Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
IT Technology

This USB 'Kill Cord' Can Instantly Wipe Your Laptop if Snatched or Stolen (techcrunch.com) 67

An anonymous reader shares a report: Journalists, activists, and human rights defenders face a constant battle to keep files safe from a growing set of digital threats and surveillance. But physical attacks can be challenging to defend against, whether an opportunist snatch-and-grab thief or an oppressive government kicking down someone's door. This week, a project called BusKill launched a custom USB magnetic breakaway cable that acts as a "dead man's switch," locking a computer if someone physically snatches it and severs the magnetic connectors. BusKill has been in the works for more than two years as a do-it-yourself project. Anyone with the hardware could compile the source code, but it only worked on Linux and components quickly sold out. After a crowdsourcing effort, the cable is now available to buy starting at $59 and has an accompanying app that works on macOS, Windows, and Linux, allowing the person using the cable to easily arm and disarm the cable with a touch of a button.
This discussion has been archived. No new comments can be posted.

This USB 'Kill Cord' Can Instantly Wipe Your Laptop if Snatched or Stolen

Comments Filter:
  • I encrypt my home partition on ALL my installations, whether laptop or desktop. On servers I encrypt not only home, but /var and /opt. I also move the .ssh folder from /root/.ssh to /home/root/.ssh and set a link so that its content is only available after decryption of /home.

    • by JThundley ( 631154 ) on Friday December 17, 2021 @02:05PM (#62091307)

      And how would that stop someone from accessing your data if they grab your laptop while it's running and unlocked?

      • by SuricouRaven ( 1897204 ) on Friday December 17, 2021 @02:09PM (#62091317)

        Not an entirely hypothetical risk. If you believe the official story, Ross Ulbricht's laptop was obtained by that method. Investigators had evidence to suspect he was founder and chief admin for the Silk Road, but no concrete proof. They needed his laptop in an unlocked state, so they arranged an elaborate stunt at a public library where two undercover agents staged a fight to distract him, allowing a third to get close and grab the laptop he was using.

        • by waspleg ( 316038 )

          This was the first thing I thought of as well.

        • by lsllll ( 830002 )
          Unless someone was going to physically restrain the user, closing the laptop lid should be sufficient to achieve the same thing.
          • by Ksevio ( 865461 )

            Which is literally what happened

            • by lsllll ( 830002 )
              Come on man. First of all that's not what appears to have happened. They "grabbed" the laptop, not him. So this device may have worked, but I'd venture and say if you have one side of the strap connected to USB and the other to your wrist, they could still hold your wrist down while they cut the tie. The point I'm making is that if you throw force in there, no device is going to be good enough.
        • by idji ( 984038 )
          lock the laptop if the webcam goes black or shows someone else or doesn't show you for a few minutes.
          • You're advising people who are paranoid of surveillance to leave on an active webcam 24/7?

            • by jiriw ( 444695 )

              Yes. No problem GP should. There is a difference between people who are paranoid of surveillance and people who are paranoid of surveillance and tech savvy. The first group should blind their laptop camera with a piece of duct tape e.g.. The second group knows how to write (or at least eyeball) the software to let the camera do exactly what they want. For them keeping their camera active for whatever task they want to have it perform is a totally viable option. Definitely if they go so far as to script some

              • Another option that occurred to me is relocation to the Soviet-Russian territories although honestly I have no idea how ISPs work there, mobile or otherwise. At that point you can pretty much do as you please from what I understand, so long as you make a conscientious effort to practice good hygiene and not shit where you eat. Downsides might exist although I haven't taken time to envision any yet.

                In Soviet Russia, you live large like Waldo.
      • I balance a stick of sweating gelignite on my head. If anyone tries to snatch my laptop, they get blown to smithereens, alongside the laptop, immediately destroying the evidence.
    • These days all mobile computers should use software-based FDE, the extra CPU usage from it is so low now, there's no reason not to.

      • These days all mobile computers should use software-based FDE, the extra CPU usage from it is so low now, there's no reason not to.

        While you have to be very careful with SSD drive selection my favorite FDE solution to protect from theft is still good old fashioned Class 0.

        The HDD is literally a brick no reads or writes possible without first providing ATA password.

        Zero performance or power overhead, zero operating system / software compatibility issues.

        It does have downsides:

        Not all SSDs have a secure implementation.

        If you forget your password the drive may be permanently bricked.

        On some systems the ATA password is transformed by the c

    • That's what this is. The partition is encrypted with the stand LUKS.
      Then there is a udev rule that says when the USB device is removed, overwrite the LUKS headers and hard shutdown.

      The magnet on the USB cord is a bit of a distraction from what's actually going on.

  • "Journalists, activists, and human rights defenders face a constant battle to keep files safe from a growing set of digital threats and surveillance." So do the rest of us.
  • by BoRegardless ( 721219 ) on Friday December 17, 2021 @01:51PM (#62091259)

    My cat has done things like that!

    • Blaming your cat is probably the only way to avoid an obstruction of justice charge getting added on, anyway. So if you need this, make sure you have a cat.

