Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
IT Technology

New USB Cable Kills Your Linux Laptop if Stolen in a Public Place (zdnet.com) 151

A software engineer has designed a so-called USB "kill cable" that works as a dead man's switch to shut down or wipe a Linux laptop when the device is stolen off your table or from your lap in public spaces like parks, malls, and internet cafes. From a report: The cable, named BusKill, was designed by Michael Altfield, a software engineer and Linux sysadmin from Orlando, Florida. The idea is to connect the BusKill cable to your Linux laptop on one end, and to your belt, on the other end. When someone yanks your laptop from your lap or table, the USB cable disconnects from the laptop and triggers a udev script that executes a series of preset operations.
This discussion has been archived. No new comments can be posted.

New USB Cable Kills Your Linux Laptop if Stolen in a Public Place

Comments Filter:
  • Edge case... (Score:5, Interesting)

    by Pyramid ( 57001 ) on Friday January 03, 2020 @09:03AM (#59581918)

    I fail to see the point given most laptops are stolen when they're left unattended anyway. A better idea would be a boot script that looks for a nearby RFID or NFC tag and executes a wipe if it's not present. Or simply fails to decrypt a volume.

    • by atisss ( 1661313 )

      You could just use BlueProximity for that. However i guess you would have very high accident rate.

      I fail to see how cable can be accident-proof. Even remote wipe would be safer. Perhaps very niche top-secret data could use this, but then you need very good backups

      • Re:Edge case... (Score:5, Interesting)

        by weilawei ( 897823 ) on Friday January 03, 2020 @09:29AM (#59582014)

        My work is already backed up by source control, local scheduled backups, remote backups, and, at least among engineers, this seems the norm.

        The potential loss to my employer for losing a work device would be much greater than any downtime. So we make sure devices fail locked or destroyed.

        I've always used full disk encryption when available, and it's much cheaper for me to lose a little time than to suffer a break-in. I would much rather that instance of the data be wiped on any separation from my person.

    • Re:Edge case... (Score:4, Interesting)

      by ThomasBHardy ( 827616 ) on Friday January 03, 2020 @09:12AM (#59581944)

      I assume the point they are targeting is if your laptop is already unlocked when stolen. I fit was unattended, it should be off or locked already and existing security measures in place can handle that scenario.

      • Re: (Score:3, Insightful)

        by DarkOx ( 621550 )

        I can see this being a good theft deterrent for things like tablets and smart phones too. You could have a belt clip mounted extended batter to keep the device charged too. Make the cable bright orange etc so would be "purse snatchers" can see you are using it. Like "The Club" used to be for cars.

        These days a locked smart phone might as well be brick where petty criminals are concerned. All removing the cable would need to do is lock the device. That way they'd know their simple snatch and run won't net th

        • Phone have a remote delete option on them. Which is one reason why stealing phones isn't as common as it use to be. Also the phone has the ability to be tracked. So the thief will need to attend to a pissed off victim.

          • So the thief will need to attend to a pissed off victim.

            An angry smartphone user; how threatening... what are they going to do, 'record you to death?' They haven't got their phone. ;)

          • Re: (Score:2, Interesting)

            by Anonymous Coward

            Stealing phones has morphed -- the bad guys now wave a gun/knife in your face and ask for your PIN, then put the phone into airplane mode. Or, they just grab the phone, put it into a foil lined bag, let it sit for a week or two, then disassemble it.

            Plus, phones are still a hot item. A new iPhone 11, even if it will never can activate again, can sell for hundreds of bucks, just for parts. Lots of people want Apple screens, because third parties bring issues.

        • "Make the cable bright orange etc so would be "purse snatchers" can see you are using it"

          Why? Just use a cable attached to a grenade in your purse.
          Much more fun.

      • Re:Edge case... (Score:5, Interesting)

        by Zocalo ( 252965 ) on Friday January 03, 2020 @10:10AM (#59582168) Homepage
        On the subject of edge cases, IIRC, Ross Ulbricht (of Silk Road fame) was busted in a library while his laptop was unlocked, thus enabling the Feds to easily gain access to the contents and build their case. If he'd had one of these attached there's a good chance his data would have been wiping itself as soon as they grabbed him to put the cuffs on, and in doing so making it a least a little less likely he'd be enjoying his current room and board arrangements in Club Fed.

