Flash Drive Anti-Theft

I'm pretty sure notebooks (Prey, LAlarm, etc.) and smartphones (AV, manufacturer, SIM, Anti Theft Alarm, etc,) are well covered in this area.

The problem is what to do with a lost or stolen flash drive.

The simplest way is a readme.txt with contact information at the root of the drive.

I want something better. What I'm thinking is an autorun 'readme.bat' that not only displays my contact information, but uploads ipconfig, msinfo32, etc. data to a server of my choice.

The problem is how to do it. Can anyone provide a working example?

Encryption and data wiping are separate topics that aren't the focus here.

 

Food for thought if I may... Unlike in the notebook and smartphone scenarios, in this type of scenario the computing device proper is not yours. Your objective is to take TBD information off of someone else's computer and you don't know if that person is the thief, an innocent friend of the thief, the owner of some public use computer system, a law enforcement official using their equipment, a foolish innocent at a firm that deals with sensitive information, or some other innocent individual that is looking for a If_found_return_to.txt file so that they can contact you and give it back. It is of course not guaranteed that your program will be run to begin with or that its running will provide you with useful information.

 

Data is collected all the time once you go online, attend most social events, live in a freaking country, etc. What it's used for is the only issue. Plus, the flash drive isn't their's and probably shouldn't be connected to their computer in the first place.

 

The only way for any method of anti-theft on an usb device to truly be effective will need to be implemented at the hardware level. Any software modifications can easily be detected/removed/negated.

I do feel the ".bat file" method is not the way to achieve your goals, both ethically, and technically. There is a very high probability it would not work either way as you are making blanket assumptions about who has your device and the environment they will plug it into and their permission level in that environment. To explore this avenue any further delves into black hat territory and I will not divulge that information here.

If data stored on the drive is critical and you do want state of the art. Invest in hardware solutions such as the Imation Defender F200. (note this is just ment to be a starting point in your search.) These type of devices come with security in mind and offer you more anti-theft avenues to explore.

If the data stored on the drive is critical and you do not want to spend any money, encrypt it with open source solutions such as Truecrypt and make back-ups. Assume any data on the drive will not be recovered if the device is lost. Leave a text file if you wish with a means on contact in an unallocated unencrypted portion of the drive. You can perhaps just list instructions to send an email to a throw away email address alias you have linked to your main account.

 

I know that, but the hardware isn't always available.

Ethics are subjective, the data collected relatively public (look at what websites, governments, etc. have on you), and technically it reads fine with limited rights.

It doesn't look like the security features will help with the recovery of that drive.

That's not what I'm looking for, I just want my flash drive back.

 

Let's completely ignore the legality of what you're suggesting for a minute.

1. Plan for disaster. i.e. have a copy of the data if it's that important. There is no excuse for having no backup. That would totally be your fault, 100%.
2. Encrypt the pen drive. That's precisely what encryption is for- to protect it if it lands in the wrong hands.
3. Why the heck do you have such valuable info on a pen drive anyway? How about you use that server to store these important files instead of some theif's IP address?

Reality scenarios: Let's pretend I steal your flash drive. You have managed to create a .bat file that would autostart upon plugin. I plug it into my Mac or my Linux machine. Your .bat file gets ignored. FAIL. If I plug it into my Windows box, then your .bat file won't run because I disabled autoplay for all usb devices. FAIL. Or let's say you do manage to get the information you want off my computer. Meanwhile I wiped the flash drive and am now using it to store my personal porn. Turns out my IP address is a Tor exit node. FAIL. Or, maybe I'm not even connected to the internet when I plug in the pen drive and wipe it. FAIL.

So.
Much.
Fail.

 

Tell me what legal issues I'll face, cause that's the only valid point your brought up.

1. Data and the flash drive itself are completely different things.
2. Read the last sentence of my first post.
3. Another assumption, and failure to read.

Cross-platform issues aren't a big deal with Windows dominating most PC's (and I could try ifconfig, etc.) As for your Windows box, the file itself can be opened manually simply with an intriguing file name (plus most people don't disable AutoRun). Before wiping that drive, you need to connect it. Who the hell uses Tor, and I can still gather system info. Have you forgotten my contact information already?

I won't even comment on the worthless insults.

 

I was pointing out the obsacles you'll encounter with a .bat file. I don't know why you find the obstacles insulting.

Legality:
If you create something that will "call home" without the user's knowledge, you have created malware. Malware is illegal. If you are obtaining private information about the user without their knowledge, that is illegal. It's irrelevant that someone obtained your pen drive illegally in the first place. It is not legal to respond to a crime with another crime. Security professionals cannot respond to a hacker by hacking him back- that is illegal. It's not fair but it's the law.

What you want is something akin to a remote wiper for an Ipod. No idea if it exists for a device that doesn't have an internal power source. You'll have to hit the googles to see if something like that exists.

So you find the flash drive itself more valuable than the data on it. Herein lies the problem. Flash drives are not that expensive. A 16GB pen drive costs around $30. The cost of the solutions you are proposing exceed the value of the flash drive: You'd have to set up a server somewhere to send the data- if you don't already have a server or don't know how to set one up then there's a huge learning curve to set one up securely (hence expensive in time). Alternatively you could spin up a server in the Amazon cloud with significantly less knowledge. If you don't use it for much else then it might be free, but again it will be expensive in time. Servers get owned if you don't secure them properly, even in the cloud. Plus if you're going to all that trouble you may as well just put your data on the server so you can ssh to it whenever you want instead of using the pen drive at all.

There's also physical security: if you control physical possesion of the flash drive then it's less likely to be stolen. Wear it around your neck when you need it with you, lock it up in a cabinet when you don't.

The reason I bring up the data is because in 99% of the cases that's what valuable, not the pen drive.

 

The obstacles aren't the issue, although I already know of them. My fourth paragraph obviously responds to your 4th (So.Much.Fail.)

Anyways, I see your call home argument. I wonder if there's any issue if the AutoRun is directed to my website, which gives me visitor IP.

I don't think a remote wiper is what I'm looking for.

Valid point, but aren't there plenty of free web hosting? Of course important data that needs to be backed up remotely won't be on a unencrypted flash drive.

I will do so, along with a Readme.txt.

I know, but valuable data doesn't stay on flash drives for me.

 

It's the .bat file that was failing in all those instances, not you personally as an individual.

If it forces a process on a remote computer without the user's consent or knowledge, then it's illegal.

 

You can rename your flash drive to an email address, it is sure hard to overlook that, unlike readme file, which noone reads these days.

 

Interesting idea, I may do that.