1
00:00:00,160 --> 00:00:06,879
let's say for a moment that you're the kind of person who takes cyber security

2
00:00:03,840 --> 00:00:09,120
super serial you use a password manager

3
00:00:06,879 --> 00:00:14,000
with multi-factor everything you keep all your programs and operating systems

4
00:00:11,280 --> 00:00:18,400
up to date and you're constantly keeping a vigilant eye out for phishing attacks

5
00:00:17,119 --> 00:00:22,080
that is all really good stuff that we should

6
00:00:20,240 --> 00:00:28,240
actually all do but none of it will do you a bit of good if

7
00:00:25,119 --> 00:00:31,439
an attacker actually gets your hardware

8
00:00:28,240 --> 00:00:33,920
in their hands like physically

9
00:00:31,439 --> 00:00:40,800
that is unless you're using a tamper-proof orwell computer from design

10
00:00:37,440 --> 00:00:42,559
shift a pc that needs a password

11
00:00:40,800 --> 00:00:46,879
and a fob just to boot up and that apparently will

12
00:00:45,280 --> 00:00:53,280
disable itself permanently if we mess with it

13
00:00:50,800 --> 00:00:58,000
challenge accepted by the way speaking of challenges this was a

14
00:00:55,280 --> 00:01:03,280
challenging segue to ek water blocks phoenix lineup is their next generation

15
00:01:00,800 --> 00:01:07,420
high performance all-in-one cooler check it out now at the link in the video

16
00:01:05,119 --> 00:01:12,370
description

17
00:01:15,600 --> 00:01:24,080
named for george orwell every one of these tiny yet shockingly heavy little

18
00:01:21,280 --> 00:01:29,680
machines has its own unique encryption key one that is totally unknown even to

19
00:01:26,880 --> 00:01:36,960
the manufacturer design shift it's a time rotating rsa 4096 key so that is

20
00:01:33,520 --> 00:01:39,680
over 4 000 bits long and what it means

21
00:01:36,960 --> 00:01:45,600
is that it is practically impossible to brute force so for reference the largest

22
00:01:43,040 --> 00:01:49,680
rsa number that's ever been factored was only

23
00:01:46,360 --> 00:01:53,040
768 bits long and that took hundreds of

24
00:01:49,680 --> 00:01:56,000
computers over two years to figure out

25
00:01:53,040 --> 00:02:00,960
now this encryption key is not stored in main memory or on the self-encrypting

26
00:01:58,479 --> 00:02:06,000
SSD but rather in a security microcontroller that only exposes it

27
00:02:03,360 --> 00:02:11,840
briefly when a user is authenticated like as you're booting up as for how to

28
00:02:08,560 --> 00:02:14,480
authenticate well two-factor of course

29
00:02:11,840 --> 00:02:19,440
orwell comes with two special key fobs that must be scanned on the machine

30
00:02:16,959 --> 00:02:24,720
before you'll even be prompted to enter your numeric password using orwell's

31
00:02:21,680 --> 00:02:26,800
OLED display and only then does the

32
00:02:24,720 --> 00:02:30,239
machine boot up and then you will still need to enter credentials for Windows

33
00:02:28,800 --> 00:02:35,680
ubuntu cubes os or whatever your fobs use nfc

34
00:02:33,760 --> 00:02:40,560
for the initial setup then once they're paired the java card applet on the fob

35
00:02:38,400 --> 00:02:45,599
that's responsible for pairing is actually deleted and from then on the

36
00:02:43,519 --> 00:02:50,160
fobs communicate their distance from orwell over encrypted low energy

37
00:02:48,000 --> 00:02:55,120
bluetooth and the machine will actually lock down if you get more than 10 meters

38
00:02:52,080 --> 00:02:57,680
away in lockdown mode orwell's ports

39
00:02:55,120 --> 00:03:03,280
that's two five gigabit usb type cs for power and peripherals and a mini HDMI

40
00:03:00,560 --> 00:03:07,040
for the display are shut off so no one can plug in their stuxnet flash drive or

41
00:03:05,440 --> 00:03:14,480
boot the computer using an external device and the CPU is put to sleep

42
00:03:11,519 --> 00:03:20,560
that is unless the main board secure mcu's three axis accelerometers and

43
00:03:17,680 --> 00:03:25,519
gyroscopes detect movement at which time it will actually be powered completely

44
00:03:22,640 --> 00:03:30,080
off forcing a potential hacker to build their lab around the machine

45
00:03:28,000 --> 00:03:34,239
rather than carrying it away to be prodded at in privacy

46
00:03:32,640 --> 00:03:40,000
okay then Linus what if i go around the mcu by freezing

47
00:03:37,440 --> 00:03:46,080
it with a spray refrigerant well since the mcu also monitors for

48
00:03:43,360 --> 00:03:50,799
drastic temperature changes freezing it will actually result in orwell

49
00:03:48,080 --> 00:03:55,280
destroying the encryption key and even if you could freeze the RAM for

50
00:03:53,360 --> 00:03:59,360
example which typically retains information for a few seconds after