  • by mveloso ( 325617 ) on Friday December 17, 2021 @02:02PM (#62091295)

    "Oh, I borrowed your cable to charge my phone, but it didn't fit so I put it back."

  • by Rhipf ( 525263 ) on Friday December 17, 2021 @02:16PM (#62091337)

    Unless something is just missing from the summary and article (yes I actually read the article to see if it was just the summary that was misleading) this cable doesn't "instantly wipe your laptop if snatched or stolen". At best it can "trigger a self-destruct command, which scrambles the device’s cryptographic keys, rendering the computer’s data inaccessible in just a few seconds" (on Linux only it appears). I suppose this "wipes" the computer in the sense that the encrypted data is unrecoverable (at least I assume that since the encryption key is scrambled the data cannot be retrieve even if you knew the previous key) but that isn't the same as actually wiping the laptop in seconds.

    I guess it is kind of arguing semantics though.

    • by raymorris ( 2726007 ) on Friday December 17, 2021 @02:45PM (#62091495) Journal

      You're right about what it does. You're also using a slightly outdated definition of "wipe".

      On SSDs, writing zeroes or other patterns to "every block" is not reliable, because sectors are not mapped the way you'd think. The way to "wipe" (sanitize) an SSD is by overwriting the SED encryption key. Many drives accept a "sanitize" command that does exactly that.

      Wipe could mean the Clinton wipe "like with a cloth". The DoD term is "santization".

      Two methods are considered more secure:

      Smelting at over 2900 degrees F.

      Turning it to powder in a specialized "shredder" that makes pieces no larger than 2mm in any dimension.

      A normally heavy-duty shredder, or a hammer, is no good because I can easily connect my Raspberry Pi to the flash memory chip and read the data after you smash the driver enclosure. Think of how small a micro SD card is. Only a small portion of that size is the actual flash chip.

      • by Rhipf ( 525263 )

        I wasn't assuming wiped meant that all the data blocks were set to zero but it sounds like the setting in Linux only "wipes" the data that is encrypted. If you are using a hard drive and only encrypt your data unplugging the cable will only "wipe" the data and leave the programs and OS intact (although useless so like I said kind of arguing semantics). If you are going to say that unplugging the cable instantly wipes the laptop I would think the very least it does is something similar to a fast format so th

        • > I would think the very least it does is something similar to a fast format so that technically the data is there but you would need to recreate the partition table.

          It's far, far more secure than that. Recreating the partition table, likely from one of the spares already on the drive, is easy peasy. Takes seconds. Cracking AES 256 takes longer than the universe will exist.

          Here's what that "at least" sounds like to a security professional who actually does cryptography:

          "Only mach 3.6? I would have thoug

      • You could probably just issue a [0, $end) block discard on the device. Unless you are a very high value target the effort to disassemble the device and check whether the flash was actually erased probably exceeds the value of the data.

        Then issue an ATA secure erase command to wipe the SED keys. That's about as close as you can get to total erasure of a SSD without physical destruction.

        If it were me, I'd design a device which contained the drive keys and self-erased on unclean power removal, along with drive

  • I'd rather have a camera watching for people with AI... my 2c

    • I'd rather have a camera watching for people with AI... my 2c

      A camera watching for "people with AI" or a "camera with AI" watching people? /pedantic

      [ Side note: Probably easier to find a camera w/intelligence ... :-) ]

      • by EvilSS ( 557649 )

        I'd rather have a camera watching for people with AI... my 2c

        A camera watching for "people with AI"

        So a Voight Kampff machine? Not sure we have those yet.

        • I'd rather have a camera watching for people with AI... my 2c

          A camera watching for "people with AI"

          So a Voight Kampff machine? Not sure we have those yet.

          Well... it seems finding people with actual intelligence is getting more difficult these days, so looking for people with artificial intelligence may be a good backup plan.

          • by EvilSS ( 557649 )

            I'd rather have a camera watching for people with AI... my 2c

            A camera watching for "people with AI"

            So a Voight Kampff machine? Not sure we have those yet.

            Well... it seems finding people with actual intelligence is getting more difficult these days, so looking for people with artificial intelligence may be a good backup plan.

            So we should probably build one. I'll start a kickstarter.

        • Have you ever retired a human by mistake?

      • I'm a person with AI that watches cameras you insensitive clod!

        • I'm a person with AI that watches cameras you insensitive clod!

          Sorry, my bad. I try to be inclusive. :-)

    • I'd rather watch people with Bob, he's my best friend, Al's a jerk.
  • I never understood the part of Elysium where the bad guy loads the keys in his head and elects to be killed or paralyzed if his memory is stolen or why the data could come off of a PC into his head but could only be downloaded from his head to another head
  • In order to delete your drive in the amount of time, it would take for a crook to steal you laptop and get access to the data. There wouldn't be enough time to do a full wipe of the disk, but just the filesystem records.

    The actual data is still there floating on the disk, and someone can still get to the data, and the sensitive stuff.

