For the last two years I've carried a honeypot laptop with me every time I traveled. I checked it in my luggage, left it unattended in my hotel rooms. After each trip, I did forensic analysis on the laptop to detect if it had been tampered with.
I wrote about my experience and methodology here: https://theintercept.com/2018/04/28/computer-malware-tampering/
I installed Debian on the laptop. Before each trip, I removed the hard disk and took checksums of the partitions and the disk header. I also dumped the BIOS firmware. After each trip, I did the same, and compared to see if they matched.
I learned a lot about hardware hacking and got to use free software BIOS tools like chipsec, EUFITool, and flashrom.
It was a lot of fun! I go into much more technical detail in the article.
@micahflee That's awesome!
@micahflee The simple reality is that most people who think they're a target simply aren't.
@micahflee love those stickers :-)
@micahflee well you did have the EFF "I do not consent to the search of this device" sticker on it so I guess that spooked them ;)
@tomas @micahflee to shoot the evil maid?
@tomas that's a strange rule, any idea why is it so? Would they hurt themselves with the gun
@micahflee @qbi very interesting read, thank you. the android tool "haven" will likely be illegal in germany, though.
@jotbe @micahflee Why do you think it will be illegal?
@qbi @jotbe @micahflee here is an article by the lawyer of german publisher heise about "haven": https://www.heise.de/ct/artikel/Snowden-App-Haven-Einsatz-kaum-mit-deutschem-Recht-vereinbar-3948210.html (de) - concluding that it will likely be illegal to covertly record voice audio of someone, privacy laws set high bars and in general prohibit video surveillance in non-public places without any visible notification that this happens. not sure whether it would be ok with a visible sign denoting "video surveillance in progress".
@jotbe @micahflee Thanks.
@micahflee my infosec strategy: use a computer so idiosyncratic and jury-rigged that replacing parts, modifying the bootloader, etc., will probably result in the computer not working any more
@nev sounds like a solid, reliable strategy
I hoped that, if an evil maid attacker tried tampering with my laptop, I would not only discover the attack, but learn how it works, and possible who was behind it. Unfortunately (fortunately?), I didn't discover any evil maids.