Don’t Steal This Laptop

As laptops have become smaller and easy to carry around, they have also picked up the most unfortunate property of being easy to steal. We’ve read the stories of how some victims are able to track them down via webcam still images of the thief. [Mastro Gippo] decided to take it one step further and add a remotely operated hardware self destruct to his laptop. The idea is if the laptop becomes unrecoverable, it will become useless and any sensitive data will be destroyed without harming the area around it.

It’s somewhat inception like, as it’s a hack within a hack. It’s based on the Crunchtrack, a CAN bus reverse engineering tool equipped with GPS and a SIM800 GSM module, which was also developed by [Mastro Gippo]. The idea is to tuck the small board somewhere in the laptop and wire it up between the battery and some sensitive parts. Send a single SMS text and ‘poof’, bye-bye laptop.

He wrote all the code in less the 24 hours for the BattleHack Hackathon. He decided to spice up the act with some firecrackers and a detonator, which made his team the crowd favorite and earned a victory.

74 thoughts on “Don’t Steal This Laptop

          1. ” The idea is if the laptop becomes unrecoverable, it will become useless and any sensitive data will be destroyed without harming the area around it”

            “The idea is to tuck the small board somewhere in the laptop and wire it up between the battery and some sensitive parts. Send a single SMS text and ‘poof’, bye-bye laptop”

          2. The firecracker was only an addition for the presentation and not the concept of the project, the same way science teacher for instance get kids interested with things that make a bang.

            Is it that hard to understand? Texas schooling?

  1. It’s based one the Crunchtrack, a CAN buss reverse engineering tool equipped with GPS and a SIM800 GSM module, which was also developed my [Mastro Gippo]. – proofreading optional as always on HaD

  2. So he made a bomb. Stupid.

    Here is a smart way to protect your data, store it XORed with the data on a wrist band flash device that links to the laptop via NFC. Without the data physically attached to you the laptop will not even boot, if the idea is implemented well enough, and it can drop the decoded data out of RAM the moment the NCF link drops, allowing an encoded form of a suspend mode to kick in to allow you to walk away and return without a problem.

    1. Why not use existing cryptographic tools like full disk encryption with a detached header? You can put the header on the wrist band flash if you like. At least this technique is vetted by cryptographers and deemed secure and correct. Cryptography is a field of landmines; there are so many ways to go wrong. It is generally ill advised to roll your own solution.

        1. You’re making an awful lot of assumptions – XOR has the nasty property that knowing a chunk of plaintext gives you back (a chunk of) the key. Combine this with a static (or very close to it) boot sector and you might begin to understand the problem inherent in this approach.

          1. Nope it is you who made the assumption, that I would be so stupid as to reused any part of the XOR. If you have 1TB of storage on your laptop you also have 1TB on your wrist. Not hard to do these days, even without the new data store tech that Intel has in the pipeline.

          2. If you’re going to OTP your data on your wrist you’re already constrained by the data connection between your wrist harddrive and your laptop. At that point you could just use the wristdrive as the *only* harddrive and then you don’t even have to carry a particular laptop with you. Unless you explicitly want the two-part solution.

          3. Yeah the two part key, is the key, and a nice big RAM cache, or two. One for a read write path the other read-only helps with the other issue. Remember it drops anything in RAM if triggered.

            Oh and don’t kid yourself that any of this will protect you from anyone but criminals and third world dictators, because the big boys know that they don’t need to care about the data store if they own the core and watch you from the inside.

        2. But you are still carrying everything the adversary needs on you. Both the key and ciphertext is accessible. Also, OTP is not “equivalent of keeping (on average) every second bit of your data in another place”. This is especially true if the keyfile is in the same location.

          1. Yeah you really have to watch out for those opportunistic criminals that go around stealing people’s arms. That is why the Venus De Milo prefers to use a Google Glass and keeps everything in the cloud.

          2. Oh grow up , if it is titanium and is hinged + locked it isn’t going anywhere. It will not be long before that amount of functionality can be surgically implanted too.

    2. If running some juice through chips is a bomb then all my electronics are bombs, and a taser is a nuclear bomb.

      You should really not feed that kind of bomb bullshit nonsense when you are a HaD visitor, leave that to restarted journalists and the feeble-minded crowd known as congresspeople.

        1. 9/11 was (allegedly) done with boxcutters and planes, so why are both of those still available commercially? And why don’t I see HaD visitors complain about their continued existence daily? do they WANT terrorism? O_o

          1. No, such planes are no longer available, they have all been modified to make such an attack significantly harder. Only a gormless idiot would not know that, or a lame troll, I mean really really lame. LOL.

