Join 3,497 readers in helping fund MetaFilter (Hide)


is there a way to make it look like the harddrive on my osx mac book pro isn't working?
March 2, 2010 8:00 AM   Subscribe

is there a way to make it look like the harddrive on my osx mac book pro isn't working?

I'm thinking of situations in which someone else boots up my machine while I'm not around and it just looks broken. I already disabled target disk mode.

I am not looking for a great encryption tool to protect a certain folder of documents here. the weakness would be me - I could end up being compelled to disclose the password i.e. at customs - but if the computer seemed to be inoperable it would be a reasonable claim that I couldn't do anything about it even though I'd like to help. that's just an example but you get what I'm getting at. I want to keep folks from even trying unless they really really want access. I want to higher the bar just a bit.

we're talking snow leopard on a mac book pro here.
posted by krautland to Computers & Internet (14 answers total) 1 user marked this as a favorite
 
It's really easy to take a HD out of the MBPs, or even the ram. Your computer won't be doing anything with out those in it. Keep an electrostatic shielding bag with you, and slip it in another piece of luggage.
posted by fontophilic at 8:05 AM on March 2, 2010


agreed, HD removal on a Mac laptop is very easy and quick. Buy yourself another hard drive and then install a bad OS. You can install Windows if you want and delete files so it Blue Screen of Deaths on you, etc. Then you have your other hard drive in a plastic bag.

To take it a step further, depending on your model of Mac a compatible Hard Drive could be found in some of the "portable external hard drives" sold in stores like Best Buy. You can buy one of those, and then remove the hard drive. You put your real hard drive in the portable enclosure and put the portable enclosure's drive in the Mac (again with a bad OS, etc). With Target Disk Mode disabled you will reasonably have a portable hard drive which you can't connect to a broken laptop (for an extra step of security, don't connect the ribbon cable to the actual physical disk drive in the portable enclosure so if someone plugs the portable enclosure into a computer it, too, won't work).

It's not as easy as a program to run that makes it look broken, but if you only travel occasionally this will do the trick.
posted by arniec at 8:21 AM on March 2, 2010


I like the idea of removing the RAM -- the computer wouldn't even boot.

Beyond that, I can think of two other software type solutions. Not sure if they are too complicated.

One would be to store the folder you want to keep secret only in an encrypted online drive, such as provided by SpiderOak or JungleDisk. That way it's never on your hard drive.

Another would be to use a kind of encryption on the folder that addresses the "being forced to divulge the password" scenario. Once you get this kind of encrypted folder set up, you can work with it very naturally.

If you use TrueCrypt software, you can create an encrypted section of your drive that has two passwords: one is the "outer volume" where you put some secret-LOOKING stuff (such as StarTrek fanfic? Sears catalog lingerie shots? etc). The other is the "hidden volume" that has your real secret stuff.

Then, if you are forced to divulge the password, you divulge the password to the outer one; there is no sign of the hidden volume's existence. You are "caught" with something innocuous.

It's a lot more complicated than removing the hard drive, but then again in the paranoid scenario wouldn't your customs people find the hard drive in your baggage as well?

Once you start thinking this way it gets wacky. The only thing I encrypt now are things I just wouldn't want my kid to see.
posted by martin2000 at 8:51 AM on March 2, 2010


Yes, your "broken" hard drive trick is not a very good one, and probably wouldn't fool anyone who knows what they're doing. For robust security, you want to do one of two things:

1) Encryption. The TrueCrypt hidden volume that martin mentions would allow you to give up your first decryption password, decrypt the visible drive, and the attackers would still have no way of knowing that there is a hidden encrypted drive.

2) Don't keep valuable data on your laptop. Keep it on a machine that will not be travelling with you, then retrieve it via an encrypted connection (SSH or VPN) after arriving safely at your destination.
posted by chrisamiller at 8:58 AM on March 2, 2010


nthing TrueCrypt hidden volume if you legitimately want to hide something. The whole purpose of the hidden volume is to get around the problem you mention where you might have to divulge the password for whatever reason.

