I was expecting a "kill switch" destroying the computer, but that's just a thing that switch off your laptop when unplugged. I guess you could also do this with bluetooth, for example.
"Kill cord" is jargon from jetskis, powerboats and treadmills, which often have a cord you attach to your body that cuts power if you are thrown off. [1]
On Linux there is blueproximity [2] that can lock (and if you like, unlock) your computer based on the proximity of a bluetooth device. My personal experience is that Bluetooth is frustratingly unreliable, and this package was no exception. But it's there if you'd like to try it!
You could get similar outcomes to that if you used FDE and had it power off the machine fully. But then also your cat might ruin your day with one step :purplegirlshrug:
I used to have my laptop setup to require my specific Yubikey to be inserted to allow waking from sleep and booting, and when you pulled it out it locked the machine, logged you out, suspended, or shutdown depending on which modifier key you were holding down when you removed it.
Worked pretty well as a "kill switch" when getting up from my desk.
I probably have the udev scripts laying around somewhere.
I remember watching a Defcon conference where they tested different methods for destroying a hard drive in place.
And they found that thermite actually doesn't damage the platters (well at least not enough for data to be unrecoverable).
Hard drive platters are surprisingly heat/chemical resistant. I think they found that the best method was to physically destroy the platters.
Making it self-destruct is the easy part, just change "DISPLAY=:0 xscreensaver-command -lock" to "sudo rm -rf /" or whatever you like. It's understandable that the author didn't want to put a destructive command in his example configuration.
I will sometimes go to the university library to do some work and I'm always amazed at people who will go to the restroom or something and leave their laptop sitting there without a lock or even logged out.
I always use a kensington lock and lock my screen whenever I have to leave my laptop. If I had a macbook I would be taking it with me. I know the locks won't stop someone who really wants to steal it but with so many unattended laptops sitting around it makes it less likely they will go for mine.
From tidbits in this thread, it sounds like a Veracrypt hidden volume with a distress passphrase, plus a fairly simple dead-man script wouldn't be hard to set up. Something like: kill sensitive processes, drop caches, wipe memory, then panic the kernel.
That's somewhat less convenient, don't you think? This works if you're at the park typing a paper up, or at a Starbucks where all the outlets are in use, for instance.
I'd definitely give chase. To me, it is worth dying for. Not because of the laptop, but out of principle for vigorously fighting these ridiculous crimes. We all need to collectively fight back against crime or it will be normal (as it is now).
A gentle warning: different Linux distros handle UDEV "remove" differently, and incompatibly, so few people actually use this message it's not well tested (try shipping code for a device that DOES need it!).
Debian was a particular problem until they switched to SystemD (which I think is possibly the only udevdaemon that gets it right) - even so some distros (Ubuntu I'm looking at you) screwed up starting the udevdaemon before they mounted root writable meaning that scripts run from it couldn't really do anything useful
Fortunately most distros are switching to SystemD so this will likely work in most places
BTW - a clue for budding writers of UDEV scripts - you can't run daemons directly (udevdaemon will kill them when the scripts that started them exit) - you can use "at now" (after you install at of course) to start a secondary script that will be allowed to start your daemon for you
(that way you can write code that works with all init systems, largely by avoiding them)
I have a OnePlus 6T with the stock ROM exclusively for my British phone number. On the 25th of December, someone from Canada logged into the GMail account used on that phone, from a OnePlus 3T.
The password was one randomly generated in KeePass (all of them are except for useless websites). They managed to change the password to the account, but seemingly nothing else, so that's just weird.
I received the notification on my other email, and recovered the account, reset the password, replaced with a new one.
---2---
Last week, I opened up a laptop I use for storage (3 drives fit inside, perfect for backups) and noticed a network drive with a Chinese name. It disappeared when I clicked on it. The laptop is always on connected to my router and to a VPN server.
Now I need to completely wipe the phone, root and use a custom ROM, as well as wipe the laptop (and two other computers?), upgrade OpenWRT on the router and change all of the passwords I guess. Yes, I still haven't done it heh.
---
----------->I am curious about your comments on this.<-----------
---
Never had anything really suspicious like this actually happen to me.
I don't even have anything good/useful on my devices, except a Keepass database with passwords to all bank accounts/emails/etc. If that's been opened, I'm a bit fucked, but I'd be receiving notifications on my phone and other emails.
Sounds like maybe a SIM swap attack? In addition to password changes I would look into Google's advanced protection program (https://landing.google.com/advancedprotection/) and get U2F or FIDO2 setup on your account.
Why are you under the impression that accessing your KP database is guaranteed to alert you. I can't imagine how that could possibly be true without the master key being stored in some service running somewhere and you're notified when it's used. Which, well, would explain how your key was compromised. Otherwise it seems highly misleading to assume that no email = no compromise.
Doesn't really matter though, it would've been mitigated by not keeping the KP database decrypted at rest or by using 2FA. Both of which are SOP for hardware token users.
For real, at this point if you don't have a yubi/nitrokey on your keychain, I assume you just don't care about actual account security.