    • by EvilSS ( 557649 )
      Sure, if you are not encrypting the drive (or portions of it). From TFA:

      but Linux users can further configure the app to trigger a self-destruct command, which scrambles the device’s cryptographic keys, rendering the computer’s data inaccessible in just a few seconds.

      • Just as much as I didn't RTFA, The end users why buy this, probably will not bother doing the extra work to make sure everything else is secure.

        It seems every time we get a safety device, people will at least initially abuse the feeling of safety and be overconfident and do stupid stuff.

        • by EvilSS ( 557649 )

          Just as much as I didn't RTFA, The end users why buy this, probably will not bother doing the extra work to make sure everything else is secure.

          It seems every time we get a safety device, people will at least initially abuse the feeling of safety and be overconfident and do stupid stuff.

          I mean, how many "users" use linux on their laptops though? For the rest, it just locks the device like windows-L or whatever the Mac equivalent is. One would hope if you are someone who might be targeted like this, you would already be taking other precautions like using full disk encryption and disabling biometrics.

        • A related essay I wrote: "Why Encryption Use Is Problematical When Advocating For Social Change" https://pdfernhout.net/why-enc... [pdfernhout.net]

          While the essay has a different emphasis from the main topic here, most of the issues mentioned there apply here and echo your insight. Essentially, if your computing system is compromised by malware on any level from hardware to firmware to OS to application, then your use can be monitored. And if you communicate with anyone, those communications can be monitored in various ways

    • You're think of old fashioned spinning rust drives.
      See:
      https://tech.slashdot.org/comm... [slashdot.org]

    • by AmiMoJo ( 196126 )

      Most SSDs have an instant wipe feature. They encrypt data in the flash memory, and when the wipe command is sent the key is destroyed and a new one generated.

    • by WaffleMonster ( 969671 ) on Friday December 17, 2021 @05:12PM (#62092171)

      In order to delete your drive in the amount of time, it would take for a crook to steal you laptop and get access to the data. There wouldn't be enough time to do a full wipe of the disk, but just the filesystem records.

      Most modern SSD drives are encrypted by default whether people realize it or care. All it has to do is wipe encryption key and all data is as good as gone.

      A secure erase of my 1TB drive takes all of one or two seconds.

  • Quite easy [reddit.com] to build...
    And why should one limit to USB [fiftythree.org] !?
  • First the say 'wiping' then it's just lock/unlock, so IOW this is just a login-key that they just have to steal with it?

  • by JustAnotherOldGuy ( 4145623 ) on Friday December 17, 2021 @03:29PM (#62091737) Journal

    This sounds like a landmine just waiting to be stepped on.

    The chance of Joe User activating it by accident seems to be a lot more likely than having to yank the cord when the FBI knocks on your door or due to a random, opportune theft by some scumbag.

    It just seems kinda hair-trigger to me, but I'm sure it has its applications.

    • To be honest, this sounds like it would be perfect for Military or Intelligence agencies to use. On the other hand, it is such an obvious idea, I can't imagine that nothing like it exists in those agencies.

    • This sounds like a landmine just waiting to be stepped on.

      For 99.9% of users, even those handling sensitive documents, simply locking the device or powering down is more than effective enough when used in combination with disk encryption.

      • For 99.9% of users, even those handling sensitive documents, simply locking the device or powering down is more than effective enough when used in combination with disk encryption.

        Agreed. Honestly, I'd be afraid to use this thing...one minor misstep and you're screwed.

        For example, I can easily imagine a cat or a dog or a child hitting the cord by accident and blowing your data into the void forever.

        • No you're not screwed, don't jump to conclusions. This device just locks your computer. It "can" (English word describing a possibility not a certainty) on Linux be manually configured to nuke your encryption keys. That's not what it does by default.

          • I don't know- the title says "This USB 'Kill Cord' Can Instantly Wipe Your Laptop if Snatched or Stolen"

            It sure sounds like it's blowing your data away. (??)

            • I know this is Slashdot, so it's not the thing the "cool" people do, but TFA has a lot more information than what is condensed into 13 words. Also the title still uses the word "can". Not will. Not shall. Not does. But can.

  • Yeah, we've been doing this with the Griffin magnetic USB breakaway and Tails for several years.

    Stay safe out there.

  • Let me put it clear:

    If you think that the NSA or the CIA is after you and following you in person, ready to grab a running laptop from your hands while you look away at the coffee store, then please:

    * don't think that they can not understand that you bought this piece of HW and will know it's flaws
    * have somebody with serous computing experience look at the architecture which these people propose
    * just dont work in public places.

    For all others:

    * Think about errors of first and second kind. That thing doesn'

  • If the threat actor in your threat model is a nation state, do assume that they're already busy developing a countermeasure. Of course, that doesn't mean the agents coming to snatch your device have that countermeasure on them or apply it correctly - but don't be foolish in assuming this makes you safe.

    The main design flaw I see is that it looks not like an ordinary cable.

    I want this as a function for Magsafe connectors. Something that is innocent and doesn't telegraph "security lock-out" to anyone in the k

After all is said and done, a hell of a lot more is said than done.

Working...