How would you combat an external HD or other devices being replaced (ie they buy an external HDD that is the same model you use, but plant a keylogger inside it internally, swap them out). This makes external peripherals of any type a risk.
How will you store your devices when not used?
I agree Mac silicon is very secure, and resistant to forensics. How would you combat a high level vulnerability against Apple Silicon?
Have you considered using Tombs encryption with the key and vault being stored separate and using SSH to mount the drive?
Have you considered using https://usbkill.com/ with a deadman switch to physically destroy devices if seized?
How will you order or buy this hardware? If you buy it online how will you verify the hardware is not seized en route and keyloggers are installed?
How will you combat attacks against an air gaped PC? Attacks can use internal sensors, mics, speakers etc. to compromise a network.
Can you provide info on this tactic? Maybe a link to an example product.
usbkill isn’t a counter-forensics tool, and it likely wouldn’t destroy the data written to your disks; this is very bad advice.
If you’re trying to defend against a powerful adversary that may physically steal your laptop, then you may want to consider something like BusKill’s LUKS Header Shredder trigger, which will actively wipe your encryption keys (and surrounding FDE metadata) in about 5 seconds.
BusKill hard to use
Can you elaborate? BusKill should work the same on all hardware. The installation is a bit more tricky on Qubes than other systems (because you have to install triggers into dom0), but the UX is pretty good after install, especially since we added keyboard shortcuts for temp disarming:
A pixel with GrapheneOS is going to be your best bet for a threat model of this nature. They have a great track record of beating forensic tools like cellebrite and the Titan M2 is undefeated.
I would store them in a safe. This would make it impossible to replace them unnoticed.
Same as above.
Honestly, I don’t know. Maybe hope that the vulnerability will become known and a fix will be provided quickly, which can be downloaded from another device and installed offline.
Any suggestions?
But the chance that a unknown high-level vulnerability exists for Apple Silicon is, in my opinion, far lower than for x86.
Interesting suggestion, would make sense for the external hard disks. But would this also work for the OS drive with Windows or MacOS? And would this work without breaking Secure Boot or Verified Boot?
Are there any advantages over Buskill?
As far as I understand it, USBKill discharges a 215 volt pulse and renders the computer hardware unusable.
Wouldn’t the attacker then have to know that this purchase belongs to his target?
One possibility would be to set up an anonymous identity for the purchase.
Another would be to have someone else (whom you trust) make the purchase.
As far as I know, these attacks only work if there is a network-compatible device nearby. Maybe jammers would help. Any suggestions?
The internal drive in macOS is already encrypted and backed by the Secure Enclave, in fact it’s not even possible to turn off the encryption. Turn on FileVault with a strong password and you have the best protection. The key cant be derived without your password when FileVault is turned on as well so they can’t just exploit the Secure Enclave they would need to brute force your password.
This refers to the combination with a computer security cage like this or this.
Qubes has some advantages, but also some disadvantages (Secure Boot/Verified Boot is one of them, which in my opinion is essential for an offline system).
I know, but have you ever done desktop work with Pixels? I personally don’t really get on with it.
Another problem is the available programs. On desktop OSes there are simply more programs available (e.g. image manipulation or metadata removal tools)
You are up against a high level adversary and don’t think they can open a safe or open the computer security cage? Maybe add CCTV coverage of the safe?
Check this out too: How to tamper protect a laptop
Interesting, thanks for the info! Even if it didn’t wipe the HD, wouldn’t it slow down a computer forensics crew from getting in your PC? They could have to solder in new ports.
Why wouldn’t they just take out the drive and put it in another machine? Unless the SSD is soldered in then it would be less effort to replace the port. Regardless if you erase the key then there’s no way of getting the data.
So USBKill was a python script (released by hephaest0s in 2015) that uses a USB drive as a anti-forensic kill-switch. Unfortunately, it’s no longer updated. BusKill is a modern anti-forensic kill switch that’s very similar to USBKill.
There’s a class of USB hardware devices called USB Killer (originally released in 2017) that charge a capacitor and then release a surge of energy to the computer’s USB to fry the electronics. USB Killers are not anti-forensics tools.
If that name similarity wasn’t bad enough, apparently a company selling USB Killer devices bought a domain usbkill[.]com, which is not at all related to usbkill. It’s in-fact “USB Killer” devices
I think @camp was attempting to recommend “USB Kill”, but accidentally linked to a “USB Killer” website.
2) You will also need to think about
Your living place security (how is the door, windows secured against intruders, is there an alarm against intruders, etc.) and privacy (protection against spying through window, does the neighbor hear what you are doing, etc).
I know this isn’t as fancy as having the safest laptop with x or y, but it is essential. If someone can just put a spy cam in your house, then everything else is futile.
Love this topic. Criminal attorney here so that’s how I come at these hypothetical scenarios (still trying to perfect mine). I have a similar setup to protect client confidentiality. One air-gapped system I built by hand to hold encrypted information. I’m going to research some of the other suggestions listed in the comments but I wanted to offer another aspect to your threat model that I think isn’t often discussed (most of my hypotheticals involve law enforcement because that’s the world I deal in and if you could secure items from them I think you are pretty secure in general):
A device that kills your hardware upon seizure certainly destroys any valuable information to the person taking it. It may also constitute obstruction and add to charges. That may be a better deal for the owner…I couldn’t say. However, to seize the hardware, LE needs a warrant. That warrant is going to allow them to search with specificity the area described and take items that could reasonably contain the evidence listed in the warrant. A faraday cage in your garage sure puts a target on what needs to be seized. To me, the future of security would be the inability to locate anything to seize. I wouldn’t even know how to create such a thing, but if money were no object I could theorize something like a raspberry pi 50 feet under the home encased in something except for a proprietary cord running to the home. The cord would be designed to provide power/mouse/keyboard/monitor. Pulling away the connection immediately shuts it down. Then you only have to secure the connector. Sure would be difficult to craft a warrant…or even find it.
I would think maybe an E2EE cloud service that you only access over Tor would serve that threat model well. Could do it over Tails so all data is gone from memory when you shut down the computer. No way for them to really figure out what service you use and nothing for them to find from searching your place, assuming you memorized the key.
I have certainly considered it. My only concern is someone else owns your data and must hand it over with a subpoena and then LE makes thousands of copies and starts running brute force attacks on each copy endlessly until they get in. I have to trust the provider, hope nothing was intercepted in the middle, and pray I didn’t leave any tracks when I was obtaining the server or contacting it from my home machine. I wonder if you could just hide a server somewhere and do the same. Like a piratebox.
