In our community it is common for ancient laptops to be used way beyond their usual service life, held together by stickers and lovingly upgraded to their maximum capabilities. We hope it’s unusual for such a venerable machine to be stolen, but it seems that grab-and-run thefts are very much a thing for owners of much shinier hardware. [Michael Altfield] has a solution to this problem, in the form of a kill cord that when broken by the crook making off with the loot, triggers a set of scripts that can wipe the device or otherwise make it useless.
Hardware-wise it’s simple enough, a USB magnetic breakaway adapter and a USB extension cable to a drive clipped to the laptop owner’s belt. On the software side it’s as straightforward as a
udev rule to launch the disaster script of your choice. Perhaps you could link it to something like a glitter bomb and fart spray. But we can’t help worrying that it might be too easy to get up and accidentally detach yourself from the laptop, making it deploy whatever anti-theft measure you’d installed in error. If this goes some way to reducing theft though, it has to be worth a second look.
Thanks [bluewraith] for the tip.
60 thoughts on “A Kill Cord To End Laptop Skulduggery”
Pahaha, this person is going to wipe his/her laptop soon
Exactly! This will never prevent theft since the thief has no idea what it is. Sure your data is secure which is a win but the thief will likely reinstall an OS before they fence it.
Might i recommend using an encrypted partition and just have the script trigger logging out? I for one would definitely trigger this by accident…
… reinstall an OS? Please. Most thieves would have absolutely no idea the laptop is anything but “broken”.
… and yes, it would be remarkable if they managed to NOT accidentally trigger this over any significant amount of time.
Thieves who steal laptops know what they are doing, they obviously know people to format and reinstall them, use your brain.
You wouldn’t sell a used laptop with someone’s stuff and family photos on so everyone knows it’s stolen. What a daft assumption.
Yeah encryption is a much more sensible solution.
I would prefer a script to update a dud Bios.
There is no such thing as a laptop that becomes a brick after it is stolen… Yet
If the bios can be reset when opened, the password on the bios will probably reset. If a Admin password can be hard coded into the uefi when the laptop is switched on, then the thief will have a glorified paper weight if they don’t have the password.
An encrypted partition is simpler, but if the hardware is as OLD as they say it is, then this solution is more performant.
Older CPUs had limited or no accelerated support for encryption, making for a rather large performance hit especially if you encrypted the entire filesystem (rather than just /home)
Even if you trust yourself to be totally aware and not move without taking it into consideration (I haven’t even used wireless headphones on a regular basis, but still snag wired ones after three plus decades of familiarity) I wouldn’t trust a USB cable to be that reliable.
Maybe I’d use a password lock before the scripts ran, like “Enter password, you have 5 attempts” and run it on attempt 3 or cancel button being pressed.
The script could lock the laptop to prevent immediate access to the contents/websites, etc., and then start a timer that would allow maybe 30 minutes before the self-destruct started. That would allow for the accidental disconnects and still provide the protection needed.
It might be best to select your seat at the cafe carefully, especially if you’re using a newer laptop which thieves can easily recognize by the logo and the physical characteristics (thin, etc.).
Right, you might get more than lulz if you put an apple sticker on your overclocked, SSDed netbook or re-OSed chromebook.
Perhaps someone will start making “bait laptops”. Doesn’t matter the model, just gut any old, dead laptop, paint the case silver, stick an apple sticker on it. Inside have the usual goodies just like bait packages for holiday porch pirates: modded cellphone with camera to take pics of suspects, police scanner chatter / countdown to psych them out, and of course, fart spray. Leave unattended at coffee shop, bus stop, the usual suspected locations. Upload results to Youtube for the lulz.
There was a cable channel program a year or two ago about plain clothes cops leaving “bait” cars in high risk neighborhoods. They would also leave “goodies” on the seat, like a laptop, CD player, wallet (all baited).
A small time perp would grab a goodie, a bigger one would grab the car.
(the car had GPS tracking, remote kill switch, remote locks and tear gas dispenser, or maybe it was a smoke dispenser, both?)
I don’t think a thief really cares if it’s wiped. Anyone can install a new OS.
Depends on what they are after – hardware or information.
