USB FlashDrives The New PC?

olddotter writes "Yahoo has an article about how large capacity USB drives might be redefining the concept of the personal computer. The article is windows specific, but think knopix on a flash drive." From the article: "When you check into an average hotel room and find -- alongside the alarm clock, hair dryer and DVD player that once were bring-your-own items but now are as standard as the furniture -- a cheap PC for guests to plug into, as our truly personal computing environment travels with us."

Well, that's great

[the-amazing-blob]

It would be nice to have that accessability in hotels, but I have one small problem with USB drives. They're too freaking small. I keep losing them.

Oh?

[temojen]

I wouldn't trust a hotel (or net-cafe) computer with a USB stick with my private keys, certificates, or banking password. Even if you boot off your USB stick, how do you know it's not booting under Xen? I think it's more likely that the hotel computer has malware already. chambermaids are not sysadmins.

The key issue

[putko]

There's nothing magical about USB, or even a local disk.

The key issue isn't that the data is on a USB disk, but that it is easy enough for you to carry around all your data (including OS and apps). E.g. compact flash would suffice. Or serial flash.

Furthermore, just having secure access to the data (perhaps over the internet) would suffice. Imagine a system where to boot up, the PC fetches your data off the web. Perhaps you use a kind of use-once key to access some of the data, with which the PC computes.

The thing I've not been satisfied with yet is the idea that the PC itself would engage in a man-in-the-middle attack. E.g. it stores a copy of whatever data you've accessed (off your USB, compact flash or network storage) -- and the bad guy gets that stuff later. There's no defense against this attack, because the PC is doing the processing.

E.g. imagine a compromised PC running something like bochs. It emulates a real PC, but gives away your secrets.

Trust?

[wtown]

Assuming that you are willing to trust that this machine isn't (either by design or by tampering) just grabbing and logging all of your data.

Granted, I'm sure protection mechanisms would be built in to address this, but I think I'd still be a bit skeptical.

Re:Or you can go one better...

[temojen]

Or just bring your own Laptop. Putting your confidential information in someone else's computer is not safe. ever.

Re:Oh?

[Pharmboy]

This is referring to a computer with NO operating system at all. You have to provide everything, it's completely diskless, just a usb port. If they did anything, it would have to be at the proxy or some kinda tftp boot.

Having a whole operating system on a flash drive isn't that unusual. I have been using Knoppix for years, like a million other people. The flashdrive would just be faster and smaller, and you could write to it and save some files if you chose to.

Re:Oh?

[temojen]

How do you know it has no OS?

USB would need a security layer.

[G4from128k]

This sounds like a security/privacy nightmare. What stops the host PC from copying the drive or infecting it with malware from the prior user. Even if the USB drive uses an encrypted filesystem, once you type your password into the PC to access any file on the user data partition, you have no guarantee that it won't access every file on the drive. I can also see this giving corporate security managers the screaming heebie jeebies over the thought of returning road-warrior executives bringing infected USB drives inside the the corporate firewall (yes, you can scan for malware but you're still susceptible to zero-day attacks and delays in AV updates).

Perhaps this would work if the client machine were truly memory-less (no HD, no NVRAM, no flash ROM, etc.). Then the machine could be a secure blank slate for whatever the USB user needed to do. Given the prevalence of flashable firmware on everything (and the need for persistent machine configuration data), I doubt this is very feasible.

Re:The key issue

[Kjella]

The thing I've not been satisfied with yet is the idea that the PC itself would engage in a man-in-the-middle attack. E.g. it stores a copy of whatever data you've accessed

Or if your USB key is your computer (I presume some of these can be offline), why not just copy the entire USB drive? At 512mb each, you'd fit 500 on a 250gb drive (actually you wouldn't since 2^10 != 10^3), then just search... any interesting jpgs? videos? license keys? confidential data? certificates? Take your pick.

Re:I like this concept

[tepples]

You boot an os off of a flash drive and then run those programs off of the bootable os.

Or you boot an "oe" (operating environment) off a flash drive. An oe is an os plus some bundled applications. If you load an oe advertised as containing OpenOffice.org Suite, Mozilla Firefox, and Nvu, then it doesn't matter whether it's running a FreeBSD or Linux os; what matters is that your apps run.

Re:Oh?

[Jace of Fuse!]

That won't help you one bit if the keyboard has within itself a hardware keylogger.

Some keyboards themselves are keyloggers.

Sometimes keyboards are attached to keylogger adapters or dongles.

KeyGhost.Com [keyghost.com]

So, remember, either bring your own keyboard or just bring a laptop.

