If already knocking on the door: how to protect information on devices

If already knocking on the door: how to protect information on devices


Several previous articles in our blog were devoted to the issue of the security of personal information, which is sent via instant messengers and social networks. Now it's time to talk about precautions regarding physical access to devices.


How to quickly destroy information on a flash drive, HDD or SSD


Often the information is easiest to destroy if it is nearby. We are talking about the destruction of data from drives - USB-flash drives, SSD, HDD. You can destroy the drive in a special shredder or just something heavy, but we will tell you about more elegant solutions.

Various companies produce media that get the function of self-destruction right out of the box. A huge number of solutions.

One of the most simple and illustrative examples is a USB flash drive Data Killer and its like. Such a device looks no different from other flash drives, but inside there is a battery. When you press a button, the battery destroys the data on the chip by strong heating. After that, the flash drive is not recognized when connected, so that the chip itself is destroyed. Unfortunately, detailed research on whether it can be restored was not conducted.


Image source: hacker.ru

There are flash drives that do not store any information, but they can destroy a computer or laptop. If you put such a “flash drive” next to your laptop, and Comrade Major someone wants to quickly check what is written on it, then it will destroy both itself and the laptop. Here is one of examples of such a killer .

For reliable destruction of information stored on the hard disk, which is located inside the PC, there are interesting systems.



Earlier, they were described on Habré , but they cannot be mentioned. Such systems are equipped with autonomous power (that is, turning off electricity in a building will not help stop the destruction of data). There is also a timer to turn off electricity, which will help if the computer withdrawn in the absence of the user. Even radio and GSM channels are available, so that the destruction of information can be launched remotely. It is destroyed by the device generating a magnetic field of 450 kA/m.

With SSD this will not work, and they were once offered a option of thermal destruction .




Above is a makeshift method that is unreliable and dangerous. For SSD, other types of devices are used, for example, Impulse-SSD, which destroys a drive with a voltage of 20,000 V.


Information is being erased, chips are cracking, the drive is becoming unusable. There are options with remote destruction (GSM).

Sold and mechanical destroyers HDD. In particular, such a device is released by LG - this is CrushBox.



There are many options for the destruction of HDD and SSD gadgets: they are produced both in Russia and abroad. We offer to discuss such devices in the comments - probably, many readers can give their own example.

How to protect your PC or laptop


As is the case with HDD and SSD, there are many varieties of laptop protection systems. One of the most reliable - encryption of everything and everything, and in such a way that after several attempts to get to the information, the data are destroyed.

One of the most well-known security systems for PCs and laptops developed by Intel. The technology is called Anti-Theft. True, her support was discontinued several years ago, so this solution cannot be called new, but it is suitable as an example of protection. Anti-Theft made it possible to detect a stolen or lost laptop and block it. The Intel website said that the system protects confidential information, blocks access to encrypted data, and prevents the OS from loading in the event of an unauthorized attempt to turn on the device.



This and similar systems check the laptop for signs of third-party intervention, such as too many attempts to log in, crash when trying to log in to a previously specified server, blocking a laptop via the Internet.
Anti-Theft blocks access to the chipset of Intel's system logic, as a result of which entry to laptop services, software or OS launch will be impossible even if the HDD or SDD is replaced or reformatted. Also, the main cryptographic files that are needed to access the data are deleted.

If the laptop returns to the owner, it can quickly restore its performance.

There is an option using smart cards or hardware tokens - in this case, the system cannot be logged in without such devices. But in our case (if there is already a knock on the door), you must also set a PIN, so that when the key is connected, the PC asks for an additional password. While this type of lock is not connected to the system, it is almost impossible to start.

The currently working version is a USBKill script written in Python. It allows you to bring a laptop or PC into disrepair if unexpectedly some startup parameters change. He created the developer Hephaest0s, publishing the script on GitHub.

The only condition for USBKill to work is the need to encrypt the system drive of a laptop or PC, including tools such as Windows BitLocker, Apple FileVault or Linux LUKS. There are several ways to activate USBKill, including connecting or disconnecting a flash drive.

Another option is laptops with an integrated self-destruct system. One such in 2017 received Russian military. To destroy the data with the carrier, you just need to click on the button. In principle, a similar artisanal system can be made by oneself or purchased online - there are quite a few of them.


