Comments

Clive Robinson December 10, 2008 7:40 AM

The “think Geek” artical picks up it’s bigest weakness if you use it in public people are going to know and then the jig is up…

It would be better to have a compleat working cable with it hidden in (with an appropriate electronic switch) so you can then plug it into something (anything) and then abcentmidedly pull it out to make the hidden memory work.

Plausable deniability trumps security by obscurity any day especially when the obscurity is as obviouse as a “propeller hat”.

Joe December 10, 2008 7:43 AM

@Clive:

Thinkgeek is an online store. It’s not an article about an item, it’s an ad for a product.

Steve December 10, 2008 7:44 AM

It works better if you have the USB device that you cut the cable from, otherwise The Man may wonder why you kept the plug. Even better, hide the chip inside your working mouse, and configure your system not to automount USB storage devices.

Clive Robinson December 10, 2008 7:57 AM

Further to my above.

And for those not yet up on it for forensic purposes (I’ve not seen it mentioned in general forensic info so far)

I forgot to mention you can buy a USB(3) dongle that has (semi) hidden memory in it.

If you get one of those snazzy new(ish) broadband Internet dongles (that use mobile phone bands) when pluged in the initialy look like an external CD ROM that autoruns.

This enables a program to check the correct network drivers etc are installed befor issuing an “unmount” where upon the dongle comes back with a different ID that is known to the drivers.

Now if you have a nefarious mind like mine you will realise the nasty nasty potential of such a device to screw up any forensic examination carried out by the unwary (which appears to be most flat foots that have done the encase course).

Ho Ho Ho and a merry infection by the sClaws (TM 😉 forensic station muncher to you…

Walt December 10, 2008 8:00 AM

What I’d really like to see is a USB flash drive that wasn’t frayed at the other end, but looked like a full cable—perhaps a fake mini-USB connector at the other end. That would be much more likely to go unnoticed!

Patrick Henry December 10, 2008 8:05 AM

Nothing says BOMB to the TSA & SHEEPLE like EXPOSED WIRING. They have half a good idea here.

Tim December 10, 2008 8:14 AM

I had a similar first reaction to Walt – I think that’s an awesome idea, and that security by obscurity certainly has its place for home users (where do you store YOUR backup keys?), but that exact device looks like something someone’d chuck out because it looks like complete garbage.

I like the idea of making it look like a proper mini-USB cable, but I’d go a step further – don’t fake it, make it so it IS a perfectly functional mini-USB cable, and have the flash drive part stealthed, and only enabled in the same way you’d enable log recall on this old physical keylogger: http://www.dansdata.com/keyghost.htm

To anyone else, it’d be the sync-and-charge cable to your phone, but tap out a special key combo and it re-detects as a flash drive.

Nick Lancaster December 10, 2008 8:31 AM

A better design would be a USB drive where the ‘drive’ is contained in the cable, as with this product, but there’s a complete cable and a fake ‘drive’ (or even one with lesser capacity that can be kept blank).

So unless you use the right cable – one of several in your bag, you won’t see the hidden drive.

A Telco Security Dweeb December 10, 2008 9:05 AM

Nice idea, except, by now, Homeland Security, the INS, the CIA, the FBI, the NSA, the local cops and the NYC Police Department all know about it, and the “frayed USB cable” will be the first thing that they look for.

You want security by obscurity for removable storage? Try this one: TrueCrypt volume (file attributes marked as “hidden”) on SD chip, which also has all sorts of (innocent!) pictures of your kid’s recent 7th birthday party and your trip to Florida… and the chip is snugly plugged in to your digital camera, with lots of space left for more pictures. Cops show up, give you a good beating as a “suspected perp”, seize everything. Finally they examine the camera and proudly say “we’ve got the goods on you, Achmed!”

To which you reply, “Hmm, officer, you know, I knew there was something wrong with that chip — I thought it was a 2 gigabyte one, but you know what? I was never able to store more than 1 gig worth of pictures on it, before it got full! Imagine, somebody at the factory must have put that, uhh, what did you call it, ‘hidden’ file on it! I guess you just don’t get what you pay for, anymore, do you, sir?”

😉

Clive Robinson December 10, 2008 9:15 AM

@ Joe,

“Thinkgeek is an online store. It’s not an article about an item, it’s an ad for a product.”

The blurb artical/add/whatever picks up o using the device in a public place and people would see it and thinc you were a lunatic.

Which was my point, you cannot use it in public it would be a “WTF’s he doing” moment for just about anybody watching. And would produce a simmilar result if you pulled a tin foil hat out of your pocket and put it on…

Which is why I said it needs to be a compleat working cable that works just like an ordinary cable, except when there is not a USB device on the end in which case the electronic switch detects this and turns it on.

@Tim’s idea takes it a bit further and adds a layer of sensable security.

If taken to this stage the only real way to spot it (if you even suspect it) is with test instruments.

I think the idea has potential, especially if you also make it U3 such that pluging it into a machine it check the PC and if it does not have a file in the right place it loads in a virus or other bit of malware whilst also possibly deleting it’s own contents. That way any forensic exam carried out without using sensible safe guards is not going to be of any use, especialy in court…

vedaal December 10, 2008 9:15 AM

a more ‘obscure’ usb idea,
would be to use the usb 2 gig memory of the mobile phone or digital camera,
and keep whatever private data there in a truecrypt volume, and name the volume
something like ‘gps.dat’ on the phone, or ‘albummaker’ on the camera

the truecrypt volume is not accessible,
and may not even be visible when checking the unplugged phone or camera

pixel December 10, 2008 9:37 AM

I’m curious why you are criticizing this so much? This was not meant as a security device, it’s a gimmick. The WTF reaction is the point behind this, and many of the other things that thinkgeek sell

Anonymous December 10, 2008 10:27 AM

Why not make the memory part look like a mouse?
If your stuff is gone through and there is a laptop and a USB mouse, who would look twice at the mouse?

Petréa Mitchell December 10, 2008 11:03 AM

My immediate reaction was the same as Mr. Henry’s. What you really want to keep the TSA screeners or ordinary thieves out of your data is to be able to hide it in something really icky and personal, like an earwax removal kit, tampons, suppositories…

chipgeek December 10, 2008 11:26 AM

The current issue of Make: magazine (http://makezine.com/16/) highlights some DIY “spy tech.” One article illustrates the construction of a USB stick inside a AA battery. If you’re clever with the re-labeling, it should stand up to light scrutiny.

Dave December 10, 2008 1:02 PM

The Thinkgeek description says that its promotes a false image of being a crazy person.

If you jumper the frayed end to a banana or some other random unlikely object, it would help promote that image. It also gives you an opportunity to spin a fun techno-babble story to tell if asked about.

“It’s a wireless quantum networking adapter. I have another, exactly identical, banana that is connected to my home pc and is thus linked at the quantum (sub-molecular) level with this one. So currents induced into this banana are instantaniously reflected in the “spin” of the quantum state of the other. I can get up to 384kb/sec data throughput this way…”

Clive Robinson December 10, 2008 1:08 PM

@ Petréa Mitchell,

“… is to be able to hide it in something really icky and personal, like an earwax removal kit, tampons, suppositories…”

Make sure you do not get the items confused, otherwise it will bring tears to your eyes…

Clive Robinson December 10, 2008 3:39 PM

@ Moderator / Bruce,

You appear to have problems with your site.

The “Audit” page from the blog main page appears to go to a blank page.

Regards,

    Clive.

bob!! December 10, 2008 4:42 PM

Davi wrote: “Who carries a frayed cable around?”

Nobody does – but I’m sure there are geeks who have them in their stash of cables. This would be decent security through obscurity for someone with a bin full of tech junk next to the workbench that their laptop normally sits on.

The thing to do with this would be to put the end of another USB cable on this one, so that it looks like a short USB cable (and the other one looks like the “frayed cable USB drive”).

Mac December 10, 2008 5:24 PM

MicroSD cards are 15x11x1 mm and available in capacities up to 16GB. To be effective, the customs procedures must be able to find an object which weights 0.5 gramms and can be hidden in any cavity small enough to give space to a fingernail. How is this going to happen?

Moz December 10, 2008 8:52 PM

The Lego brick USB drives looked like a great idea until I saw one and it’s not Lego-compatible. But for hiding the Lego works pretty well, just build the USB key into something. Except…

I’d go with the mini USB cable as something that is useful and reasonable to carry.

Clive Robinson December 10, 2008 9:39 PM

@ Laurie Mann,

“make it looks like a typical working device”

No, as I noted right at the top of the blog (3rd post @7:40AM),

“It would be better to have a compleat working cable with it hidden in (with an appropriate electronic switch)”

What Walt said (7th post @8:00AM),

“perhaps a fake mini-USB connector at the other end. That would be much more likely to go unnoticed!”

Is untrue, a fake cable even with two ends on is not going to go unnoticed. If somebody borows your “fake cable” then they are going to say

“Hey Laurie, your USB cables broken!”

What Tim added (9th post 8:14AM),

“…and only enabled in the same way you’d enable log recall on this old physical keylogger”

Is a sensible further security measure.

So to re-cap,

1, The USB cable has to be fully functional.

2, The memory has to be off when the cable is used with a USB device (via electronic switch).

3, The memory must be stealthy and only reveal it’s self after a ‘magic number’ has been sent to it.

And I would further add,

4, The ‘magic number’ should, change each time (ie like RSA OTP Key) to prevent an attacker using a replay attack to open it up.

At which point hopefully the only way it will be detected (when the memory is not in use) is as I noted (14th post @9:15AM),

“If taken to this stage the only real way to spot it (if you even suspect it) is with test instruments.”

So as as an extra precaution use “A Telco Security Dweeb”‘s TrueCrypt idea (13th post @ 9:05 AM).

And if you want to be that little bit extra (nasty/) safe also include my “infection by the sClaws (TM 😉 forensic station muncher” virus” idea (6th post @ 7:57AM).

As we used to say years ago in the UK “Now we’re cooking on gas!” or as they said on the A Team “Now that’s a plan” (yup I’m that old).

webbnh December 10, 2008 11:46 PM

@Clive Robinson

The one-plus that I came up with is, rather than having the drive activate on receipt of a magic number, have it appear only when both ends of the cable are plugged into the same USB bus. That’s pretty unlikely to be picked up either by test equipment or by accident, but it’s pretty easy for any user with more than one USB port available on his machine (usually there’s at least two, and usually they are on the same bus).

Roger December 11, 2008 1:12 AM

@Mac:
” To be effective, the customs procedures must be able to find an object which weights 0.5 gramms and can be hidden in any cavity small enough to give space to a fingernail. How is this going to happen?”

At present, it isn’t going to happen, because customs agencies protecting the borders of advanced nations have little to no interest in checking the flow of data storage devices. However if they did become interested, they would probably use a non-linear junction detector. This is a device which detects concealed, microscopic eavesdropping devices (i.e. “bugs”), even when shut down, through the property that NLJs generate harmonics of a radiating field. It should work just as well on solid state memory chips.

Tim December 11, 2008 1:29 AM

@webbnh:

That’s a pretty cool idea in principle, but there’s a problem – both ends would have to end in normal USB “A” plugs to plug back into the same bus.

Such cables do exist – various cheaply-manufactured devices do use them, an example of which being the mouse input for a friend’s little LCD touchscreen – but you’d have to own such a device to have a plausible reason for owning such a cable. Suspicious.

The alternative would be a plug adapter that went from B (or mini or whatever) to A. Probably less rare, but again you’d have to come up with a pretty specific reason to own such a thing.

Maybe it’d be better to do it with a Firewire cable instead of USB; they use the same plugs on both ends, unless they’re adapting between 6-pin and 4-pin, and it’s hard to buy a new PC these days that doesn’t have at least one Firewire port (and expansion cards are cheap!).

Clive Robinson December 11, 2008 3:08 AM

@ Roger,

“… that NLJs generate harmonics of a radiating field. It should work just as well on solid state memory chips.”

Probably not for most NLJ’s, they tend to radiate between 500-900MHz, and need a suitable size conducter (>1/16lambda) to realy work.

Also if your memory device is USB1 (yes I know hills are younger) then small SMD caps across apropriate pins will stop an NLJ dead.

Further with something the size of my little finger nail hidding it in a stick of chewing gum with it’s tin foil wrapper and metalised plastic outer wrapper is not going to be beyond the abilities of a “Bank or Motor Company” executive…

Then there are semiconductors configs for which NLJ’s don’t work to well if the circuit is configured correctly (think FET channel and gate with lowpass on it.

billswift December 11, 2008 7:07 AM

“The alternative would be a plug adapter that went from B (or mini or whatever) to A. Probably less rare, but again you’d have to come up with a pretty specific reason to own such a thing.”

Not really, they have sets of every imaginable combination of adapters at Walmart for people who travel with their computers.

bob December 11, 2008 7:18 AM

When I travel I take my laptop and my digital camera. The camera uses a USB “A” to mini “B” connector cable. That would be my form factor of choice for a “hidden” USB drive. Furthermore I usually store them right next to each other, so (the human operating) either X-ray or NLJ device detector would (hopefully) be plausibly detracted from suspecting the cable because of the digicam right under it.

@Moz: Why would they make a “Lego” anything that was not Lego compatible (probable answer – licensing fees)? I am still annoyed that they made it so hard to mount Mindstorms NXT items on “real” Lego platforms.

On the other hand the Lego “terrorist” minifig was hilarious. On the gripping hand you would probably be arrested trying to take one on an airliner.

Clive Robinson December 11, 2008 7:50 AM

@ Roger,

“… that NLJs generate harmonics of a radiating field. It should work just as well on solid state memory chips.”

Probably not for most NLJ’s, they tend to radiate between 500-900MHz, and need a suitable size conducter (>1/16lambda) to realy work.

Also if your memory device is USB1 (yes I know hills are younger) then small SMD caps across apropriate pins will stop an NLJ dead.

Further with something the size of my little finger nail hidding it in a stick of chewing gum with it’s tin foil wrapper and metalised plastic outer wrapper is not going to be beyond the abilities of a “Bank or Motor Company” executive…

Then there are semiconductors configs for which NLJ’s don’t work to well if the circuit is configured correctly (think FET channel and gate with lowpass on it.

Terry Karney December 11, 2008 8:24 PM

I have a USB, “extension cable”. I also have a dual A->mini B cable for powering an Iomega remote drive (much handier than havving to lug a power cord and brick).

The cable is designed provide more power, if the bus isn’t strong enough to spin the thing on just one. I’ve used it to connect my camera (on just one connection).

If I was going to have this thing, that’s the way I’d do it. Plug it into the drive/camera, and it closes off the mounting of the hidden drive.

Then I’d use truecrypt, and if I were really worried I’d use the two-tiered option. With the Iomege drive I’ve even got something to show them if they are curious about information (I use it for keeping photos; as a photographer I have lots of images on it; right now it’s got about 100 gigs of raw files, and a few gig of .tif. It’s hard to have too much backup of one’s livelihood).

If I were more worried I’d truecrypt it. If I were really worried, I’d use the buried function. As it is a password is enough.

Michael Seese December 12, 2008 5:04 PM

To add on to an idea already stated, there is some security through obscurity value. It’s just that the person who wrote the ad doesn’t have a clue. “Immediately, your potential miscreant raises an eyebrow.” You don’t want your thief raising an eyebrow, because then he WILL want to know what it is. So you probably don’t want something that looks out of the ordinary. Besides, when PCing in a coffeeshop, a grab-and-dash on my USB stick is the last thing on my mind. But someone going through my desk or laptop case would see it and think, “junk.” Unless he had seen the ad, of course.

Anonymous December 14, 2008 12:06 AM

Um… surely the device is a (deliberate) joke. Not a serious security suggestion. The sort of thing you may buy a geek friend for her birthday.

Some of the comments look like the author gets this … others I have to wonder…

Look at the other ones suggested on the same page.

  • PC Diagnostic Dice
  • Broken Image necklace

The spy coins look keen…

Another suggestion would be to turn your eyelids inside out and chew soap flakes … then you will look like a rabid nutter … and then who will bother you? 😀

Andrew December 18, 2008 12:50 AM

On the idea of having a USB cable that actually works, but becomes a drive magically: accepting a magic number that is typed in seems like it would require some sort of device driver, and also some nontrivial programmable logic.

A simpler idea would be to give it a mechanical switch, perhaps a magnetic switch. So the cable functions like a normal USB to micro-B (or whatever) cable, but, if you (1) plug the USB plug to your computer (easy to sense power from this), and (2) wave the micro-B (or whatever) head near the USB plug (activating a magnetic switch), suddenly the drive turns on and is recognized.

If you still want password type protection, you could put a Truecrypt volume on the drive.

Josh January 14, 2009 9:49 AM

What I am looking for is not something disguised, but something super small. Maybe something that sticks out a 1/4 of an inch from the USB drive. This is not for stealth as just for something that is tiny and not seen. Any ideas?

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.