        See also USBKill [wikipedia.org], which was specifically created in response to the above arrest.
        • Ross Ulbricht (of Silk Road fame) was busted in a library while his laptop was unlocked, thus enabling the Feds to easily gain access to the contents

          ...easieraccess; FTFY.

    • Re:Edge case... (Score:4, Insightful)

      by Rockoon ( 1252108 ) on Friday January 03, 2020 @09:14AM (#59581948)
      RFID/NFC:

      Consider that these wireless things are not always readable. Someone is operating a microwave near by... or sunspot activity is high... I have numerous wireless peripherals that occasionally have issues... whatever operation is performed automatically when these arent seen would need to be pretty lenient to a failure to communicate.

      USB Dongle tied to belt:

      Tied to your belt, one wrong move by you or others and the system kicks in. Again it needs to be pretty lenient.
      • by Megane ( 129182 )
        If you're going to tie shit to your belt, you might as well make it a Kensington security cable. As a bonus, no code required!
    • Re:Edge case... (Score:5, Interesting)

      by kobaz ( 107760 ) on Friday January 03, 2020 @09:16AM (#59581958)

      RFID sounds much better... I believe this is a solution in search of a problem.

      The recent guy who got his laptop stolen at starbucks and died while in pursuit seems like an isolated incident. Who the hell has the balls to take something out of someone's hand, in a starbucks??

      Me personally, if I'm going to be traveling, I bring my 'throw away' laptop. It's a dell i5 refurb with decent specs that I got for like $300 on [you know what store]. It took a few attempts actually to get this little guy. The first one I ordered was a DOA and they took it back no questions asked and send a replacement that actually worked.

      This travel laptop is truecrypt'd and mostly used as a thin client anyway. If i was forced to divulge my password, all they would get is my vpn certificates which would be revoked anyway if after connecting they don't also log into the auth server within 15 minutes.

      My $300 laptop is not worth dieing over.

      • Re:Edge case... (Score:5, Interesting)

        by Pascoea ( 968200 ) on Friday January 03, 2020 @10:29AM (#59582242)

        Who the hell has the balls to take something out of someone's hand, in a starbucks??

        People who haven't yet learned that actions have consequences. I was literally right next do a dude that had his phone stolen on a light-rail. Now that I know what was about to happen, it was a very well orchestrated maneuver, one that appears to have been practiced before. They found a guy that was in the seat right next to the door that had is phone in his hand. Just as the door was about to close they snatched it out of his hand and were out the door before anyone within 10 feet knew what was happening.

        • Another reason I always prefer to sit with my back to a wall, and away from the door but facing it.
        • Sounds like the Baltimore light rail. Back before I decided my personal safety was more important than saving a few bucks taking that thing, the usual suspects tried to get my phone a few times . . . everything from, "hey, can I borrow your phone to make a quick call?" to being eyeballed in the exact manner you discuss. After awhile, the only winning move is not to play.
      • Re: Edge case... (Score:2, Insightful)

        by Type44Q ( 1233630 )

        Who the hell has the balls to take something out of someone's hand, in a starbucks??

        Rest assured the victim is akways sized-up except by the most deranged individuals... "Bernie Getz Syndrome," if you will. This lies at the heart of why the [wimpiest looking] of you fuckers need to be packing heat - not so you can blow some sorry fucked-up soul away - and live with potential guilt and regret for the rest of your life, unlike that psychopathic SEAL - but rather so that all but the most addled potential muggers have no fucking clue who is and isn't armed.

        • Re: Edge case... (Score:5, Insightful)

          by Chelloveck ( 14643 ) on Friday January 03, 2020 @12:46PM (#59582788)

          So let's examine the possible outcomes here:

          1. Guns are carried, but no one is actually willing to use them. Thieves learn this and are not deterred.

          2. Guns are carried and people are willing to use them. Thieves see more risk to themselves, but some are still willing to try for the ol' snatch-and-run betting that they can get away before guns are drawn. Good guys with guns open fire in a crowded Starbucks or on the subway. Property is damaged in excess of the value of the stolen item. Innocent bystanders are wounded or killed.

