_WHENEVER YOU LEAVE YOUR COMPUTER UNATTENDED, you’re opening up an opportunity for a well-resourced and dedicated adversaryAn adversary is a person or entity with motivation to compromise your data. Identifying this set of actors is a key component in a risk assessment exercise. to physically compromise your device.
Depending on the resources your adversaries have access to (e.g., technical aptitude to compromise your device, and/or financial and social capital to gain access to wherever you’re staying), they may be able to tamper with your computer, infect it with malware, or make copies of your data while you step out for supplies, a meal, or a meeting.
The risk of this type of physical compromise (sometimes referred to as an “evil maid attackA scenario in which an attacker compromises an unattended device by infecting it with malware or another form of physical tampering.”) is generally higher when you travel; chances are you are in an unfamiliar environment, staying in buildings you can’t secure on your own, and engaging in high-risk work.
If there’s a chance you could be targeted for an “evil maid attack,” you should take your device with you, even if it’s heavy! While no solution to this threat is perfect, anything you can do to make your security harder to breach works in your favor. Here are some additional tips that might help you maintain the integrity of your travel setup —
Purchase a lockable computer case
Be aware that some locks can be easily defeated by a master key that is available to the majority of law enforcement agencies worldwide. This includes any lock that is “TSA approved.”
Try an intrusion detection strategy to detect hardware tampering
Intrusion detection techniquesA set of techniques designed to signal that a device has been tampered with while left unattended. You can use intrusion detection to indicate an evil maid attack has occurred. (e.g. placing tamper evident stickers over screws securing your hard drive) are never perfect, but they can give you a good idea of whether or not someone handled your devices while they were out of your sight. There are many approaches to intrusion detection — tamper evident stickers or bags, glitter nail polish painted over the laptop screws, uniquely patterned tape. Some work better than others. Read about the possibilities and limitations in Micah Lee’s piece.
Have a spare Android phone? Put the Haven app on it for a DIY burglar alarm
If you can spare leaving an old Android device in your hotel room, check out the Haven app by Guardian Project. Haven is an Android app designed to behave like a DIY burglar alarm; changes in light, motion, and sound trigger an alert to reach your primary phone via Signal.