One example is a Orwl mini-PC that can work under running various operating systems and self-destruct when an attack is detected. True, the inhuman price tag - $ 1,699.

We block and encrypt data on smartphones


On smartphones running iOS, it is possible to erase data in the event of multiple failed authorization attempts. This feature is standard and is enabled in the settings.

One of our employees discovered an interesting feature of iOS devices: if you need to quickly block the same iPhone, just press the power button five times in a row. In this case, the emergency call mode starts, and the user will not be able to access the device via Touch or FaceID - only by a password code.

Android also has various full-time personal data protection functions (encryption, multifactor authentication for different services, graphic passwords, FRP, and so on).

From simple life hacking to blocking the phone, you can suggest to use a fingerprint, for example, a ring finger or a little finger. In the event that someone starts to force the user to put his thumb on the sensor, after several attempts the phone will be blocked.

True, for the iPhone and Android there are software and hardware systems that allow you to bypass almost any protection. Apple has provided the ability to disable Lightning-connector when the user is inactive for a certain time, but it is unclear whether it helps to hack the phone with the help of these complexes.

Some manufacturers produce phones that are protected from wiretapping and hacking, but they cannot be called 100% reliable. Android creator Andy Rubin two years ago released Essential Phone, which was named by developers "the most protected". But he never became popular. Plus, it was practically beyond repair: if the phone was broken, then it was possible to put a cross on it.

Secure phones were also available to Sirin Labs and Silent Cirlce. Gadgets were called Solarin and Blackphone. The company Boeing has created Boeing Black - a device that is recommended to defense officials. This gadget has a self-destruct mode that is activated in case of a hack.

Whatever it was, with smartphones in terms of protection against the intervention of an outsider, things are somewhat worse than with storage media or laptops. The only thing that can be recommended is not to use a smartphone to exchange and store sensitive information.

And what to do in a public place?


Until now, we have been talking about how to quickly destroy information, if someone knocks on the door, and you did not expect guests. But there are also public places - cafes, fast food restaurants, street. If someone comes from the back and takes the laptop, data destruction systems will not help. And no matter how many secret buttons there are, they will not work with their hands tied.

The simplest thing is not to take any gadgets with critical information to the street. If you take, then do not remove the lock from the device in a public place without extreme necessity. Just at this moment, being in the crowd, the gadget can be easily intercepted.

The more devices, the easier it is to intercept anything. Therefore, instead of a bunch of "smartphone + laptop + tablet" you should use only a netbook, for example, with Linux on board. You can call using it, and the information on one gadget is easier to protect than the data on three devices at once.

In a public place like a cafe, you should choose a place with a wide viewing angle, and it’s better to sit with your back to the wall. In this case, it will be possible to see everyone who approaches. In a suspicious situation, we block the laptop or phone and expect developments.

The lock can be configured for different operating systems, and the easiest way to do this is when you press a certain key combination (for Windows, this is the + L system button, you can click in a split second). On MacOS, this is Command + Control + Q. It pushes too quickly, especially if you practice.

Of course, in unforeseen situations, you can miss, so there is another option - locking the device when you press any key at the same time (punching the keyboard as an option). If you know the application that can do it for MacOS, Windows or Linux - share the link.

The MacBook also has a gyroscope. It is possible to envisage a scenario when the laptop locks up when the device is lifted or a sudden quick change of its position according to the built-in gyro sensor.

We did not find the corresponding utility, but if someone knows about such applications, tell us about them in the comments. If not, then we suggest writing a utility for which we will present the author with a multi-year
subscription to our VPN (depending on its complexity, functionality) and will contribute to the distribution of the utility.

image

Another option is to close your screen (laptop, phone, tablet) from prying eyes of others. For this, so-called “privacy filters” are ideal - special films that darken the display when the viewing angle changes. You can see what the user is doing, only from the back.

By the way, a simple life hack is about the topic of the day: if you are still at home, and you knock or ring the door (the courier brought a pizza, for example), then it is better to block gadgets. Just in case.

It is possible to defend oneself from “comrade major”, that is, from a sudden attempt by an outside party to gain access to personal data, but difficult. If you have your own case studies that you can share, look forward to the examples in the comments.

Source text: If already knocking on the door: how to protect information on devices