When we hear about flash drives in the context of cybersecurity, we tend to think of them more as threats than as targets. When you’re using flash drives to store encryption keys, however, it makes sense to pay more attention to their security. [Juergen] designed the PECKUS (Presence Enforcing Crypto-Key USB-Storage) with this specifically in mind: a few-kilobyte storage device that only unlocks if the owner’s Bluetooth device is in the vicinity.
[Juergen] needed to store an infrequently-used keyfile on an air-gapped system, and commercial encrypted flash drives were rather expensive and left much to be desired in terms of usability. Instead, he designed a CircuitPython custom firmware for MakerDiary’s nRF52840 micro development kit, which provided a BLE-capable system in the form of a USB dongle.
After flashing the firmware to the board, the user sets it up with a particular Bluetooth device and a file to be stored; after writing the file during setup, it cannot be rewritten. Before reading from the device, the user must pair the previously-set device with the board and press a button on the board, and only then does the device appear to the computer.
The limited amount of storage space means that this device will probably only serve its intended purpose, but in those cases, it’ll be handy to have an open-source and inexpensive protected storage device. [Juergen] notes that attackers could theoretically defeat this system by desoldering the microcontroller from the board and extracting the memory contents from the its storage, but if you have enemies that resourceful, you probably won’t be relying on a $20 board anyways.
We’ve previously seen a few flashdrives cross these pages, including one meant to self-destruct, and one made from a rejected microSD card.
unlockable2 Articles
Self-Hosting A Cluster On Old Phones
The phones most of us carry around in our pockets every day hold a surprising amount of computing power. It’s somewhat taken for granted now that we can get broadband in our hands in most places; so much so that when one of these devices has reached the end of its life it’s often just tossed in a junk drawer even though its capabilities would have been miraculous only 20 years ago. But those old phones can still be put to good use though, and [Denys] puts a few of them back to work running a computing cluster.
Perhaps the most significant flaw of smartphones, though, is that most of them are locked down so much by their manufacturers that it’s impossible to load new operating systems on them. For this project you’ll need to be lucky enough (or informed enough) to have a phone with an unlockable bootloader so that a smartphone-oriented Linux distribution called postmarketOS can be installed. With this nearly full-fledged Linux distribution to work from, the phones can be accessed by ssh and then used to run Kubernetes for the computing cluster. [Denys] has three phones in his cluster that run a few self-hosted services for him.
[Denys] also points out in his guide that having a phone that can run postmarketOS might save some money when compared to buying a Raspberry Pi to run the same service, and the phones themselves can often be more powerful as well. This is actually something that a few others have noted in the past as well. He’s gone into a considerable amount of detail on how to set this up, so if you have a few old smartphones gathering dust, or even those with broken screens or other physical problems where the underlying computing resources are still usable, it’s a great way to put these machines back to work.
Thanks to [mastro Gippo] for the tip!