          2a. As I understand it, even when states have "stand your ground" laws they only apply when you believe your own life is in danger. A purse snatcher running away is not a danger to your life, meaning people would be less likely to open fire in the first place. See scenario 1.

          Frankly, I can't see how either situation is an improvement. Guns simply aren't a deterrent when the thieves' entire MO is that they can grab something and get away before anyone has time to react.

        • not so you can blow some sorry fucked-up soul away - and live with potential guilt and regret for the rest of your life

          Oh noes, I've got guilt and regret and angst for the rest of my life .... but only if I missed.

          Really, no. You don't kill someone over a phone. You only shoot to wound. You aim to KILL because they'll sue you over pain and suffering and who-knows-what-all if you don't. (You can thank overreaching lawyers for that. "My client is now crippled for life." "...while he was robbing a store at gunpoint. Now he won't sway while he's aiming. You're welcome.") Having a gun is ONLY a deterrent if all / most /

          • It's a very sad country that you live in, I pity you.

          • .. and live with potential guilt and regret for the rest of your life

            I'm okay with that. Yeah, I'll take that "rest of my life" thing over being dead or maimed.

            If it's true, at least I'd be alive to feel guilty and I'm more than willing to put up with some guilt as long as it means I'm still alive.

            And yes, I carry daily, and I have for ~30 years. I'm not the guy you have to worry about.

        • by Big Boss ( 7354 )

          I support 2A and CC. Please do not suggest that people use firearms for petty theft. That is illegal in most areas as is shooting someone who is running away. Most areas that allow self-defense with firearms only allow it when defending life and death situations. Stealing a phone or laptop is very unlikely to meet that requirement.

      • Comment removed based on user account deletion
        • by kobaz ( 107760 )

          Depending on the nation you're visiting, failure to decrypt or provide login credentials could get your ass into serious trouble. Don't like the rules, don't visit that nation. Technology has nothing to do with it when you're told by the authorities that YOU, personally, fucked up abiding by the law.

          What I'm saying is. yes, if *forced* to give a password to decrypt it, it's not actually a big deal. There's no customer data on there, there's nothing much of value other than bookmarks to some good xkcds and a vpn certificate tucked away in /etc/openvpn

          But if someone WAS competent enough to log into it, the connection would fire up I'm sure, they'll be able to ping and traceroute things, and eventually the connection is just shut off. It's not like walking into a hotel where you need to 'accept the po

      • I believe there is more to this story.

        Three people were involved in this theft. The thief, the person who held the door open and the driver. I think either the victim was deep into crypto currency, high finance or legal fields , or was a Govt contractor with some top secret info.

        The extent he took to do a flying leap into an SUV window is rather telling about the value of the laptop /data to him.

        Or he was just reacting stupidly to a common theft.

    • Other then deleting data... Which would take a long time if done in a non-recoverable action. I would just say send a power off function.
      And let a strong encrypted volume protect yourself, as long as you give your laptop a strong encryption password. For cases in which you feel your data is more valuable then the laptop hardware, I would expect you should be following best practices, vs an auto destruct switch.

      If I wanted a laptops data. I would power off the laptop, extract the drive make a copy of the da

    • by mark-t ( 151149 )
      Perhaps, but in the same vein as purse snatchers, there are some people who will grab something from right in front of you and dash off, and unless you were really expecting something like it would happen, they can disappear in a crowd faster than you can follow.
    • Why not a Bluetooth device? Works over large distances and even through walls. So you could go to the bathroom and leave your laptop on the table. The device could communicate that it lost connection, so you know if you walked past a particularly solid wall, or someone turned on a microwave and you need to go turn off the countdown.

      You could even incorporate buttons that control the settings, like turning off or delaying the wipe when you are leaving the laptop.

    • by dbialac ( 320955 )

      Given the consequences of a far more likely false positive, neither option seems like a great idea. I put this up there with Bike Mine.