Hardware WITH Information!
I expect it’s less suspicious if it’s wiped. If you open a laptop for sale and it’s got someone’s name on the login screen that is not the name of the person selling the laptop there would be some alarm bells.
Some laptops, like many Thinkpads, let you put custom BIOS splash pages on the device. Mine says “stolen from…”. I do the same thing with the faceplate stickers in books in my personal library.
You are assuming the customer in such a scenario doesn’t know its stolen and would care
Anyone… Correction competent tech person.
or just encrypt your hard drive
I kind of assumed it had the encryption keys and you couldn’t boot without it. Maybe install a dummy copy of Windows XP on a small partition just to throw them off even further.
Software? Where’s the fun in that? A hardware solution using 2 grams of flashpowder on the HD casing will be very entertaining.
Mix some magnesium, iron and aluminum powder in with the flash powder to make it really interesting. The more the better I say…
I prefer thermite for my data destruction needs…
This isn’t actually a solution to “laptop theft” it’s a solution to “laptop with critical data left at coffee shop”. In which case wiping the data causes an annoying re-install process, but if it’s that critical it’s got to be backed up, right? Right?
Shame flaws like the pet poke don’t still exist. You could always change the bios to only boot a certain way, or make the primary bootable partition erase the bios -force -quiet. Bios chips are easy enough to replace for those that know what they are doing.
There are mobile thin clients that do stuff like that. Toshiba’s got a solution in their UEFI that can check with a remote server on how to proceed on boot – when you ‘flag’ the device, it phones home on boot and goes “lol no I’m not booting shit”.
Better that it trigger a gps beacon so you can go and steal it back :D
If you don’t care what’s on it then maybe some magnesium ribbon and a nice full screen countdown timer might do the trick. :D
Why not just store your valuable data on the USB drive? Then when they break the connection they get nothing. Heck, if you’ve got USB 3, just get one of those fancy USB3 SSDs and run your entire OS from the USB drive.
First, the obligatory XKCD comic: Security
Second, I can’t access the linked article/blog at the moment, but I remember reading about it when it first came out. I, too, immediately thought it’s an accidental wipe waiting to happen, but I don’t think it’s that simple. IIRC, if the magnetic connection breaks, it’d just lock the laptop. If the drive is unplugged, then it’d wipe. Something like that.
The laptop doesn’t know the difference between the magnetic connection breaking and the drive unplugging. Both result in no physical connection between drive and pc. Magnetic connection is just there for easy disconnecting and not breaking stuff (usb port, cable)
Urg. If you run Windows on modern hardware you can use bitlocker and the tpm. With some hardware the only easy to extract thing of value will be the RAM, unless the computer is awake and you are logged in when they snatch it. If you live in that sort of place I would suggest that you look into arming yourself or moving.
Even if you are armed, if someone grabs your laptop and runs off, do you think you are allowed to shoot them in the back?
The real world isn’t the movies, enjoy your murder charge for a laptop.
Set a script to delete your data giving the thief a shiny clean OS. Then have it corrupt their files at random intervals for 1 month, while logging manual file saves. Once the manual file saves increase by 60% above the 1 month baseline have it brick itself.
Good idea putting spyware in the restore partition would be pretty easy.
Or, since everybody is on the internet, just have the laptop make a sloppy and easily traced access to a kiddie porn site multiple times unnoticed buy the new “user”. Once the cops grab him with the KP on the drive it’s off to jail and what kiddie diddlers get in jail the thief will richly deserve.
I presume such sites on the open and easily traceable internet work on the whack-a-mole principle, so your google history of “best kiddie porn” searches every week to make sure your scripts are up to date are likely to land you in prison before a laptop thief.
Have it operate as a Tor exit node and let certain Tor “users” do the dirty work. :)
From the project’s page :
Let’s consider a scenario: You’re at a public location (let’s say a cafe) while necessarily authenticated into some super important service (let’s say online banking). But what if–after you’ve carefully authenticated–someone snatch-and-runs with your laptop?
Maybe you can call your bank to freeze your accounts before they’ve done significant financial harm. Maybe you can’t.
