dead man switch Archives

Featured Updates

BusKill Demos (Windows, MacOS, Linux, TAILS, QubesOS)

LUKS Header Shredder (BusKill Self-Destruct Trigger)

BusKill is finally here

BusKill Demos (Windows, MacOS, Linux, TAILS, QubesOS)

January 18, 2022January 18, 2022Michael Altfield

Transparency is important. As we launch our crowdfunding campaign (making the BusKill cable available for purchase for the first time), we wanted to provide a clear video demo showing the cable in-use in all tested platforms:

Windows,
MacOS,
Linux,
TAILS, and
QubesOS

Full Video Demo

Watch the below video to see a demonstration of BusKill running on all of the above-listed systems.

Windows

BusKill was tested to work in Windows 10.

Visit docs.buskill.in for instructions on how you can build your own BusKill cable and download the BusKill app for Windows.

Or you can buy a BusKill kit with the BusKill Windows app pre-installed on the the included USB drive.

MacOS

BusKill was tested to work in MacOS 10.15 (Catalina).

Visit docs.buskill.in for instructions on how you can build your own BusKill cable and download the MacOS .dmg release.

Or you can buy a BusKill kit with the BusKill MacOS app pre-installed on the the included USB drive.

Linux

BusKill was tested to work in Ubuntu Linux.

Visit docs.buskill.in for instructions on how you can build your own BusKill cable and download the Linux .AppImage release.

Or you can buy a BusKill kit with the BusKill Linux app pre-installed on the the included USB drive.

TAILS

BusKill was tested to work with TAILS (The Amnesic Incognito Live System).

While you could use the BusKill Linux .AppImage release with a second USB drive while using TAILS, the recommended solution for security-critical users is to just use the BusKill cable in-line with the TAILS live USB drive. This takes advantage of

The BusKill cable's magnetic breakaway along with
The TAILS built-in emergency shutdown

Visit docs.buskill.in for instructions on how you can build your own BusKill cable to use with TAILS.

Or you can buy a BusKill cable to support the BusKill project.

QubesOS

BusKill was also tested to work with QubesOS.

Due to the design of QubesOS (dom0, sys-usb, etc), the BusKill GUI app does not support QubesOS. Instead, QubesOS support is implemented using the qubes-rpc and a set of scripts stored in sys-usb and dom0.

For more information on how to use BusKill in QubesOS, see our BusKill guide for QubesOS.

Visit docs.buskill.in for instructions on how you can build your own BusKill cable to use with QubesOS.

Or you can buy a BusKill cable to support the BusKill project.

A Laptop Kill Cord for QubesOS

January 4, 2022January 4, 2022Michael Altfield

This post will describe how to use BusKill as a dead man switch to trigger your laptop to self-destruct if it's physically separated from you. This guide is specific to QubesOS users.

What if someone literally steals your laptop while you're working with classified information inside a Whonix DispVM? They'd also be able to recover data from previous DispVMs--as Disposable VM's rootfs virtual files are not securely shredded after your DispVM is destroyed.

QubesOS: A reasonably secure OS

Are you a security researcher, journalist, or intelligence operative that works in QubesOS--exploiting Qubes' brilliant security-through-compartimentalizatio to keep your data safe? Do you make use of Whonix Disposable VMs for your work? Great! This post is for you.

I'm sure your QubesOS laptop has Full Disk Encryption and you're using a strong passphrase. But what if someone literally steals your laptop while you're working with classified information inside a Whonix DispVM? Not only will they get access to all of your AppVM's private data and the currently-running Whonix DispVM's data, but there's a high chance they'd be able to recover data from previous DispVMs--as Disposable VM's rootfs virtual files (volatile.img) are not securely shredded after your DispVM is destroyed by Qubes!

Let's say you're a journalist, activist, whistleblower, or a human rights worker in an oppressive regime. Or an intelligence operative behind enemy lines doing research or preparing a top-secret document behind a locked door. What do you do to protect your data, sources, or assets when the secret police suddenly batter down your door? How quickly can you actually act to shutdown your laptop and shred your RAM and/or FDE encryption keys?

BusKill utilizes a magnetic trip-wire that tethers your body to your laptop. If you suddenly jump to your feet or fall off your chair (in response to the battering ram crashing through your door) or your laptop is ripped off your table by a group of armed thugs, the data bus' magnetic connection will be severed. This event causes a configurable trigger to execute.

The BusKill trigger can be anything from:

locking your screen or
shutting down the computer or
initiating a self-destruct sequence

This post will describe how to setup such a system in QubesOS with BusKill

LUKS Header Shredder (BusKill Self-Destruct Trigger)

December 28, 2021January 11, 2022Michael Altfield

This post will describe how to add a trigger that initiates a "self-destruct" sequence when your BusKill laptop kill cord's connection is severed--rendering your data permanently & irrevocably destroyed in the event that your laptop were physically separated from you (ie: by a snach-and-run thief).

Many people were disappointed when the original post introducing BusKill only alluded to a self-destruct trigger, without actually describing how to use it with BusKill. This was done for two reasons:

Most people probably don't actually want an accidental false-positive to destroy all their data and
A self-destruct sequence should be taken seriously. Its implementation should be thoroughly thought-out, tested, and forensically analyzed

This article will provide that thorough analysis and explain to the reader how to implement a self-destruct trigger with BusKill on linux machines that have FDE with LUKS.

Introducing BusKill: A Kill Cord for your Laptop

January 2, 2020August 15, 2020Michael Altfield

This post will introduce a simple udev rule and ~$20 in USB hardware that effectively implements a kill cord Dead Man Switch to trigger your machine to self-destruct in the event that you're kicked out of the helm position.

ⓘ Note: This is an old article that is out-of-date.

To learn how to install BusKill, see our BusKill GUI App Documentation.

Photo of a Rubber Ducky USB drive — Rubber Ducky I <3 you; you make hack time lots of fun!

Let's consider a scenario: You're at a public location (let's say a cafe) while necessarily authenticated into some super important service (let's say online banking). But what if--after you've carefully authenticated--someone snatch-and-runs with your laptop?

Maybe you can call your bank to freeze your accounts before they've done significant financial harm. Maybe you can't.

Or maybe your laptop was connected to your work VPN. In less than 60 seconds and with the help of a rubber ducky, the thief could literally cause millions of dollars in damages to your organization.

Surely there must be some solution to trigger your computer to lock, shutdown, or self-destruct when it's physically separated from you! There is: I call it BusKill.