One idea that's easy is if the fan on your laptop is easily accessible (they usually are) you can probably unplug it while leaving it in. Then you're computer will begin to boot but will soon realize that it's overheating and give you a warning and force shutdown. You can just say your fan is broken, and the computer won't stay on long enough to really dig into what information is on it. Although how long it takes to overheat and shutdown depends on the individual machine/ambient temperature of course. Note that it should easily be able to shut itself down before it gets hot enough to damage itself.
posted by Diplodocus at 9:12 AM on March 2, 2010


First of all look into Truecrypt's Plausible Deniability mode. It's designed exactly for cases like this: you create an encrypted volume with a special 'hidden' layer. When you mount the drive you either enter your main password, or the secondary password. If you use the main password, it mounts up the main folder with whatever innocuous stuff you put there. If you use the secondary password you get your hidden volume.

The only catch is that if you don't don't 'protect' the hidden volume you mount it might accidentally overwrite it the hidden data (you do this by entering in both passwords)

Secondly. Think about it: Rather then making your machine appear to be broken to fool whoever it is you need to fool, wouldn't it be even better if your machine appeared to be normal with no "interesting" information on it whatsoever? Well, true crypt actually allows you to create an entire Hidden Operating system I don't know if it will work with MacOS X, though :(

Another option would be load your 'secret' OS inside of a virtual machine, with the files stored in an encrypted volume (you'll probably need to use windows as the main guest OS in this case as well)

--

There are a lot of ways to do it. but I think in general it's a bad idea to try to 'roll your own' security. The more effort you put in to keeping your stuff secret the more guilty you'll look if you get caught. As far as making your machine look broken, what happens if that makes them more suspicious? They pop it open and see a missing hard drive? or one that's been un-plugged?

If you use a hidden volume, then it's theoretically impossible. No matter what they do, no matter how closely they look or how much time they spend on it they'll never be able to know that you have a hidden volume. They will certainly never be able to prove it, and in fact if you actually mount the drive without protection, it's possible that the data will actually get destroyed and could never even be recovered.
(for an extra step of security, don't connect the ribbon cable to the actual physical disk drive in the portable enclosure so if someone plugs the portable enclosure into a computer it, too, won't work)
Usually SATA disks in laptops don't use cables, they just fit snug against the connectors, using a standard layout. That's pretty awesome, but it makes it hard to keep the disk unpluged. Maybe you could put electrical tape over the leads.

But like I said, if they get suspicious this is going to look super sketchy. On the other hand, simply having a hidden OS protected by truecrypt isn't going to look that suspicious because lots of people encrypt their hard drives. The secret stuff stays secret forever.
posted by delmoi at 9:24 AM on March 2, 2010 [1 favorite]


(heh, three other people mentioned truecrypt in the time I was writing my comment :P)
posted by delmoi at 9:26 AM on March 2, 2010


An alternative to what's been suggested so far would be a USB key. Your laptop will require the continuous presence of a unique USB flash drive in order to use it. No key = no access. Easier than taking out the hard drive, if you don't mind keeping the key in whenever you use the machine. It won't make the computer appear broken, but in situations like the customs screening you described, divulging a password won't be a problem as long as the USB drive isn't physically in your possession. If you're crossing a border, mail the key to yourself so you're not traveling with it.

You might want to duplicate the key too, just in case one fails or it gets lost in the mail, so you're not locked out of your own computer forever. Though there are probably ways to get around it if you're determined enough. And it's true that if your computer is asking for a USB key to be inserted, that could look suspicious enough for somebody to raise an eyebrow.
posted by The Winsome Parker Lewis at 9:26 AM on March 2, 2010


An alternative to what's been suggested so far would be a USB key. Your laptop will require the continuous presence of a unique USB flash drive in order to use it. No key = no access.

