Hackers, Activists, Journos: How To Build a Secure Burner Laptop

sarahnaomi writes to describe a presentation by security researcher Georg Wicherski at the t2'15 infosec conference; Wicherski outlined in his talk several steps that could be taken to render an ordinary Chromebook immune (or at least very, very resistant) to malware attacks, even when an adversary has physical access to it. These customizations make it difficult for an attacker to use any sort of turnkey solution, presenting a barrier to any off-the-shelf equipment attackers might use. At border crossings, Wicherski said possible attackers might have "an appliance, that comes with a manual, and low-skilled operators." By using a setup that is not very common, the border cops might not know what to do.

Re:they know EXACTLY what to do

Someone didn't RTFA.

This isn't about stopping the border police from reading the contents of your laptop, it is about stopping them from installing spyware in the BIOS. The described mechanism involves clipping a pin off the flash chip rendering it read-only. No regular border cop is going to know how to deal with that and no amount of rubber-hose decryption is going to undo it.

Like all security measures, it isn't about being 100% secure, it is about raising the costs to the attacker.

Re:Why do you need a "secure" burner laptop?

[aaaaaaargh!]

I think the idea of this admittedly cryptic article is to have a laptop that is temporarily secure against certain spyware modifications so it can later still be used to download the encrypted data on the other side of the border. The alternative is to buy a new computer every time you travel.