I wonder what will happen if my computer got stolen.
Can a hacker gain access to the files on my computer?
I have Ubuntu 14.04 and have not installed any security programs - should I do something to protect myself against this?
Asked
Active
Viewed 3,415 times
5
-
17Even a lame hacker can get access to your files. Use full-disk encryption. – muru Dec 23 '15 at 19:35
-
5I thought this was a request to someone to try to hack you. But then i realized it's an actual question. – Star OS Dec 23 '15 at 19:46
-
I am lame hacker! Give me a live-usb and your laptop, and I got your files! :P What muru and rinzwind said is totally true, you need encryption if your files are that valuable. But most of the time, the thief couldn't care less about them. – G Trawo Dec 24 '15 at 00:56
-
1I've seen some really interesting programs, for access denial in event of theft. one guy had a thing where one the 3rd wrong password attempt, it would wipe his Drive. A misconception I think, is that someone stealing your PC wants your files. At best, your data might be interesting to the average computer thief. They probably just wanted a computer. Full disk encryption wont prevent disk overwrite. I had a computer that would report its location / IP to me in emails silently. A user could use it, and had no reason to wipe it. I got it back eventually. I also had a paper copy of lshw – j0h Dec 24 '15 at 14:47
-
1Read law 3 https://technet.microsoft.com/en-us/magazine/2008.10.securitywatch.aspx – Braiam Dec 24 '15 at 15:58
3 Answers
22
Linux systems do not protect against abuse through physical access. An admin password can be changed through grub and through a live session without supplying the previous admin password (this is intentional: having ownership allows you to do anything with it).
Your data is not accessible if you use encryption for at least your private data or for your whole system. However, I believe more people lost their data by forgetting their access key than through theft. Plus in general it is the hardware they want, not your data. And it is always smart to format a disk without accessing it if it was not yours: a simple keylogger is enough to send details about the connection it is using to your mail account so you can track the system down.
Caturday Saint
- 224
Rinzwind
- 299,756
-
4"in general it is the hardware they want, not your data" [citation needed] :-). It depends on the thief of course, but on the assumption that the total worth of your assets is greater than the cost of the stolen computer it's not completely ridiculous to imagine scenarios where the files themselves are the target (especially if the stolen PC's HD is on-sold to someone more sophisticated than the original thief). See also - every discussion on security.stackexchange ever. – piers7 Dec 24 '15 at 06:01
-
3@piers7 sure but we are talking about a home computer setup not the notebook of the american president. Thiefs have a shortterm goal: get their hands on something they can sell. Personal data tends to be useless, unless we are talking about stuff you can use for extortion. – Rinzwind Dec 24 '15 at 07:31
-
I'm with rinzwind on this one -- I had a tablet bag stolen a few months ago. The Kindle that was in it had been deregistered (and presumably re-registered to another Amazon account) before I even knew the bag was missing. No reason to do that if they were interested in imagined "valuable data" on the tablet. Most casual thieves are looking for a quick crack or meth fix, money to feed some other addiction, or a new toy. Not to say computers haven't been stolen specifically to access the data, but that's a targeted theft and won't happen to someone who has, effectively, nothing to steal. – Zeiss Ikon Dec 24 '15 at 15:12
11
Anyone who has physical access to your computer can reset the password quite easily. The general Linux philosophy is that if someone has physical access to PC then has possibility to do anything. For example see this post. It is a proper philosophy as you wouldn't like to lose your hardware/software/data just because you forgot your passwords.
If you wish to protect your PC then consider BIOS/UEFI password and disk encryption.
-
4Even BIOS password doesn't prevent someone removing the HDD and putting it into a second computer. Encryption is the only way to protect files when physical access is gained. – Tim Dec 24 '15 at 00:08
-
6Besides that: BIOS passwords are useless anyways. All of the manufacturers have added general passwords that -always- work – Rinzwind Dec 24 '15 at 07:32
-
1and most reset on flashing the bios, or some even the chip comes out and is directly replacable – Mateo Dec 24 '15 at 15:48
7
I know you're likely not worried about state secrets or very valuable data, but the correct answer is "Yes". Someone with physical can always access your files, always. Full disk encryption makes the process significantly slower (time could be measured in years or centuries), but the attacker can access your files.
See the 10 immutable laws of security. Law 3 specifically states:
If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
The article goes into a number of great ways you can get owned here, including but not limited to making a copy of your disk, adding a keylogger and giving it back to you. Once you enter the password, the malware can send it back to the attacker, letting him decrypt his copy of your disk.
And never forget what xkcd has taught us:
Passwords are insufficient if you are not torture-resistant
Bottom Line
If you're not worried about the NSA, or other groups willing to spend millions of dollars, years of time, or torture you, full disk encryption is probably fine. But it does not mean that you are 100% safe. Storing no data on your laptop and only VPN'ing to a secure machine is probably a better idea. Don't forget MFA and your tin foil hat.
thunderblaster
- 214