Following a court ruling, the EFF and several news sources world-wide have reported about the practice to search through the data on electronic devices at the US border. Bruce Schneier has picked up the topic in his latest cryptogram (a newletter). So far everyone seems to have ignored or neglected another possibility: targeted spyware.
In fact I am not just talking about the usual spyware, but software that was written with the sole purpose of going undetected as long as possible and possibly being able to transmit as much data as possible. Spyware in a literal sense.
Let’s face it. So far everyone has brought up that it is vital to encrypt your data in order to safeguard it from leakage. Good point. In fact this will – in most cases – spoil any attempts to plant any kind of spyware. Except that places like an EFI, or the BIOS or simply the boot sector could be used to plant such code. For example combining the idea of Rutkowska’s Bluepill project with the boot-time rootkit for Vista might, in the end, leak the password which was used to encrypt the hard drive. As long as you have to boot the machine to get to the encrypted data, there will not be any safe way. The only viable method would be to use a second machine to decrypt and get to the data without executing any boot-time code.
Actually the combination of filling out some web form 72 hours before arrival at the US-border (starting next year), together with a two-minute search of a laptop (which in most cases will not even be encrypted) could prove pretty effective in order to customize and plant targeted spyware. My conclusion from this is the same as it has always been for many people: if the physical security of the machine has been compromised, don’t trust it anymore.
// Oliver