BusKill - Introduction

You're a security enthusiast who is enthusiastic about security. Under extreme stress or duress: How fast could you lock your device? How fast could you power down your machine? How fast could you shred your LUKS headers and make your system unrecoverable? Thanks to BusKill the  answer to all those is just one tug away...

What is BusKill?

We could just ask the creator:

BusKill Demos (Windows, MacOS, Linux, TAILS, QubesOS) - BusKill
Video demo of the BusKill laptop kill cord running on Windows, MacOS, Linux, TAILS, and QubesOS.

BusKill is part hardware and part software. Working together they allow a user to quickly secure (or even destroy) their system. The hardware component is essentially a USB extension cable that plugs in to a USB-A port on your device and receives a USB-A drive on the other end. The cable has a magnetic break that will separate if you tug hard enough (or if your laptop is separated from you but the cable is attached to you).

Software monitoring that USB connection will kick in to action if the connection is severed and carry out whatever behavior you have set it  up to do.

Why use BusKill?

The beauty of BusKill is that it has taken a task that used to require some fine motor skills and reduced it down to either gross motor skills or no user interaction whatsoever.

Here are some examples where either stress or circumstances beyond your control would make securing your system either difficult or impossible:

  • In public, someone physically grabs your open laptop off the table and runs away
  • Sitting at a public library, administering the Silk Road, you're grabbed from behind by  law enforcement agents before you can close your laptop
  • At home, you hear pounding on your door and under increased stress can't get the key strokes right to detonate the wiper script you felt so leet for having

Point being, yanking on a cable is going to be a more certain way to secure your machine than what you currently had in mind.

But how is it actually working?

As I mentioned above, it's a combination of hardware and software. You can purchase the magnetic breakaway cable at

https://www.buskill.in/store/

And download the accompanying software at

https://github.com/buskill/buskill-app

The software works on Windows, Mac OS and Linux and comes in both a GUI and a CLI client. When armed, the GUI will lock your computer screen upon removal of a USB. With the CLI you can also set the app to restart or turn off your machine entirely.

Some things worth calling out:

  • Whatever USB you plug in to the breakaway cable is still usable as a USB. You can use literally any USB.
  • You don't necessarily have to buy a cable to use the software. The client software is monitoring for any USB removal, not just the specific BusKill cable.
  • If  you're using the software you should buy a cable. Even if you don't plan to use it. It's a great way to support the hard work that's gone in to this project.  

Cool Story. What next?

With all of that in mind we can do some very interesting things with the BusKill methodology and any Linux system. In Linux, you can listen for any number of udev events and have scripts that run based on those events. In the next post I'll walk you through how I'm leveraging that methodology to harden my Qubes OS machines...

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.