Top of the line secure laptop

Sensitive Data Killswitch

The Killswitch is a critical security feature designed to protect your sensitive data. It can be triggered by unauthorized access or manually, erasing data or logging access attempts to ensure your information remains secure.

Why physical security and encryption aren’t enough

The Killswitch is essential alongside physical security. If your laptop falls out of your possession or you’re forced to provide access, it ensures sensitive data is erased or protected, maintaining your privacy and security.

What is a “Killswitch?”

The Killswitch operates through a decoy OS equipped with trip wires and fake honeypot files. These entice adversaries to investigate, triggering the Killswitch. When activated, it quietly erases your sensitive data without notifying the user, ensuring your information remains protected.

The Killswitch can also be configured to record and document access attempts, providing a less destructive option. This setup allows you to monitor for unauthorized activity without immediately erasing data, ensuring you have detailed logs of any suspicious behavior for further analysis.

Note: The Killswitch is currently disabled within the secure OS because Qubes is designed to be secure and robust, making data wipes difficult by design. This situation can provide a false sense of security, as the Killswitch could be easily circumvented without proper implementation.

How the Killswitch works

The Killswitch is set up within the secure OS and then installed on the decoy OS. It operates as a disguised process, making it difficult to detect. This configuration ensures that the Killswitch remains hidden, ready to activate and protect your sensitive data.

  • The laptop will boot into the Decoy OS by default, with no password needed.
  • You need to press a specific key during boot to access the secure drive and OS, which is encrypted with full disk security and a password. 
  • The Honeypots and triggers exist in the decoy OS and will be easy for an adversary to find.
  • When accessed it will (quietly) erase the secure drive, reformat it as a “backup” drive, and then copy over your user files as backups. 
  • Can also be set as non-destructive and simply log access attempts with photos from the laptop camera.

Runs in the Decoy OS

We use Linux Mint as the decoy OS because it is very similar to Windows, allowing even non-technical adversaries to navigate it easily. This familiar interface increases the likelihood that an intruder will engage with the decoy, triggering the Killswitch if necessary.

Linux Mint can be set up with virtually any type of configuration to mirror your real-life usage. It supports a huge variety of applications that work right out of the box with no configuration needed, making it an ideal choice for creating convincing decoy environments that effectively protect your sensitive data.

Configure and set your own Honeypots and tripwires

The Killswitch is fully customizable. You can set it to monitor specific files or directories, watch particular logs, or trigger on certain commands. This flexibility allows you to tailor the Killswitch to your unique security needs and preferences.

You can also configure the action it takes when triggered. Options include wiping the data (Kill), recording access attempts (Log), or simply notifying users they shouldn’t be trying to access that (Warn). This versatility ensures the Killswitch can provide the exact level of protection and response you require.

Don’t forget to Smile!

When triggered, the Killswitch will take a photo using the laptop’s webcam and log each attempt. This feature allows you to see exactly who triggered it and when, providing valuable information for security analysis and potential follow-up actions.

Fully Auditable Logs

The Killswitch generates auditable logs that record every access attempt. These logs are meticulously detailed, capturing all relevant information to ensure you have a comprehensive record of any unauthorized activities.

Designed to be legally robust, these logs can “prove” access attempts if documentation is needed for legal issues or court cases. This feature provides an added layer of security and accountability, ensuring you have concrete evidence to support your claims in any legal proceedings.