Re:Flash drives don't last forever

[00110011]

Another question would be how secure would it be to even consider using swap space on someone else's hard drive? Think about it...your entire program's memory could be swapped out, without notice, including any sensitive information stored in there such as passwords and encryption keys and such.

Even the BIOS is emulated

[tepples]

Because virtual machines still have to boot. Lemme put it this way - reboot and in the BIOS, make sure that flash drives boot before hard drives.

...the BIOS screen you think you see isn't the bare hardware's BIOS screen. It's the virtual machine's.

Forgot about Europe?

[Trurl's Machine]

Ideas like this one are always based on one assumption: that everybody will be totally happy with the same keyboard layout. While it might be true US-wide for US-only customers, it's not true in Europe. All the European languages require keyboard layouts more or less different than the typical English QWERTY - such as the German QWERTZ or French AZERTY, not to mention all those weird accented characters that the Swedisch chef need to correctly spell his "bork! bork! bork!". Don't get me started with Slavic languages, especially those of Cyryllic alphabet... No European hotel would seriously consider offering this service as it would lock-out foreign visitors. Personally, I'm just totally happy traveling with my powerbook as my personal computer, all I want from the hotel is to have Airport and access to their printers.

Where the heck are you finding...

[Asprin]

Where the heck are you finding hotels that provide a DVD player when in-room PPV movies are $10-$15 each? None of the hotels I've ever stayed in provide that; the TV's don't even have accessible A/V inputs and the cable hookups are protected with a user-proof collar.

Re:vmware with no HD image perhaps?

[fbjon]

How about a battery backed-up PSU, with the battery inside the PSU itself? The host OS detects that AC power drops out, simulates no-power. When AC power returns, "start computer". Yes it's unlikely, but not particularly difficult, and some people need to worry about it actually.

If you can find a way to easily make sure that the thing has no power left inside, and it looks like commodity hardware, then it's probably ok. But even then, what if it doesn't have a normal BIOS, but instead boots straight into an emulator?

The possibilities are endless...

Re:Flash drives don't last forever

[NanoGator]

"Another question would be how secure would it be to even consider using swap space on someone else's hard drive? Think about it...your entire program's memory could be swapped out, without notice, including any sensitive information stored in there such as passwords and encryption keys and such."

Isn't that equivalent to saying "Your house isn't very secure. Somebody with a bulldozer could easily get in." ...?

No no, I'm not trying to use the time dis-honored method of using faulty metaphores to shoot your point down. Rather, I really am asking a question here. Wouldn't it take somebody with a snazzy computer mind and the right tools to actually go in and retrieve useful information? Wouldn't they have to know precisely what they're looking for to actually obtain that data? In that case, would it really be all that likely you'd fall victim to something like that?

Whether I'm right or wrong, seems to me the best solution to this problem is to not rely on a computer you're not in control of to be secure. I have a hard time imagining students in school, for example, lots of students in school keeping dangerous info on these drives. The simple fact that they could lose the drive, in most cases, would be enough to keep these people in line.

Re:Oh?

[ComputerSherpa]

You guys are all assuming that your precious data is worth stealing in the first place. You may not be as interesting to other people as you may think.

Re:Oh?

[fbjon]

Knoppix can only read what the hardware tells it to read. Try running Knoppix in VMWare, you'll notice that you can make it believe anything about your computer. Knoppix cannot detect if there is a keylogger installed in the keyboard. It cannot detect if the signals coming from the USB-key are really from the key, or rather from a device in between, reading the key, and generating the proper response while recording everything. The electronics for both of these can easily be hidden, inside a regular-looking keyboard, and a regular-looking usb port.

In short, Knoppix is a good solution for plain vanilla commodity hardware, as long as you know what it is. But if you have some sensitive data that someone wants, perhaps the hotel you're staying in provides some black-market services you're not aware of?

Re:USB would need a security layer.

[Pharmboy]

Again, who is going to install this keylogger? The hotel? The FBI? Some "bad guy/thief"?

I'm pretty sure Holiday Inn won't, and the FBI could get the info using an easier method. I mean, if I'm trying to screw you over and get your data, this would be the most expensive and difficult way to do it.

What am i going to do, install keyloggers on all hotel rooms? Normally, you don't get your room number until you show up, so how can I install it in advance to just screw you over, if I was going after you individually? If I just install it to catch ANYONE, there is a record that I was there, so it could be traced back to me.

