Let’s take a minute to pretend that your computer is set up with up to date encryption software, you have password requests set to be triggered whenever you turn on your computer and wake it from screensaver and only you know the various codes used to unlock your private information. Your data must surely be protected, right?
Even in this situation, having the physical security of your computer or phone compromised could pose a threat to your security. For some years it has been known that quickly cooling a computer’s RAM can allow it to retain information that can break your encryption: this has also been show to work with certain Android smartphones. But even if hostile users aren’t able to salvage this data from your RAM, their possession of your computer gives them significant leverage over you. Australian law has provisions for police to compel users to relinquish passwords and/or “any other details necessary to obtain evidence in a protected or encrypted state” and while one may be able to thwart this by using the plausible deniability measures found in certain encryption programs (explained below), resisting the pressure put upon you by the police or others to hand over this information may likely prove too arduous.
Obviously, the less secure your computer is the easier it will be for hostile users to steal information or alter your computer if its physical security is compromised. Leaving your computer unlocked and unattended may result in your computer or hard-drive being stolen or someone installing malicious software (or hardware). If your computer has been left unattended long enough for someone to change your desktop, it has been left vulnerable long enough to pose a threat to your security. Smartphones are even more vulnerable as their small size allows people to quickly slip them into a pocket without you noticing.
So what can you do to ensure the physical safety of your computer and/or phone?
- Always be aware of where your computer or phone is. Keep your laptop in a closed bag and keep that bag within eyesight when traveling and make sure your phone is in a pocket or bag that is not easy for others to access (such as a breast pocket).
- Don’t leave your computer or phone unattended.
- Make sure you have set your computer/phone to request your password upon start up, wake from screensaver and unlock. When using your phone, set an alphanumeric password rather than the default four digit simple code and avoid using pattern unlock systems.
- When dealing with sensitive information make sure your screen is not visible to anyone but you: keep the screen turned away from windows, cameras and other people. If you feel it is necessary you may also opt to cover your keyboard or your computer and yourself.
- Keep your computers locked to your desk or another piece of sturdy furniture. Many computers are now built with attachments that can be used to secure hardware in this manner.
- If you know or suspect you may be about to enter a hostile environment, shut your computer down and wait a few minutes to make sure your RAM has cleared.