    • OPAL (Score:4, Informative)

      by JBMcB ( 73720 ) on Friday January 03, 2020 @11:12AM (#59582406)

      Isn't this the idea behind self-encrypting drives? You put the decryption key (or part of one) on a thumb drive, and the laptop won't boot unless it's inserted. Combine this with an administrator password on UEFI, and the laptop is just about useless to the average thief.

    • The founder of the silk road could have used something like this.

      Two life sentences...

  • Let's reverse that and make USB cables that once we synch them to our allowed devices will kill anything they get plugged into :evilemoji:

    Tired of "losing" USB cables.

    Disclaimer:
    This post is intended as sarcasm. Any legal and technical obstacles to said post are irrelevant to the humor value and are not subject to normal rational evaluation. All rights reserved. Copyright 1/2/2019.. dammit 1/3/2020 I mean.

  • by Nidi62 ( 1525137 ) on Friday January 03, 2020 @09:10AM (#59581932)

    Have the removal of the USB trigger a script that when the laptop is opened it displays that gif of a countdown timer with Arabic writing and the speakers play a recording saying "I am a bomb!"

    That, or just have the belt lanyard connected to an exploding ink pack or a glitter bomb attached to the top of the laptop.

  • Can the script send the batteries into thermal run-away?

    • Why not send power to the surface of the laptop instead?
    • Re:Burn'em (Score:4, Informative)

      by flink ( 18449 ) on Friday January 03, 2020 @10:54AM (#59582324)

      Can the script send the batteries into thermal run-away?

      Probably not. The protection circuit for that sort of thing is usually built right into the battery (if the battery is removable) or is part of the power circuit on the laptop in the cases where the battery is integrated. I suppose you could build your own battery where the protection circuit could be selectively disabled and short the battery, but now you've got an incendiary bomb sitting on your lap, and you are way more likely to accidentally set of the circuit yourself than get your laptop stolen. Plus the risk of burning your house down while you sleep.

    • Galaxy Note 7 does that if damaged

  • Would the laptop be wiped and then re-imaged by the thief anyway? Wouldn't this device actually *help* the thief?
    • by Neon Spiral Injector ( 21234 ) on Friday January 03, 2020 @09:20AM (#59581974)

      That was one of the two thoughts I had.

      The other was that it'll be fun when you forget that the cable is connected to your belt loop, and get up to throw away a cup, or get more ketchup, or what ever, and wipe your laptop.

    • by Bert64 ( 520050 )

      The victims tend to be most concerned about data being taken, but most thieves don't care about the data and are only interested in the monetary value of the hardware or the parts it contains.
      Laptops are easy to sell, for data it's much harder to find an interested buyer assuming you have the skills to extract and identify the data.

      • So it's win-win for all concerned.
  • by Anonymous Coward on Friday January 03, 2020 @09:21AM (#59581980)

    imagine how many times this cable would get yanked out by mistake ~ dumb idea

  • by sinij ( 911942 ) on Friday January 03, 2020 @09:26AM (#59582000)
    Physical security requires physical solutions, as such this is categorically wrong approach to address grab and run attacks. For example, if you are going to attach laptop to your belt, why not make it robust enough to prevent theft in the first place?

    Kill switch may be a useful mechanism in protecting your data, but it is not effective theft deterrent.
    • Re:Physical security (Score:4, Interesting)

      by DarkOx ( 621550 ) on Friday January 03, 2020 @09:31AM (#59582024) Journal

      Because the laptop isn't robust enough to survive an attempted force removal either. These things aint built like they were in the days of those steel cabled locks on desktops.

      Because I want to discourage people from attempting to steel my laptop not place myself at a high degree of additional injury risk in the process. Just making the
      "kill cable" bright orange or something would probably be enough. Let the crooks know they are just going to get a brick for their effort.

      • by sinij ( 911942 )
        Modern laptops are not necessary fragile, search for rugged laptops if you are interested in finding one.