I would assume that whoever that was now has a copy of your keepass database. However, it may be that your computer was simply added to a botnet, in which case the harm done to you personally may be minimal.
Maybe a decade or so ago this would be a good answer. But unless you're one of those ThinkPad people who are still pulling for the X220 to make a come back.... A majority of modern laptops don't have user removable batteries.
Yes, they could still be removed in some cases, but its often not for the feint of heart and not something many people would want to undertake.
Yep. Same effect, really, and in fact this is more likely to be secure because there's a chance that pulling power will damage something or scramble data on disk.
The article's solution is amusing and "cool" but not really secure at all. If you're worried about physical security of devices, don't take them to coffee shops.
shutdown -h now
or the more recent incantation (from memory)
systemctl shutdown
would be less violent.
AFAIK it can't be stopped either, and at least it sync's and umount's filesystems properly.
Ross Ulbricht, who was apprehended at a public library while logged in to various accounts. As I recall a plain clothes agent distracted him while others then tackled him.
After that incident I basically wrote this program in java that monitors a usb port for a device with a given ID. If it does not find it then it locks the computer.
There are udev rules to defeat this kind of thing, law enforcement use USB mouse jigglers to keep computers awake for example, these can be filtered out and ignored.
> You could just have a usb thumb drive on a retractable lanyard (think RFID badges or DoD Common Access Cards), but what if that thin retractable cord just snaps–leaving the USB drive snugly in-place in the laptop?
You could also just use a thicker cord.
The project, no offense to the author, could be renamed: long USB cable with a magnetic usb attachment.
> As of yesterday, that’s [stolen laptop] a hard attack to defend against.
Which is just wrong; the author did not invent anything here - anyone I’ve known that’s ever been worried about this scenario has implemented it already with <yubikey/access card/arbitrary usb>.
* extra PSA: if you’re worried about this but somehow haven’t already required 2FA for all your accounts and admin access on your laptop, then you should re-evaluate your threat scenarios.
> We do what we can to increase our OpSec when using our laptops in public. But even then, there’s always a risk that someone could just steal your laptop..."
Couldn't you just pair your computer with your phone (or something that you keep on you) via blue tooth, detect the loss of signal, and then trigger whatever action you'd like to trigger?
[+] [-] Reventlov|6 years ago|reply
I was expecting a "kill switch" destroying the computer, but that's just a thing that switch off your laptop when unplugged. I guess you could also do this with bluetooth, for example.
[+] [-] michaelt|6 years ago|reply
On Linux there is blueproximity [2] that can lock (and if you like, unlock) your computer based on the proximity of a bluetooth device. My personal experience is that Bluetooth is frustratingly unreliable, and this package was no exception. But it's there if you'd like to try it!
[1] https://www.rya.org.uk/knowledge-advice/safe-boating/look-af... [2] http://www.daniloaz.com/en/automatically-lock-unlock-your-sc...
[+] [-] k_sze|6 years ago|reply
That said, the caveat of XKCD 538 (https://www.xkcd.com/538/) still applies.
[+] [-] Piskvorrr|6 years ago|reply
(Plus I tried several solutions to do this; BT is not really well suited for proximity detection, teeming with false positives and false negatives)
[+] [-] penagwin|6 years ago|reply
I'd be careful though, as you don't want any "misshaps". It's not likely worth going that far unless you're doing something very sensitive.
[+] [-] piracy1|6 years ago|reply
[+] [-] tyingq|6 years ago|reply
[+] [-] im_down_w_otp|6 years ago|reply
Worked pretty well as a "kill switch" when getting up from my desk.
I probably have the udev scripts laying around somewhere.
[+] [-] Fnoord|6 years ago|reply
YubiCo even provides the documentation to set it up via OpenSC. I guess you can also set macOS up to hibernate and destroy the FileVault key.
(My adversary is not government etc (who can execute a cold boot attack anyway), it is thieves while I'm in transit, and clients around the office.)
[+] [-] asia92|6 years ago|reply
[+] [-] miles|6 years ago|reply
Lock your Windows 10 PC automatically when you step away from it https://support.microsoft.com/en-us/help/4028111/windows-loc...
While macOS doesn't include such a feature out of the box, apps like Near Lock https://nearlock.me exist.
EDIT: Just found Rohos Logon Key for Windows and macOS:
https://www.rohos.com/products/rohos-logon-key-for-mac/
It "converts any USB drive into a security token for your computer" and can "automatically lock your Mac screen when the key is unplugged".
[+] [-] fnord77|6 years ago|reply
This kill cord might have saved him some grief.
[+] [-] ropiwqefjnpoa|6 years ago|reply
But if your hard drive is encrypted, this is a pretty good solution for most people.
Maybe if you can get BusKill to activate a mini thermite explosive under your hard drive.
[+] [-] nowahe|6 years ago|reply
Hard drive platters are surprisingly heat/chemical resistant. I think they found that the best method was to physically destroy the platters.
