I’m not paranoid, a secure lifestyle: Part 2

Okay, it’s been a year since I promised a follow-up to Part 1 where I introduced the Chromebook and some of the security advantages it offers.

With the current political climate, border agents unlocking devices of many if not all international travelers, further awareness of domestic spying, and more obvious foreign influence and spy access, users are increasingly looking for secure computing options.

With computer hardware, it’s often said that once you have physical access, it’s game-over. When the government asks that you physically hand them a device, what are you supposed to do? Well, lets explore!

In this second article, I’d like to dive a bit deeper into the threats you’re protecting yourself against by using a Chromebook.

… a Quick Refresher

The most secure laptop, hands-down is the Chromebook running ChromeOS, without Crouton. I cover some of the practicalities of why these machines are more secure in my first article, but it comes down to:

• Physically secure against intrusion
• Securely, automatically, and frequently receiving security updates
• Inexpensive, thus disposable
• Automatic & near-instant backup & restore

Traveling across borders

Assessing the threat:

Since Trump has taken office, Customs and Border Protection (CBP) has begun requesting phones be unlocked, and I presume many also have their laptops unlocked and accessed. They connect devices to USB and Lightning ports, which is presumed to exfiltrate data. We are increasingly seeing this happen in other countries as well, especially China.

The major risks from this access are Data Leaks to the government & hackers and Persistent Threats: malware or rootkits installed to device. The Chromebook is similar in many ways to the iPhone which the FBI notoriously was unable to unlock and retrieve encrypted data from, thus provides mechanisms to protect against these threats.

Data Leaks: Data is encrypted on the Chromebook and easily removed from the login screen by simply removing the user. When deleting the user, the data does technically persistent in an encrypted state, but is likely sufficiently, “gone”.

Rootkits: Chromebooks utilize SecureBoot to an unparalleled degree for consumer devices, outside of phones. To install a modified OS, either the user would have to disable SecureBoot in the settings, or the attacker would have to have a custom signed ChromeOS image using Google’s signing key.

Malware: This is the biggest threat on a Chromebook. Extensions to Chrome itself can easily and silently exfiltrate data and usage patterns from a device. These are easily installed and mostly invisible to the user. They are linked to the user’s Chrome profile, which may be synchronized across Chromebooks and even to MacOS, Windows, and Linux desktops. This threat is easily avoided by not installing extensions, and not giving access to your Google account to CBP or other attackers.

Best Practices

Using a Chromebook, the following practices will help keep your data and device secure against physical attackers that demand login and unlocking of your device.

• Use a dedicated Owner Account per physical Chromebook. This is the first account you login with to the Chromebook after unboxing or performing a factory reset. Do not use this account for browsing, running apps, etc. Do not reuse this account if activating a new Chromebook. Don’t know the password; put it in a safe, throw it away, whatever.
• Have a separate Google account, which will be non-admin on the machine, for browsing and running apps. Remove this user when in transit.
• Remove all other accounts from your login screen (click the down-arrow and “remove”) except any dedicated Google account(s) that you might have created for the purpose of giving access to “hostile users”.
• Enable Restrict Sign-in to list of users, preventing an intruder from using their own Google accounts. Ideally, list your dedicated “hostile” account an account, plus an account you would like to give administrative access to.
• Login using your “hostile” Google account, or better yet, using Guest Access if you feel comfortable in doing so.
• If you are forced to login to your normal Google account, look through your Chrome extensions and remove them all. Reinstall from the Chrome Web Store, if necessary. Malicious extensions could be installed using safe-looking names and attackers are not afraid of violating Trademarks, so be suspicious of WebEx, Adobe, and other extensions which may actually be inconspicuously named malware installed by an attacker. Find your extensions at chrome://extensions/
• If they make you login with your “Owner Account”, throw away the machine.

Super-Extra Paranoid Practices

These practices are fairly impractical, but for those whose threat model and paranoia are extreme enough, you can do these for extra comfort:

• Follow all of these practices when traveling anywhere, ever, by any means. CBP can demand you unlock your devices on trains and buses, even if you’re more likely to run across them at an airport. In theory, they might even be able to do this anywhere within 200 miles of any border, which is basically anywhere on the East or West coast of the USA.
• Treat Chromebooks as “burner” laptops. Buy a new low-end machine and burn any machine that is touched by a government official. Backup & restore is simple, so it’s not a big deal, other than the $100–300 price tag. Don’t travel with the expensive Chromebooks, unless you’re willing to lose it, or less paranoid.
• Only ever use Guest Mode, do not ever login to Google Accounts.
• Disable all USB ports and do not use any Chromebook with USB-C (as it would be impossible to disable USB without disabling charging).

Getting Home

Re-add the user(s), login, and let your device sync and restore from backup. This will take a couple minutes, but probably not much longer than Microsoft Windows would boot.