        For theft deterrent to be effective it has to be obvious. Your solution, a brightly colored cable attached to the laptop, could be just about anything. A potential thief, even after reading this /. article, would not immediately assume that a cable attached to a laptop is a kill switch. I think you would be better off with a fake "US Gov't Property - Satellite Tracked Asset" sticker on the lid.
    • Just use one of those laptop cable locks and loop it through your belt. Problem solved.

  • I don't get it. (Score:5, Insightful)

    by mcmonkey ( 96054 ) on Friday January 03, 2020 @09:34AM (#59582030) Homepage

    First, I'm going to trigger this a dozen times just getting up to stretch my legs before anyone attempts to steal my laptop.

    Second, the person stealing my laptop is after the hardware. Any kill switch to lock down or delete data is irrelevant.

    Third, if my laptop does contain data that makes it a target beyond just pawning the hardware, why am I using it in public?

    This is a curious proof-of-concept type toy, but I'm not seeing the real-world application.

    • by sinij ( 911942 )
      The real world application is someone concerned about shouts "FBI" followed by their door being knocked down. In this case such device will be effective at protecting your data, assuming you have a hard encrypted backup with plausible deniability image full of legal porn to justify the existence of encryption.
  • by Misagon ( 1135 ) on Friday January 03, 2020 @09:34AM (#59582034)

    Telling the world about it would only make "pranksters" yank your USB cable when you're not looking.

    I think a better solution would be to have hard encryption of your harddrive, a wireless tag (RFID, BT or whatever) that keeps you logged in if in proximity, and a login prompt that wipes the drive after n failed login attempts or after m hours of not authenticating (login, proximity to tag, or location-based).
    BTW, you shouldn't have sensitive data on a laptop anyway. It should be on the network servers, always, and you only log in from the laptop.

  • I'd rather have a process which checks whether my phone is within Bluetooth range when the machine powers on, or the screen unlocks. If it isn't then the process just overwrites the decryption key for my data volumes with garbage and changes the screensaver to read, "Property of keithdowsett@somedomain.com Phone: 001-234-5678"

    If it's a genuine error, then I have to restore the decryption key from a USB key and I can resume working. If my laptop has been stolen any confidential data is secure and there's

  • Impractical (Score:4, Insightful)

    by RobinH ( 124750 ) on Friday January 03, 2020 @09:48AM (#59582086) Homepage
    This replaces a rare problem (someone running up and stealing my laptop while I'm working on it) with a host of common problems (cable failures, software problems that fail to detect the cable, having to go to the bathroom, etc.). A more practical solution would be a laptop lock cable [walmart.com] that attaches the laptop to the table.
  • Comment removed based on user account deletion
    • They are grade-A assholes, even the drug addicts.

      Those people need help. Addiction is hella shit and people hit the breaking point relatively-easily.

      • Almost all addicts choose to become addicted. No one is forcing them to scrap up some Oxys from acquaintances. No one is forcing them to lie to their doctor about drug-seeking. No one is forcing them to shoot heroin. No one is forcing them to do blow.

        By and large all addicts made a choice to become addicted to something. There are exceptions, of course. Sex workers forced to get hooked, etc.

        But if an addict tries to steal your shit, it's not your responsibility to combat addiction in your community, but it

        • Addicts also may make a choice to stop being addicted, yet find that they are now unable to execute on that choice because addiction sucks.

          I could hold you to the same thing: you've no doubt made bad choices in your life, thus you're a worthless human being. The only difference between you and a drug addict is your stupidity didn't have severe long-term consequences--you got lucky--so you're no different than a heroin addict.

          • Sorry, but that's bullshit, people don't just wake up one morning to find themselves addicted to Oxycontin. Yes, I know there are a lot of people out there who take the stuff for chronic pain, I get that, but there are also a lot of people who just sat around after their surgery, didn't decide to follow the doctors advice to get MOVING, and became stoned lumps for weeks after surgery.... THATS how people become an addict. It's like people who went from rich to homeless......it didn't happen overnight. At s
    • Yes, that might work. Although, you might get a problem where someone sits somewhere with a laptop, till the first person they don't like comes passed, and then "beats them into the ER" using the laptop law as the excuse they need.

