How to Protect Your Data and Laptop if Stolen in Public Using a USB Cable

Thief stealing a laptop

It seems like our entire lives, especially our work lives, are stored online—on the cloud, on our social media, on our storage drives in our laptops and phones. That’s why laptop theft—an issue that used to be mainly about cost of replacing the device—is a growing concern. Depending on your occupation, you might have not only your entire work stored on your work laptop but also important pins and passwords to websites for banking, health, and private matters. If you use a laptop for work, you may be connected to your work VPN, giving you (and anyone on it) access to potentially critical information and resources.

Unfortunately, data thieves know this and some resort to very analog methods of snatching it away from you. Instead of stealing your data and tech in a civilized phishing scam, some just grab your laptop from the coffeehouse table while you’re trying to enjoy a cup of joe, inevitably outrunning you. So what can you do?

Killswitch_example
Image via MICHAEL ALTFIELD'S TECH BLOG

Luckily, one software engineer has come up with an innovative solution. You can invest in a USB cable kill switch.

Michael Altfield, a Linux sysadmin from Orlando, Florida, designed a USB based “kill cable” to keep data thieves (who are in this case literally stealing from you) at bay. He calls it the BusKill and it works on a similar vein to the emergency stop cables on treadmills. Treadmills use a clip on cord that attaches to your clothing and when tugged (which happens if you are flung off the belt) stops the machine entirely in a vain attempt to give you time to catch yourself.

In the same way, the BusKill acts like a dead man’s switch which will wipe or entirely shut down a Linux laptop. This is achieved by clipping a modified USB cable to your person and plugging it in to your device. When the laptop is yanked away, the USB cable will naturally detach and activate a udev script which proceeds to execute some preset operations of your own choosing.

What’s nice about this is that you can customize the operations to your own liking. You can simply activate a screensaver or shut down the device which will force the thief to break through your usual security measures. Or, if you want to go the scorched earth route, you can configure it to wipe the device clean or even delete certain data files (a big plus when working on sensitive, confidential information).

According to Altfield, a user can do everything right with software security (2FA, using a good VPN, etc.,) but none of that means anything if a thief can just swipe your laptop right after you’ve input all your passwords.

Altfield is not selling retail ready BusKill cables quite yet. However, he does provide published instructions for creating your own. The components are pretty basic: a USB drive (can be blank), a carabiner keyring, a USB magnetic breakaway adapter, and a USB cable. The overall cost can vary for your cable due to whatever configuration you require and the quality of the other components, but you can make something up between $20-45 USD.  Altfield also provides two sample udev scripts, one which activates your screensaver (effectively locking your device) and the other just completely shuts it down.

You will need to build your own script if you want to wipe data or delete specific sensitive data folders because these depend on location and type of data. Also, this is for Linux systems only. Hopefully somethign will come along for other operating systems.

It’s tough to say if this will become the next big security thing since biometric authentication entered the scene a couple years ago with finger print scanning. However, the customization, relatively low cost, and physically anchoring sense that this “kill cable” offers is pretty attractive. Altfield doesn’t seem interested in patenting his invention, rather making it available for everyone, but likely someone will jump on it and make retail ready options for purchase.