Or maybe your laptop was connected to your work VPN. In less than 60 seconds and with the help of a rubber ducky, the thief could literally cause millions of dollars in damages to your organization.
In both cases, the laptop owner is the idiot. If you do online banking in an area where it seems that easy to snatch someone’s laptop and bolt with it, maybe you should simply not use your laptop in such area.. Don’t tempt thieves! If you’re connected to your company’s VPN in that same area and you really have such access as to cause millions of dollars in damages to your organization, then that organization will most likely accuse you as well. I could very well have a friend steal my laptop in a public place and then cause the damage..
You shouldn’t access sensitive data in a public place without assessing the risks first.
I’m not saying the project isn’t a good idea, but you shouldn’t need such a device if you were careful about your security.
When fully encrypting system disk with VeraCrypt you have option of using dual system. That way you can have your real system and other dummy system. Depending on which password you enter on startup one system or the other is booted. That way you can have secret data that won’t be uncovered if you’re forced to reveal password.
I bet you can fool almost an entire class of 6 year olds with that, before the bright one says “How come only 10% of the disk capacity is in use?”
I’m at a coffee shop. I see a person with a laptop that is trucker-chained to their hip, knowing what it is I walk by and yank the trucker chain and wipe their computer – possibly rendering it useless (inventor’s words). Have I committed any crime? Probably not, and it would be hard to prove I did anything nefarious. Maybe I just tripped and grabbed a bad thing when I reached out to steady myself. Have I caused the laptop owner to have a Really Bad Day? 100% absolutely.
This idea is completely stupid.
Your scenario is completely stupid. If you see someone using a laptop do you just walk up and pour a jug of water over it and say you tripped just to ruin their day? How did you even come up with this insane reason for hating it.
Are you so myopic as to see it was an example, not a statement of fact? If you think there aren’t people that would do this you’re naive.This security device is what is stupid, but thanks for the ad hominem attack. It helps illustrate the type of person you are.
Not exactly new, why not use luks hd Nuke, When they enter the incorrect password It will overwrite the encryption cipher leaving encrypted data unrecoverable until the cipher is restored manually by the owner
I’m a hobby hacker, not a government worker. Normally I fear that if something gets stolen, I lose the data since my last backup, not that thieves can abuse my data. So the kill cord is not for me. Rather, I could use the cord to store my stuff on a USB stick linked to my belt, which will plug out when the cord gets tugged.
Or you attach your laptop to your belt with a Kensington lock. No stolen laptop, no lost/leaked data, no buying a new laptop.
I have a better idea. Use a desktop and drink your coffee at home.
Two things come to mind:
1. A script that, when activated on boot, wipes the MBR of the drive, leaving the data intact but inaccessible to the thief.
2. A GPS tracker tucked away and connected to one of the 3 or 4 available batteries that can “phone home” via AGPS or network triangulation.
The whole drive would be recoverable by using TestDisk and restoring the MBR, and GPS can tell you or the police where to find your precious device.
Kensington lock attached to your belt would prevent the actual theft…
Maybe, but it probably works better. I have seen too many people cut through those flimsy cables.
Besides, I have modded a few of my laptops to use the Kensington lock hole as a USB-C charging port (so I could keep the original charging port as well.)
Cutting through a cable is not really an option in a grab-and-run. By the time you’ve got the laptop loose, you’ll have my mug of hot coffee in your face. And in most cases, the thief wouldn’t even see the Kensington lock. The resistance of it being attached to your belt would be enough for the thief to drop your laptop and run off.
Just beep. Script to just force max volume and beep ASAP when USB is disconnected. Alert the moment the laptop is lifted – that’s the best response to theft in progress.
One can configure that with a bluetooth tether to ones phone or suchlike.
Considering how crappy USB cables, connectors, and flash drives are this is almost certain going to have a false trigger or two. Your data may be safe, but you may have just wasted a whole bunch of your time to restore. Also, will do almost nothing to the resale value of the laptop.
A recording which starts “Good morning Mr. Phelps…” and ends with “this computer will self-destruct in 5 seconds , good luck Jim”
As soon as the robber grabs the machine they’ll close the lid, shutting down the machine. The scripts won’t have time to run.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)