Computer that SELF-DESTRUCTS if it’s HACKED!
Linus Tech Tips
·Linus Tech Tips
·2018-05-06
·
1,192 words · ~5 min read
0:00
let's say for a moment that you're the kind of person who takes cyber security
0:03
super serial you use a password manager
0:06
with multi-factor everything you keep all your programs and operating systems
0:11
up to date and you're constantly keeping a vigilant eye out for phishing attacks
0:17
that is all really good stuff that we should
0:20
actually all do but none of it will do you a bit of good if
0:25
an attacker actually gets your hardware
0:28
in their hands like physically
0:31
that is unless you're using a tamper-proof orwell computer from design
0:37
shift a pc that needs a password
0:40
and a fob just to boot up and that apparently will
0:45
disable itself permanently if we mess with it
0:50
challenge accepted by the way speaking of challenges this was a
0:55
challenging segue to ek water blocks phoenix lineup is their next generation
1:00
high performance all-in-one cooler check it out now at the link in the video
1:05
description
1:15
named for george orwell every one of these tiny yet shockingly heavy little
1:21
machines has its own unique encryption key one that is totally unknown even to
1:26
the manufacturer design shift it's a time rotating rsa 4096 key so that is
1:33
over 4 000 bits long and what it means
1:36
is that it is practically impossible to brute force so for reference the largest
1:43
rsa number that's ever been factored was only
1:46
768 bits long and that took hundreds of
1:49
computers over two years to figure out
1:53
now this encryption key is not stored in main memory or on the self-encrypting
1:58
SSD but rather in a security microcontroller that only exposes it
2:03
briefly when a user is authenticated like as you're booting up as for how to
2:08
authenticate well two-factor of course
2:11
orwell comes with two special key fobs that must be scanned on the machine
2:16
before you'll even be prompted to enter your numeric password using orwell's
2:21
OLED display and only then does the
2:24
machine boot up and then you will still need to enter credentials for Windows
2:28
ubuntu cubes os or whatever your fobs use nfc
2:33
for the initial setup then once they're paired the java card applet on the fob
2:38
that's responsible for pairing is actually deleted and from then on the
2:43
fobs communicate their distance from orwell over encrypted low energy
2:48
bluetooth and the machine will actually lock down if you get more than 10 meters
2:52
away in lockdown mode orwell's ports
2:55
that's two five gigabit usb type cs for power and peripherals and a mini HDMI
3:00
for the display are shut off so no one can plug in their stuxnet flash drive or
3:05
boot the computer using an external device and the CPU is put to sleep
3:11
that is unless the main board secure mcu's three axis accelerometers and
3:17
gyroscopes detect movement at which time it will actually be powered completely
3:22
off forcing a potential hacker to build their lab around the machine
3:28
rather than carrying it away to be prodded at in privacy
3:32
okay then Linus what if i go around the mcu by freezing
3:37
it with a spray refrigerant well since the mcu also monitors for
3:43
drastic temperature changes freezing it will actually result in orwell
3:48
destroying the encryption key and even if you could freeze the RAM for
3:53
example which typically retains information for a few seconds after
3:57
being powered down you'd have a hard time reading anything from it because it
4:01
is soldered onto the board and going at it the other way isn't an option either
4:06
the boot sequence is designed to wipe the RAM before post to prevent attackers
4:11
from somehow inserting code into the memory during boot
4:15
i mean most of that stuff though is kind of hypothetical anyway because you probably
4:21
would never get that far the entire system is physically tamper proof and
4:26
i'm not talking about a handful of pressure sensors that you can just drill
4:30
holes around and disable no no the entire system in addition to the main
4:35
board mcu and the mcu and the fob the
4:39
system is wrapped in a conductive dye shield with multiple pressure switches
4:44
and a wire mesh barrier this protects against physical ingress and certain
4:49
side channel attacks like over-the-air power analysis since no meaningful power
4:54
leakage will make it through the die shield and if you disturb any of that
4:58
stuff the encryption key gets nuked and all of this works even without
5:03
orwell being plugged in since the main board mcu's onboard battery can actually
5:07
last for several months now to be clear
5:11
security features like this have been around for years in some industries but
5:15
design shifts pitch is that they're delivering bank level information
5:19
security for everyone without changing the overall user experience
5:24
and they're actually mostly there the fobs are a little too bulky right
5:30
now in my opinion and while they are rechargeable over micro usb they lack a
5:34
battery indicator light so when they die and your orwell locks down you're gonna
5:38
have a bad time but once you're logged into orwell it
5:42
behaves just like a regular computer as advertised
5:46
so that's really cool but i still think their audience will
5:50
end up being somewhat limited the orwell breezed through our thermal tests
5:55
staying relatively quiet without throttling but even the top tier model
5:59
sticks you with a mobile processor eight gigs of RAM and integrated graphics and
6:05
that's at three times the cost of a similarly spec'd tablet computer
6:10
to be clear that could be considered cheap compared to some of the other
6:14
options that are out there and there are definitely going to be customers for
6:18
this tech but i just have to wonder if the next step for design shift has to be
6:23
a notebook to give extra flexibility to
6:26
anyone who wants to take his or her secure computing
6:29
on the road alright then
6:33
with all that out of the way let's see if we can lose our data
6:36
after this message from tunnelbear tunnelbear is the simple vpn app that
6:41
makes it easy to browse privately and enjoy a more open internet with
6:45
tunnelbear turned on your wi-fi connection is secured and your online
6:49
activity is kept private from your internet provider advertisers and anyone
6:53
else looking to track you or profit from your data tunnelbear has a top rated
6:57
privacy policy and does not log your activity so go try tunnelbear for free
7:01
with no credit card required at tunnelbear.com
7:05
LTT we're going to have that linked below
7:21
do
7:52
so thanks for watching guys if this video sucked you know what to do but if
7:55
it was awesome get subscribed hit that like button or check out the link to
7:59
where to buy the stuff we featured there it is at the link in the video
8:04
description also link down there is our merch store which has cool shirts like
8:07
this one and our community forum which you should totally join