Bananas read that an american mayor was stopped by homeland security/tsa (not here) and mugged of this electronics and his password for reasons best known to the low paid security ‘professionals’ perhaps they wanted a newer phone or some other reason.
A duress password is something you give out willingly when your given no choice as noted in the article above but it is not an option in products say the iphone (my blog) which i dont own so the next time apple say privacy is required take it with a pinch of salt, the same can be said of others too.
Anyhow being a trustworthy figure** comrade Silva complained and while his/city stuff has yet to be given back i thought it well worth having a go at.
So for fun one weekend i wrote a linux based duress script with the help of a virtual server which if i wanted to be really cool i would mention buzz words like sdn, and docker, its a fun thing to do and i hope i will never have to use it, but i have one now.
Basically it uses shred and dd with some elevated privileges i went for root and disk for this user and an autologin script that works both for a gui and terminal access. Not a lot remains in the virtual linux box, You probably cannot do this in microsoft products* and you might need root access for android but it was mostly fun cloning vm’s and destroying them. After all in linux land is a lot more reliable than somebody else.
So why would need such an item i guess your saying ‘i have nothing to hide’. Well imagine your Saeed Malekpour who is a citizen of Canada and is in an Iranian prison awaiting the death penalty for writing web software that many people use but also porn firms use as well. You can make your mind up on the merits of your ideals and if the Iranians might feel you too deserve a death sentence for perhaps eating bacon or something..
You reply ‘um yes that is bad but america would never do that’ despite Josh Duggar and Kim Davies and those jesus loving republicans (my blog) well that’s your option to ignore this but please dont become another Saeed in which i write a blog post about you.
So is this a feature or a threat this ? since an admin person has to setup an account and the password with extra rights this is pretty secure after all you have to give the password and you generally would not want to run as that user so i think its pretty safe for the user and the organisation after all cisco employees where once targeted by the tsa for what was on there laptops and who knows where that information finally ended up.
The other option for the script would be a cron and a remote sync kill switch which would be on a par with Plumpergeddon (my blog) and would not be that hard to remote wipe, should a thief crack the password and login then a script would run and the disk would be clean.
That might be next weekends task, it does sound fun…..
*with lots of personal information gathered by microsoft and stored (not here) your probably screwed using microsoft products. **somebody voted.