51
00:03:57,280 --> 00:04:04,239
being powered down you'd have a hard time reading anything from it because it

52
00:04:01,280 --> 00:04:08,480
is soldered onto the board and going at it the other way isn't an option either

53
00:04:06,239 --> 00:04:13,439
the boot sequence is designed to wipe the RAM before post to prevent attackers

54
00:04:11,439 --> 00:04:16,720
from somehow inserting code into the memory during boot

55
00:04:15,599 --> 00:04:23,840
i mean most of that stuff though is kind of hypothetical anyway because you probably

56
00:04:21,440 --> 00:04:28,160
would never get that far the entire system is physically tamper proof and

57
00:04:26,560 --> 00:04:32,800
i'm not talking about a handful of pressure sensors that you can just drill

58
00:04:30,160 --> 00:04:39,199
holes around and disable no no the entire system in addition to the main

59
00:04:35,600 --> 00:04:41,520
board mcu and the mcu and the fob the

60
00:04:39,199 --> 00:04:46,639
system is wrapped in a conductive dye shield with multiple pressure switches

61
00:04:44,080 --> 00:04:51,199
and a wire mesh barrier this protects against physical ingress and certain

62
00:04:49,120 --> 00:04:56,320
side channel attacks like over-the-air power analysis since no meaningful power

63
00:04:54,320 --> 00:05:01,120
leakage will make it through the die shield and if you disturb any of that

64
00:04:58,320 --> 00:05:05,520
stuff the encryption key gets nuked and all of this works even without

65
00:05:03,520 --> 00:05:11,280
orwell being plugged in since the main board mcu's onboard battery can actually

66
00:05:07,919 --> 00:05:12,960
last for several months now to be clear

67
00:05:11,280 --> 00:05:17,440
security features like this have been around for years in some industries but

68
00:05:15,440 --> 00:05:22,320
design shifts pitch is that they're delivering bank level information

69
00:05:19,520 --> 00:05:27,360
security for everyone without changing the overall user experience

70
00:05:24,560 --> 00:05:32,320
and they're actually mostly there the fobs are a little too bulky right

71
00:05:30,000 --> 00:05:37,039
now in my opinion and while they are rechargeable over micro usb they lack a

72
00:05:34,960 --> 00:05:40,639
battery indicator light so when they die and your orwell locks down you're gonna

73
00:05:38,880 --> 00:05:45,280
have a bad time but once you're logged into orwell it

74
00:05:42,560 --> 00:05:48,960
behaves just like a regular computer as advertised

75
00:05:46,560 --> 00:05:53,440
so that's really cool but i still think their audience will

76
00:05:50,800 --> 00:05:57,680
end up being somewhat limited the orwell breezed through our thermal tests

77
00:05:55,520 --> 00:06:02,240
staying relatively quiet without throttling but even the top tier model

78
00:05:59,919 --> 00:06:07,440
sticks you with a mobile processor eight gigs of RAM and integrated graphics and

79
00:06:05,280 --> 00:06:12,800
that's at three times the cost of a similarly spec'd tablet computer

80
00:06:10,400 --> 00:06:16,639
to be clear that could be considered cheap compared to some of the other

81
00:06:14,479 --> 00:06:20,960
options that are out there and there are definitely going to be customers for

82
00:06:18,479 --> 00:06:26,720
this tech but i just have to wonder if the next step for design shift has to be

83
00:06:23,600 --> 00:06:28,400
a notebook to give extra flexibility to

84
00:06:26,720 --> 00:06:31,919
anyone who wants to take his or her secure computing

85
00:06:29,840 --> 00:06:34,960
on the road alright then

86
00:06:33,199 --> 00:06:39,039
with all that out of the way let's see if we can lose our data

87
00:06:36,880 --> 00:06:43,440
after this message from tunnelbear tunnelbear is the simple vpn app that

88
00:06:41,280 --> 00:06:47,039
makes it easy to browse privately and enjoy a more open internet with

89
00:06:45,520 --> 00:06:50,800
tunnelbear turned on your wi-fi connection is secured and your online

90
00:06:49,120 --> 00:06:55,840
activity is kept private from your internet provider advertisers and anyone

91
00:06:53,840 --> 00:06:59,520
else looking to track you or profit from your data tunnelbear has a top rated

92
00:06:57,680 --> 00:07:03,560
privacy policy and does not log your activity so go try tunnelbear for free

93
00:07:01,840 --> 00:07:07,440
with no credit card required at tunnelbear.com

94
00:07:05,280 --> 00:07:21,360
LTT we're going to have that linked below

95
00:07:21,360 --> 00:07:52,800
do

96
00:07:52,800 --> 00:07:58,080
so thanks for watching guys if this video sucked you know what to do but if

97
00:07:55,840 --> 00:08:02,080
it was awesome get subscribed hit that like button or check out the link to

98
00:07:59,440 --> 00:08:05,919
where to buy the stuff we featured there it is at the link in the video

99
00:08:04,000 --> 00:08:09,599
description also link down there is our merch store which has cool shirts like

100
00:08:07,360 --> 00:08:13,400
this one and our community forum which you should totally join