BusKill – A Kill Cord To Secure Data From Snatch-and-run Laptop Theft

Let’s consider a scenario: You’re at a public location (let’s say a cafe) while necessarily authenticated into some super important service (let’s say online banking). But what if–after you’ve carefully authenticated–someone snatch-and-runs with your laptop?

Software engineer and Linux sysadmin, Michael Altfield, has come up with an solution to protect stolen device data. He has developed a security cable that he calls ‘BusKill’ that can secure your data in case of laptop theft.

The cable is designed to combat should a thief snatch-and-run a users laptop. Altfield came up with an idea that will instantly shut down the system the moment someone steals it. He created a simple $20 cable that protects the laptop.

For successful operation, one end of the cable is attached to the user, the other end is connected with the laptop. The moment it is disconnected from the device, the action triggers a udev script. This script can further trigger a system shut down, or entirely wipe the data (as directed by the user).

Altfield has also shared a brief video demonstrating how BusKill will work.

Create Your Own BusKill

Altfield has detailed everything in his blog post about the setting up of the cable and the software.

In brief, creating BusKill requires you to have,

  • A USB drive with keyhole
  • Small carabiner keyring
  • A USB magnetic breakaway adapter
  • 1m long USB extension cable

In all, it will cost you around $20 to obtain these components.

Source: Michael Altfield

As for the system configuration, it requires the user to add a new udev rule file to /etc/udev/rules.d/ to trigger a specific action whenever the specified USB is removed from the laptop. This first requires the user to figure out the ID-MODEL for the specified USB.

$ udevadm monitor --environment --udev
...
ACTION=remove
...
ID_MODEL="Micromax_A74"
...
SUBSYSTEM=usb
...

Then, set up the rule while inserting this ID_MODEL. The subsequent action can be anything from displaying screen saver to wiping off the data. For instance, to set up a screen saver,

cat << EOF | sudo tee /etc/udev/rules.d/busKill.rules
ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_MODEL}=="Micromax_A74", RUN+="DISPLAY=:0 xscreensaver-command -lock"
EOF
sudo udevadm control --reload

Whereas, the following will trigger system shut down upon USB removal.

cat << EOF | sudo tee /etc/udev/rules.d/busKill.rules
ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_MODEL}=="Micromax_A74", RUN+="shutdown -h now"
EOF
sudo udevadm control --reload

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

How to Improve Your Cyber Resilience by Strengthening User Privileges