Imagine you’re at a coffee shop, and then someone steals your laptop right when you’re looking away. It’s a rare, but scary scenario. And because our laptops contain so much sensitive information, it means the thief could have access to your entire digital life.
Device encryption provides one solution. But what happens if you’ve already logged in, and your laptop’s lid is open? Well, a San Francisco-based computer programmer has come up with a potential solution. On Thursday, Michael Altfield published a blog post on how Linux laptop owners can build a $20 killswitch to automatically shut down or erase their machine if it’s ever yanked away from them.
His solution, dubbed “BusKill,” is actually pretty straightforward. On a Linux laptop, you can add a rule on the software’s device manager to trigger an action anytime a USB drive is removed. The same rule, which is only a few lines of computer code, can also be calibrated to work on a specific USB stick.
Altfield decided to apply the rule to a $4 USB drive he bought. Then he connected the drive to a one-meter long cable, which can attach to his belt. The whole setup can cost from $20 to $45 using off-the-shelf parts, and essentially creates a “kill cord” between you and your computer. In the event someone tries to steal the laptop, the connected USB drive will pop out, triggering the machine to activate the lock screen or shut down.
He’s posted a video of his solution in action, which relies on a magnetic USB adaptor to let the kill cord easily disconnect from the machine without damaging the laptop or the cord.
— David Bisset (@dimensionmedia) January 2, 2020
“We do what we can to increase our OpSec (operational security) when using our laptop in public,” Altfield wrote in his blog post. “But even then, there’s always a risk that someone could just steal your laptop after you’ve authenticated.”
Ironically, his solution may have been inspired by how federal agents arrested the convicted cybercriminal Ross Ulbricht, who ran the online black marketplace Silk Road. Federal agents had to come up with a way to grab his laptop while it remained open and logged in. So they created a diversion: While Ulbricht was with his laptop at a library, two federal agents posed as romantic partners pretending to have a verbal spat. This gave them an opening to grab the laptop while Ulbricht was distracted.
Altfield didn’t immediately respond for comment. But theoretically, a user could also program BusKill to “self-destruct” a machine with a memory wipe. His blog post has instructions on creating the cord for both USB-Type A and USB-C Linux machines.