[+] [-] thedanbob|6 years ago|reply
[+] [-] jccalhoun|6 years ago|reply
I always use a kensington lock and lock my screen whenever I have to leave my laptop. If I had a macbook I would be taking it with me. I know the locks won't stop someone who really wants to steal it but with so many unattended laptops sitting around it makes it less likely they will go for mine.
[+] [-] tyingq|6 years ago|reply
From tidbits in this thread, it sounds like a Veracrypt hidden volume with a distress passphrase, plus a fairly simple dead-man script wouldn't be hard to set up. Something like: kill sensitive processes, drop caches, wipe memory, then panic the kernel.
[+] [-] ColanR|6 years ago|reply
[+] [-] chacha2|6 years ago|reply
[+] [-] kulahan|6 years ago|reply
[+] [-] dotBen|6 years ago|reply
http://nypost.com/2020/01/02/man-dies-after-trying-to-stop-t...
Definitely don't go running after your stolen laptop, let it go.
[+] [-] abstractbarista|6 years ago|reply
[+] [-] Taniwha|6 years ago|reply
Debian was a particular problem until they switched to SystemD (which I think is possibly the only udevdaemon that gets it right) - even so some distros (Ubuntu I'm looking at you) screwed up starting the udevdaemon before they mounted root writable meaning that scripts run from it couldn't really do anything useful
Fortunately most distros are switching to SystemD so this will likely work in most places
[+] [-] Taniwha|6 years ago|reply
(that way you can write code that works with all init systems, largely by avoiding them)
[+] [-] jotm|6 years ago|reply
---1---
I have a OnePlus 6T with the stock ROM exclusively for my British phone number. On the 25th of December, someone from Canada logged into the GMail account used on that phone, from a OnePlus 3T.
The password was one randomly generated in KeePass (all of them are except for useless websites). They managed to change the password to the account, but seemingly nothing else, so that's just weird.
I received the notification on my other email, and recovered the account, reset the password, replaced with a new one.
---2---
Last week, I opened up a laptop I use for storage (3 drives fit inside, perfect for backups) and noticed a network drive with a Chinese name. It disappeared when I clicked on it. The laptop is always on connected to my router and to a VPN server.
Now I need to completely wipe the phone, root and use a custom ROM, as well as wipe the laptop (and two other computers?), upgrade OpenWRT on the router and change all of the passwords I guess. Yes, I still haven't done it heh.
---
----------->I am curious about your comments on this.<-----------
---
Never had anything really suspicious like this actually happen to me.
I don't even have anything good/useful on my devices, except a Keepass database with passwords to all bank accounts/emails/etc. If that's been opened, I'm a bit fucked, but I'd be receiving notifications on my phone and other emails.
[+] [-] therealmocker|6 years ago|reply
[+] [-] whatactuallywat|6 years ago|reply
Doesn't really matter though, it would've been mitigated by not keeping the KP database decrypted at rest or by using 2FA. Both of which are SOP for hardware token users.
For real, at this point if you don't have a yubi/nitrokey on your keychain, I assume you just don't care about actual account security.
[+] [-] ColanR|6 years ago|reply
[+] [-] tylermenezes|6 years ago|reply
[+] [-] sedatk|6 years ago|reply
[+] [-] savingGrace|6 years ago|reply
[+] [-] ShakataGaNai|6 years ago|reply
Yes, they could still be removed in some cases, but its often not for the feint of heart and not something many people would want to undertake.
[+] [-] Accujack|6 years ago|reply
The article's solution is amusing and "cool" but not really secure at all. If you're worried about physical security of devices, don't take them to coffee shops.
[+] [-] dbtx|6 years ago|reply
[+] [-] s_gourichon|6 years ago|reply
[+] [-] vgaldikas|6 years ago|reply
[+] [-] nkrisc|6 years ago|reply
("would've", not "would of")
[+] [-] Grazester|6 years ago|reply
[+] [-] jkrltifk|6 years ago|reply
[deleted]
[+] [-] RandomBacon|6 years ago|reply
There are USB devices that are so small, you can barely even see them in the port when plugged in.
Perhaps a hard-to-remove USB plug? (like child-proof plugs you might see in an electrical outlet)
[+] [-] amiga-workbench|6 years ago|reply
[+] [-] 0kl|6 years ago|reply
You could also just use a thicker cord.
The project, no offense to the author, could be renamed: long USB cable with a magnetic usb attachment.
> As of yesterday, that’s [stolen laptop] a hard attack to defend against.
Which is just wrong; the author did not invent anything here - anyone I’ve known that’s ever been worried about this scenario has implemented it already with <yubikey/access card/arbitrary usb>.
* extra PSA: if you’re worried about this but somehow haven’t already required 2FA for all your accounts and admin access on your laptop, then you should re-evaluate your threat scenarios.
[+] [-] krilly|6 years ago|reply
[+] [-] TedDoesntTalk|6 years ago|reply
Don't leave the house if you want to be safe.
[+] [-] linuxhansl|6 years ago|reply
[+] [-] sedatk|6 years ago|reply
[+] [-] bjg|6 years ago|reply
https://www.cnet.com/how-to/windows-10-dynamic-lock-bluetoot...