Or the maid could install it perhaps? There are much easier ways to rip people off than CREATING this hardware, test it, get the job, find the time to get in and install it, and hope like hell you don't get caught because you have to show your drivers license and social security card to get hired. So whenever they find it out, you WILL be a suspect. It is not that it is impossible, it is just that it is the least likely of the security concerns.

This is a theoretical problem that has no bearing in reality short of the FBI, and if they want your data, they will get your data. Possible, yes, but you and I have a much larger chance of getting hit by lightening, but you aren't fretting about that.

The REAL potential is at the hotel's proxy server / router, where the vendor's IT guy could be recording all nonencrypted traffic, which would include most webmail. This is in software, and would be easier to cover up. Then you have access to the email, and can go from there. This could be secured, but would require users are not dumb. THIS is the main security issue. This is a concern NOW, not in the future, and not theoretical.

Re:Oh?

[timeOday]

How do you know it has no OS?

The point is it shouldn't be too hard to make a machine that can't be modified in software by its users, which you can use to boot up from your own memory device.

Does that mean whoever owns the machine in the cybercafe or hotel couldn't trick you? No. But it means a patron of one of these establishments probably could not, which is good enough.

It's like asking "before entering your PIN, how do you know that's a real ATM?" The answer is, you don't, really, but exploints of this extent are too exotic to worry much about.

Re:Oh?

[jrockway]

In that case, please explain all these SPAMs that say "please give me you paypal password", "please give me your bank password", etc. My data is important simply because some scammer can make money off of it.

Re:vmware with no HD image perhaps?

[DavidTC]

So, you think computers in hotel rooms are just going to have their cabling laying around where people can get to it?

Cause we all know they do that with the phones and TVs.

Oh, wait, no they don't. They build them into things or at the very least have the cables non-detachable.

Gee, if they do that with a 30 dollar phone and a two dollar cable on it, I wonder if they'll do it with a 300 dollar computer and a two dollar cable on it. Not to mention the 15 dollar keyboard and 5 dollar mouse they don't want people making off with.

I'm sure they'll leave all that accessable where we can just unplug it at will, instead of putting in those computer cases that are sold exactly for the purpose of blocking access to the cabling while leaving the front accessable.

Just for laughs, at the next hotel you stay in that has an internet connection, try unplugging the TV. See how far you get. You can unplug them at cheap places that just buy a TV and put it on a table, but those are not the places that will be offering computers.

Re:Even the BIOS is emulated

[_fuzz_]

Because virtual machines still have to boot. Lemme put it this way - reboot and in the BIOS, make sure that flash drives boot before hard drives.
...the BIOS screen you think you see isn't the bare hardware's BIOS screen. It's the virtual machine's.

1. Unplug the computer
2. Plug it back in
3. Be assured that it's not running in VMWare, Xen, etc.

Granted if someone really really wanted to, they could have figured out a way to crack the BIOS or something. But at that point I'd be more concerned about a hardware keylogger or hidden camera.

Re:Oh?

[myov]

One of my clients runs an internet cafe. Partially as a result of the machines constantly failing, I set the machines up so that they refresh each time the machine is rebooted. But, from a security perspective all you need to do is reboot, wait 7 minutes, and you have a clean system. No spyware, no viruses. It's been almost a year and there have been 0 problems since.

The image was made after a clean windows install and uses parted to restore. It's stored on a partition that is hidden by grub at system boot. About the only thing that can be messed up (with a lot of effort) is finding the hidden grub files on the fat partition, and all that means is a manual boot into linux.

Obviously system updates can't be applied so I refresh the image once a month or so.

Re:Oh?

[Molochi]

This just makes the parent's post more insightful. Any unsupervised, publicly accessable computer should be considered comprimised by default. It doesn't matter much if you VPN into your banking sight if some asshat has plugged an undetectable keylogging keyboard into the system [keyghost.com]

Re:Oh?

[Pharmboy]

Your comment made more sense than 90% of the others. This is the point I was trying to make, that while there is always security risks, it would be pretty easy to make the system reasonably secure.

Amazing how security conscience people are on Slashdot, when in reality their wireless hubs are not password protected, their AV is 2 months out of date, and they go to questionable websites regularly, and their pirated copy of XP is out of date, thus more vulnerable.

This could have been a great group of threads about a this very interesting idea of diskless hotel access. Instead it was filled with paranoid wankers who don't have a pot to piss in, and couldn't afford to go to a hotel that would have this system. Most of the security related "concerns" clearly demonstrate that the average slashdot poster is NOT as nerdy as some would believe, worring about the wrong things, and ignorant of the current risks. Totally fucking amazing.

On a more positive note, I finally figured out what the hell your sig means.