    3. Even without the explosives it is an incendiary device and man-trap (unlawful) and if the lithium battery ignites too, in the wrong location, the consequences could be deadly. The entire idea is retarded and I have offered a far more sophisticated option, so you might learn to recognise the difference. In your case I am probably expecting a bit much.

      BTW Have you ever had to rescue a person injured by an explosion? I have, it is not funny and you never forget the smell of burning human flesh, ever.

        1. Or you take the cells apart that you bought at the newsstand (after you go through security) and use the condom, super glue, water, and extra large coffee mug that you also bought after going through security, and build yourself a small grenade.

  3. Removing the laptop battery will circumvent this approach entirely. Obviously I am aware that your laymen thief won’t know to remove the battery.

    As for destruction of sensitive data I would personally prefer full disk encryption as mentioned in the hack post. If you are paranoid, full disk encryption with a detached luks header. The detached luks header does not even have to be stored locally.

    1. If you are paranoid you would not use a laptop because civilians can’t buy any that use a CPU that has auditable microcode updates. That is why the Russian are now making their own, but you as a civilian can’t trust them either, in fact you get a shittier CPU and even less trust.

      1. The thing is, how do you know what the flash controller actually does?
        While I love the speed, the intransparent (and very proprieatry) way flash controllers work, I’m not sure I would be so trustful of zero wiping…I mean there is physically more memory then the controller tells you, and only it decides what portions it will use, you have zero control over that…

  4. Here is a idea.
    Use the same way to set off the fire crackers but instead of using fire crackers use heat trace.
    you know the wire u put on your roof to melt the snow. open it up and you will get a thin wire that will get red hot.
    and this will destroy any part of the laptop with out doing any bang bang.
    Just the magical blue smoke. and nothing will work that the heat trace is around. u can even just put a 9 volt battery in
    there to do the trick if the battery is off. it only takes about 15 sec. to do the trick.

    Some one asked me to do it to one of there 2 1/2 inch external hard drive cases but we had a small usb hub with 3 64g thumb drives.
    a little arduino and a 4 button key pad with 9 volts inside.you had two trys to get the code. then puff up it goes. even if you unplugged it.

    I had to make him a demo of how it worked we used cheep sub thumbs for the test. I did find out that I had to cut back on the heat trace. it got so hot the thing all most cot on fire.

    I made a lot of money on that one.
    Turned out really nice.

      1. me one more time….. I have been using this set up for setting off fire crackers for years. for jokes.
        could not tell you how many friends I scared the shit out of..
        Had way to much fun.

        But remember be safe.

      1. The damage is done to the stuff you want to keep safe. Ive had know problems with the batteries. I was able to use the batteries a couple of times before they lost to much power. the heat trace is about as thick as a hair.

        1. ha ha I watched the video. Now I know what you mean. that is why we used a sub hub and thumb drives so that it was separated from the computer \ laptop threw the hub. Thanks for reminding me about that part.

          And yes the laptop batteries are like bombs.

  5. Dan: what an excellent way of protecting your data with the XOR “cipher”. Aren’t you forgetting that there is ONLY ONE HALF of your data in the laptop AND the wrist storage? Thence if the laptop is stolen, you LOSE ALL your data, unless you replicate it in real time somewhere else.
    The only solution to this problem would be if the laptop stored only the KEY disk, of which you’d have a backup somewhere (and most probably not readily available).

    The XOR is only good if either you have a way of transporting the data and the key through completely separate trustable channels, or you don’t plan on moving it anywhere at all.

    1. The context is exploded vs “secured without dangerous methods”. Back-ups in secure locations with secure links cover your separate issue well enough as it is no different from the risk in an unprotected laptop. Duh!

  6. Before anyone tries something like this be sure to check with the local laws. things like this are considered man traps and are in just about every case ilegal. In New Zealand you can not make a car that will lock the thief inside and prevent him from escaping. There was also a case where someone hooked up a motorcycle to a high voltage source to prevent it being stolen from inside his garage and the police sought a conviction.
    Making a laptop that self destructs is a great idea in theory but if that causes a person to be injured, maimed or other property to be destroyed you would find yourself in real hot water.

  7. So someone takes your precious that you later send a remote command to and it sends the worng voltage through key components. But what you don’t know is that it’s sitting in a garage next to fuel soaked rags that end up catching fire and killing several people. I think id rather lojack it and steal it back. Along with anything in its proximity when i find it.

