threat model.


Cases like this in countries that do not have due process laws makes the use-case even more compelling.


If they don’t have due process laws they can throw you in jail until you produce the decryption password, and if they turn on the computer and it’s wiped they’ll throw away the key.

If there is no due process, all bets are off and your best defense is to be uninteresting to authorities.


Things are not always black and / or white. The rule of law, in reality, is rather a continuous variable then a binary one.

And even if: A kill switch can simply hide / erase some things and present some weak evidence..


Your first point is moot, because a person could point a gun at you even when you don't have your computer and demand your passwords, or even kidnap you and force you to log on somewhere else. This solution doesn't aim to prevent that kind of thing.

Your second point is moot, because the intent is not to protect the hardware, it is to revoke access to data. A self-destruct protocol is not about preservation of property.

Your third point is moot, because the intent is not to be convenient, the point is to create a dead man's switch.

You're thinking about this from a Consumer/Enterprise standpoint, but that's not what this is for. This would be great for political activists in oppressive countries, as an example.


> This is a really neat project but it’s also not really a solution to anything.

Knowing your encrypted data is inaccessible to a thief is a huge relief, and may have saved this man's life:

A man working at Starbucks had his laptop stolen. He was killed when he chased down the thief. https://www.cnn.com/2020/01/01/us/oakland-laptop-thief-starb...


Some faith in the Oakland PD to actually work property theft cases might have saved his life


In my experience with the priorities of police departments in general, this faith would be misplaced.

Not that a laptop or data is worth your life (usually).


> Second, a thief who wants your computer for its monetary value isn’t interested in its contents.

They could blackmail you, sending you an email with a bitcoin address you should transfer money to or else the data will go public.


I agree I think it's a neat project, however you can't say that it's not a solution to anything. The introduction describes a thief snatching and running with your laptop just after you've logged in to your online banking. I think that's a good example of something this solves, even if it's a really narrow use case. Slippery sloping your way to "gun pointed at you" is like saying the lock on my front door doesn't solve for anything because there's a glass window right next to it. BusKill is better for coffee shop thieves than it is top secret gun blazing spies.

Regardless, k_sze posted somewhere else in this discussion xkcd 538 (https://www.xkcd.com/538/) and I have to agree with him.


It reminds me of USBkill https://github.com/hephaest0s/usbkill

Its primary use is to thwart machine fuzzing and debugging using USB devices. The moment there's a change in USB state, down the machine goes.


If you're using a macbook, isn't "Find my mac" enough to erase remotely?, I understand this is a faster disabling mechanism but also a bit inconvenient. I wish there was something even easier, like a tiny usb drive with a remote control


With FindMy I can erase or mark as lost my Macbook in under 20 seconds from unlocking my iPhone if needed.


Assuming the laptop is still online / comes back online to receive the wipe command...


... and you are conscious and have your hands free :)


Or still be in possession of your phone, if eysomeone is trying to gain access to the data on your laptop, good chance they will be interested in your phone too


Where the hell do you people live!?


Used to live in Ukraine.


Would this have stopped the FBI getting the Silk Road laptop? I wonder if they're looking out for these things. I know when they take computers that are running, they keep them running and powered on with a portable power supply


Wow, a solution for a problem we never have to worry about in Asia. Why can't your government just crack down on theft so that people can be allowed to use their laptop wherever they want without fear?


> In less than 60 seconds and with the help of a rubber ducky, the thief could literally cause millions of dollars in damages to your organization.

Kudos for the imagination, but in real life for most developers not vendorizing and auditing their dependencies (+ downloading them all from production) is most likely to cause such havoc (regardless if dozen thousands or millions of damage)...

I imagine this might likely happen in places like security and programming language conferences, especially when you leave your belongings around unattended for a minute or two.

The ideal scenario IMHO would be to have to authorize/reject devices from connecting to your machine (and limiting the scope). I don't know much about USB-C and know it is hard, but I see Apple coming up with something like this in the future (maybe along with Apple Watch detection for quick logout - you can already use it for logging in).


On systemd enabled systems, try "loginctl lock-sessions" as udev cmd. It should work on common desktop environments. If you have something custom try xss-lock to react on the lock-sessions signal.


I was expecting something more like the Etherkiller: http://www.fiftythree.org/etherkiller/



Maybe a smartwatch reading the heart rate of the owner and noticing stimulation could trigger the same functionality as well.


The connection between the smartwatch and the computer would, in practice, be wireless, which is something the author wants to avoid because it's easier to hack without the victim noticing.


I'm sure with encryption there shouldn't be much worry. I think currently apple watches allow users to unlock their computers when returning.


Do any phones have a tether like this? Or use some other mechanism to guess that possession may have changed and autolock?


I'm doubtful one exists for android or iOS but I can imagine it wouldn't be that hard to implement with a smartwatch signalling to a phone (instead of a laptop). The only trouble a developer would have with implementing is if they have sufficient access to APIs that might be private and the ability to run a background service using the APIs at a sufficient interval.


Sure, but is that really useful? Just better not read something exciting or notice an attractive person while working.


The heart rate of your examples are somewhat different compared to an active threat for most people I assume from being in a situation when a crime is taking place. Although, I would be curious to view trials of each situation showing the heart rate measurement with the statistical average result.


Many other potential variables as well. When experiencing this event, how long does it take your heart rate to reach a point it can be identified as worthy of triggering the switch? Is the laptop still in range of your smart watch at that point? Then there's the reliability of the wireless connection and the watches ability to accurately read your heart rate (make sure it's seated correctly).

If this is a situation you're actually concerned about, the approach in the article seems simpler and more foolproof.


I assume you would want the computer to be locked if the watch signal dropped and being concerned enough to desire the feature in question. I'm doubtful one's heart rate isn't increasing in an event of theft and where it wouldn't lock a person out in time before for a person significantly uses the device. There are multiple variables but I can also see the wired approach being futile in situations where a person is pinned down by multiple people.


I think it should be possible to program an MCU to bruteforce the USB ids. Or buy the same usb drive.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: