What are the potential risks of leaving a device in public, but locked?

Everything

I reference the 10 immutable laws of security, especially #3:

If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore

Of course a computer sitting unattended at a coffee shop for 5 minutes isn't going to be as vulnerable as a computer that spends a year at NSA headquarters, but you would be surprised how quickly someone with physical access can cause trouble.

This is a bit broad and I'd like to avoid a book for an answer, so I'm going to just focus on one class of attacks that most consumer laptops are vulnerable to: USB-based attacks. USB is fun because a USB port can be used for almost anything. This has lead to the classic form of an evil maid attack, whereby an attacker simply plugs a device into your USB port that promptly owns your computer. This can take a number forms, but I'll list just a few:

  1. The USB device pretends to be a keyboard and attempts to inject commands into your machine (possibly starting with a bruteforce of your lock screen)
  2. The USB device pretends to be a high-priority network adapter, injecting long-living DNS rules into your networking setup, effectively implementing a permanent MitM attack on target websites for your machine (because of how network devices work this is typically possible even for locked computers)
  3. The USB device charges a bank of capacitors from your power supply and then sends a high voltage charge back, instantly frying your entire laptop.

Here is a longer list, but since this is an entire class of attacks options will change and google is your best bet here. Many of these attacks require a device to be plugged in for just seconds. They can leave your computer completely compromised or just plain dead (aka the most effective DoS). Is this likely? Probably not. Is it possible though? Absolutely, with little effort, so long as someone is walking around with a device in their pocket.


The two answers so far have focused on inserting a USB device in the laptop. I'd be more concerned about inserting a PCI(e), firewire, or similar device with direct bus access into an expansion slot of the laptop. While USB doesn't have direct access to memory, various expansion cards do and can read/write directly to memory without going through the CPU. More information available from Wikipedia

That means it's possible for someone to read and write the entire contents of your memory directly by inserting a rogue expansion card in your computer.

I'll add that this is relatively unlikely, unless you're being targeted by an intelligence agency, or maybe highly organized criminals going after you personally. I don't know that a piece of hardware like this is commercially available.


Most laptops have provision for booting from an USB disk. If this is not blocked at BIOS level, an attacker could boot on their system disk, and then mount your physical disks and do whatever they want (read/write). This a the standard way to (re-)install a system.

Tags:

Physical Access

Device Locking

Related

For SameSite cookie with subdomains what are considered the same site? How are full URLs exposed when they are encrypted by HTTPS? What use would a privacy browser, such as Firefox Focus for iPhone, have for an internal web server? Why can hardware assisted virtualization be a security issue? How to deal with a company that doesn't fix (potential) security vulnerabilities in their web app? What is the impact of leaked recaptcha secret key? How can I find a SHA-256 hash with a given suffix using hashcat? How are short passwords not safe if you limit the number of attempts? Why is the OS obfuscation defense against "It's a Unix system!" not widely implemented? Security implication if android app can be installed on emulator Would first encrypting a password make slow hashing algorithms unnecessary? Secure Implementation of Password Database

Recent Posts