Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers, Activists, Journos: How To Build a Secure Burner Laptop (vice.com)

Posted by timothy on from the obscurity-helps-but-does-not-suffice dept.

sarahnaomi writes to describe a presentation by security researcher Georg Wicherski at the t2'15 infosec conference; Wicherski outlined in his talk several steps that could be taken to render an ordinary Chromebook immune (or at least very, very resistant) to malware attacks, even when an adversary has physical access to it. These customizations make it difficult for an attacker to use any sort of turnkey solution, presenting a barrier to any off-the-shelf equipment attackers might use. At border crossings, Wicherski said possible attackers might have "an appliance, that comes with a manual, and low-skilled operators." By using a setup that is not very common, the border cops might not know what to do.

9 of 139 comments (clear)

  1. Where's the link? by cruff · · Score: 4, Insightful

    I don't see a link to said presentation...

    1. Re:Where's the link? by Last+Warrior · · Score: 1, Insightful

      I'm skeptical about the whole thing. The base platform is a chromebook. By definition, chrome and anything developed by google has hooks which phone-home. If you are going to build a locked down system, you should probably start with something that doesn't already leak like a sieve and have build in backdoors and malware in the operating system.

  2. Security by Obscurity by Anonymous Coward · · Score: 2, Insightful

    I certainly won't read the RTFA, as an AC, but this seems silly. You are saying that by using obscure hardware and software, attackers won't know how to put their off-the-shelf industrial malware on your equipment? Anyone with such a large-scale operation will either find another way in, or be eclipsed by all the malware that gets there by other means anyway.

  3. they know EXACTLY what to do by Anonymous Coward · · Score: 5, Insightful

    might have "an appliance, that comes with a manual, and low-skilled operators." By using a setup that is not very common, the border cops might not know what to do.

    Oh, they know exactly what to do.

    "..border guards confiscated his laptop and phones and detained him, telling him he would not be allowed to leave until he gave them his passwords."

    This is a solved problem as far as they are concerned. You sit in a room until you unlock the device for them. Lawyer? You don't get no steenkin' lawyer.

  4. Re:If border cops don't know what to do, by sexconker · · Score: 5, Insightful

    No, they'll keep the device, beat and rape you, then illegally hold you without charging you anything and without granting you access to a lawyer.

  5. Re:If border cops don't know what to do, by myowntrueself · · Score: 5, Insightful

    No, they'll keep the device, beat and rape you, then illegally hold you without charging you anything and without granting you access to a lawyer.

    Except it won't be illegal because it'll be at the border.

    --
    In the free world the media isn't government run; the government is media run.
  6. Re:way to go DHI by myowntrueself · · Score: 5, Insightful

    It's a shame that TFA seems to suck, because this is a big concern for a lot of people. I encrypt my laptop, but at the border your rights are severely diminished and they can do all sorts of nasty things to you. So far the best option seems to be to carry an innocuous laptop with nothing of interest on it, and mail myself an encrypted flash drive with the real OS and data on it.

    Even with a phone you can do a "nandroid" backup (on Android) of the real OS, wipe it back to factory and then restore when you reach safety.

    And that backup goes online, encrypted and you download it once you are across the border.

    Done that with laptops as well.

    --
    In the free world the media isn't government run; the government is media run.
  7. I default boot to Windows for TSA, customs clerks. by raymorris · · Score: 4, Insightful

    Personally, when I vacationed in Jamaica I set the bootloader to default to Windows rather than a serious OS with anything important on it. That should take care of 99% of TSA employees making $12/hour, and front-line customs clerks. The people I dealt with were probably working at Taco Bell the month before, they weren't top-tier forensic scientists.

  8. Why do you need a "secure" burner laptop? by pla · · Score: 4, Insightful

    Why do you need a "secure" burner laptop?

    I don't mean that in the "if you have nothing to hide..." sense, but rather, the whole point of a "burner" comes from the fact that it doesn't have anything to hide on it. You pretty much just revert it to OEM condition before each trip, and if some hostile government-authorized terrorist agency like HSI (formerly ICE) decides to steal it from you (or hell, if a random thief decides to steal it from you), you haven't lost anything but the hardware.

    Hey, I completely agree that we shouldn't have to put up with that sort of bullshit or take steps like prepping a burner laptop every time we want to go on vacation; but "securing" it just makes it look even more tempting to the idiots at the gates; similarly for setting up a UI that Officer Shout-and-Taze doesn't immediately recognize as Windows or OS X or Android or iOS.

    If you want to make a stand, I fully support you. But if you just want to get on with your day, spare yourself from your own cleverness, and just restore to factory default and give it a highly secure password like "password".