    Id be the one that uses this remote destruct and two days later it turns up in a lost and found box somewhere.

  8. How about just leaving only a dummy laptop. One that looks great but will start a fire if someone tries to plug it in? Leave the booby trapped laptop in places where they can be stolen like unsecured cars. Thieves can’t claim anything if they burn down their living room or their legs because they would have to admit to stealing it in the first place.

    Lipo burns pretty well if handled badly. A single 3.7v lipo across the laptop’s power input (which is usually 19v these days) and a little fuel like some wood shaving and poof one extra crispy laptop and a burned thief.

  9. I’d prefer termite instead of explosives , less bang more damage to whatever is in the way. put a nice big sticker on it “contains inactive termite” puts a nice big hole in your HDD. i don’t want to scare the thief , essentially want to kill him by all means so he doesnt do it again. seems harsh but that’s the only way he’ll learn.

    1. If you use XKCD proportions, then yes, an SSD is susceptible to degaussing…in the real world, that kind of power would be enough to vaporise the thief :P
      They are however, fairly sensitive to overvoltage, connect the flash memory directly to the battery and nobody is going to read anything out of that chip ;-)

      There was a nice talk (with videos containing lots of fire and explosions!) at Defcon 23 about destroying HDDs, I strongly suggest watching…

  10. Wait, so any SMS? Or one with a specific keyword?
    It would be funny to lose a laptop to a spam sms from the operator. Or a bored friend that happens to know the number. Actually there’s SMS-CB, where everyone under the same base station gets an SMS.

  11. I spent quite some time developing a notebook alarm mostly intended for avoiding people stealing computers at public places – demoparty/LAN party/libraries etc.
    It had no WiFi/SMS remote control ability due to that being 1) expensive 2) not generally possible to do for every computer. Instead it had an ultrasound sensor to activate/deactivate the alarm – this generally works great even for computers with an all metal chassis unlike radio type control.

    The logic was to detect movement via an accelerometer, allow some movement (like picking up a machine and moving it a bit if it’s in the way) but first warn and then sound the alarm if moved more than that.

    Nowadays this would be both easier (no need for separate battery when one have to spend some time with a screwdriver while the alarm is sounding to remove the bottom plate) and harder (everything is smaller – good luck finding a place for the PCB).

  12. The problem is that what he dont wont make the data unreadable. It will only make the laptop unuseable, but the secret data can still be stolen.

    This would be a better idea:
    Put a ESP + GSM module inside computer. Its a good idea if this is charged by the laptop battery, but still have a own battery. To not risk doing anything to the laptop battery, wire this via some standby Power Connection that is well regulated.
    Then wire the ESP to the laptop’s reset pin or Power button, or whatever, so you also via ESP can immediately shutdown the laptop.

    The computer’s harddrive is then full disk encrypted by Truecrypt or Another FDE software using a blank password. Then the bootloader is wiped, and then exported to the flash memory of the ESP or GSM module. For the security aware, it could be better to use some battery-backed SRAM to store the bootloader.

    After this, you configure the ESP to serve the bootloader upon accessing a specific URL. Like http://192.168.0.1/bootloader.img

    After this, you use iPXE ( http://www.ipxe.org ) flashed to the laptop’s BIOS, to connect via wifi to the ESP and then boot to http://192.168.0.1/bootloader.img , which will then give back Control to the HDD once the encryption key is loaded.

    After this, you simply configure the ESP, upon receiving a “self destruct” SMS message, it will first erase the encryption key by overwriting it several times, and then, if its a SRAM, cut the Power to it, and then finally reset or cut the Power to the laptop itself.
    Voila, laptop “self destructed” when its comes to its data. The data will be unrecoverable, but you still don’t need to type a password at startup. (Or you could have a password prompt if you want, self-destructing will then make the data unrecoverable even if you know the password).

    The good with wifi is that you can Place the whole module somewhere in the screen bezel, giving both good GSM reception, wifi reception, and then the module will be hard to find because they won’t search the screen bezel for anti-theft devices.

    Yes, the laptop will not be “literally self-destructed” because the laptop will still be usable, but that doesn’t matter, you have still saved your data from falling in the wrong hands.

  13. Seeing as how it’s GPS equipped there are much better ideas for screwing the thieves. How about adding some illegal data to the computer after its stolen? Like child pornography, DMCA violating material, and plans to fly airplanes into a building. Then notify the authorities as to its location.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s