That won't stop anyone from getting the data, though, since they can just take out the drive if they get suspicious.
posted by delmoi at 9:55 AM on March 2, 2010


I remember hearing how some network admins advocate the following:

1. Travel abroad with an empty laptop -- with no data stored on it above and beyond the OS.

2. Once abroad, connect via a secure connection to the company network and download work documents.

3. Before preparing for home, upload the data back to the network via the secure connection, and wipe it securely from the hard disk.

4. Travel home with an empty laptop again.

5. Once back at home base, download files once again via the company network.
posted by deeper red at 11:24 AM on March 2, 2010 [2 favorites]


As deeper said, if you really want to travel across international borders without having -anything- on your laptop, the only solution is to take a laptop that is blank sans OS, and connect to a second machine back in your home country by VNC, Apple Remote Desktop, RDP, etc.

This is not a method of bypassing rubber hose cryptanalysis.
posted by thewalrus at 12:55 PM on March 2, 2010


I like the idea of removing the ram as that seems fairly easily accessible. I don't like encrypting folders on the face of it, though the outer-inner scenario is something I will check out (thanks).

but generally I am more thinking along the lines of someone booting that computer up, wanting to check i.e. my gmail account and the cookies directing them to another account than the one I actually use. I want them to find cooking recipes and a bunch of cute pictures but not what I really work on. I want them to be satisfied that they checked the machine out and that there's nothing of value on it. if it didn't boot up, I'd at least get more curious.

The only thing I encrypt now are things I just wouldn't want my kid to see.
yeah, well ... insert boss, coworker, girlfriend, parents, dude who swiped my laptop at starbucks, competitor ... I'm covering my bases here. I read a story on bruce schneiers blog once about businessfolks hdd's being swiped and at customs and the data shared with local competitors. I think that was a story about france and windmill manufactors. not that I am that important but I it bothers me.

I'll look into into Truecrypt's Plausible Deniability mode. that sounds like a good match.

An alternative to what's been suggested so far would be a USB key.
I thought of that but discounted it myself. anyone recognizes a usb key. daring fireball wrote about SSDs being faster than harddrives and booting from them (my mbp can take one) and they kind of look like pcmcia modems if you're not familiar with them but again, I am kinda unwilling to take extra hardware around. it seems too simple to figure out.
posted by krautland at 4:28 PM on March 2, 2010


Truecrypt system level encryption isn't available for Mac OS, only Windows. It will simply encrypt the volume without booting from it if that's what you want.

I think that you'd be best served by a couple of practices, both of which fall under the same sort of "require a password" rubric.

First, don't save cookies in your browser. Alternatively, turn on Private Browsing when you're doing something sensitive. The latter lets you have a bunch of innocuous cookies. If you're worried about gmail access then don't ever stay logged in to gmail. I mean, typing in a password is not *that* hard, right? I don't ever save passwords in the browser, so this is something I do too (not so much for security--I'm afraid if my browser remembers the passwords I'll forget them myself and upgrade browsers or something).

The second, just have a encrypted partition for sensitive files. It sounds like the sensitive stuff is a subset of your total work, so there's plenty of other stuff to look at.

It depends on what kind of "attack" you're looking at. A thief isn't going to care that you have data that's encrypted, and on the off chance he does he won't have the resources available to break the encryption anyway. If you're looking for a "I don't have anything to hide" sort of thing (say, avoiding customs scrutiny) it gets harder. In this case I'd probably just put the sensitive stuff on an encrypted USB stick and mail it to where I was going.
posted by RikiTikiTavi at 9:12 AM on March 3, 2010


Late entry: Put your data on a MicroSD card and put it in a hollowed out nickle Just make sure you keep a backup in case you forget and accidentally put it in a vending machine.
posted by delmoi at 9:30 PM on March 13, 2010


« Older Excel: How can I find the colu...   |  Help me get my girlfriend a st... Newer »
This thread is closed to new comments.