    • by Nidi62 ( 1525137 )

      Letting people legally tackle thieves and beat them into the ER with zero civil or criminal liability would be the decentralized, systematic disincentivizing you're looking for.

      Well there was that guy earlier this week who died chasing after someone who stole his laptop from Starbucks. That's why it's not really encouraged to chase after them.

    • The Texas/Louisiana statutes that you can stand your ground in defense of your property.

      Yes, there are such laws in many states within the USA. What every such law requires is some evidence of the defense of your property rising to the level of a felony. Some prankster going around in daylight stealing newspapers is not defense of property that would allow for a "stand your ground" defense. Rattling doorknobs late at night might do this, I emphasize might. I lived in Texas for a while and I recall laws like this coming up in conversation with co-workers and acquaintances. One distinction

  • Insurgents and activists have been using similar scripts for a long time - yank out a USB thumb drive and it triggers a script wipes he disk.

    • Wouldn't a cable like this just be a loopback device with a script that checks if pings are still being sent around the loop? Think those foil traces on windows to detect breakage. Not very secure at all. I hope this thing works as an encryption physical key as well as a detector.
  • It's actually a system that runs a script when the cable is removed. What that script does is up to you.

    The idea is to connect the BusKill cable to your Linux laptop on one end, and to your belt, on the other end. When someone yanks your laptop from your lap or table, the USB cable disconnects from the laptop and triggers a udev script [1, 2, 3] that executes a series of preset operations.

    These can be something as simple as activating your screensaver or shutting down your device (forcing the thief to b

  • Wiping data only because the connector was yanked out is crazy. It's better having an encrypted FS and letting the script just shutdown and poweroff the laptop. So, no cold boot attack is possible yet the data stay there.
  • and sleep mode does?

  • Because this sounds very much like an accident waiting to happen. Get the cable snagged somewhere? Oops, reinstall! Something falling and hitting the cable? Reinstall.

  • Number of times someone has grabbed my laptop in public: 0

    Number of times I've accidentally pulled a USB device out of my laptop: 100+

  • by Solandri ( 704621 ) on Friday January 03, 2020 @11:34AM (#59582492)
    Most laptops already come with a slot [wikipedia.org] for a security device [noblelocks.com]. If you're this paranoid about it being stolen, just buy the lock and cable, loop it around your belt, and attach it to your laptop.
    • See that rivet on the lock?

      That's the weak point. Give it a good hard turn 90 degrees, and I bet the rivet pops. I'd also question how they attached the cable, because there's an awful lot of ways to apply force to something without applying force to the laptop attached to it. (I once designed a device to snap locks by using an extremely high loading on a set of dynamic lines, with a trigger to release that load onto a single static line. The idea was to separate a lock from a bike and a bike rack without d

  • Trust not, suffer not. And if you see any shady character around, clutch your laptop. Don't worry if somebody thinks you're racist or whatever. Their feelings don't count vs keeping your laptop.
  • So, the people who steal laptops -- are they largely motivated by stealing the DATA on the laptop, or are they generally just trying to grab something that can easily be fenced so they can get their next meth fix? If the latter, congratulations, you've just wiped it for them and prepared it for resale.

  • If you're going to attach it to your body... why not use a braided steel cable so they can't steal it at all? Pretty dumb idea.

  • After all, NOBODY has yanked a cable out of their computer by accident, or suffered a cable / connector which is temperamental and sometimes disconnects for no reason.

    If you're so fucking paranoid that someone will steal your laptop then do whole disk encryption and use a strong password.

  • The Dread Pirate Roberts (Ross Ulbricht) really could have used this.
  • I have a much much much better idea. I have only recently implemented it.
    My home directory is on an encrypted USB stick. With USB 3.0, the speeds are insane.
    My computer is basically a piece of white goods -- it has the operating system, it boots up, but it doesn't actually have _anything_ that belongs to me. Everything is in the LUKS-encrypted USB.
    I have an entry in /etc/crypttab that looks like this:

    H /dev/disk/by-uuid/XXXX-XXXXX-XXXX-XXXX- none luks

    Which means that Ubuntu will ask for a password to decryp

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...