Gadgetory

let's say for a moment that you're the kind of person who takes cybersecurity super-cereal you use a password manager with multi-factor everything you keep all your programs and operating systems up to date and you're constantly keeping a vigilant eye out phishing attacks that is all really good stuff that we should actually all do but none of it will do you a bit of good if an attacker actually gets your hardware in their hands like physically that is unless you're using a tamper-proof Orwell computer from design shift a PC that needs a password and a fob just to boot up and that apparently will disable itself permanently if we mess with it challenge accepted by the way speaking of challenges this was a challenging Segway to eke a water blocks Phoenix lineup is their next generation high performance all-in-one cooler check it out now at the link in the video description named for George Orwell every one of these tiny yet shockingly heavy little machines has its own unique encryption key one that is totally unknown even to the manufacturer design shift it's a time rotating RSA 4096 key so that is over 4,000 bits long and what it means is that it is practically impossible to brute force so for reference the largest RSA number that's ever been factored was only 768 bits long and that took hundreds of computers over 2 years to figure out now this encryption key is not stored in main memory or on the self encrypting SSD but rather in a security microcontroller that only exposes it briefly when a user is authenticated like as you're booting up as for how to authenticate well two-factor of course or ball comes with two special key fobs that must be scanned on the machine before you'll even be prompted to enter your numeric password using Orwell's OLED display and only then does the Machine boot up and then you will still need to enter credentials for Windows Ubuntu cubes OS or whatever your fobs use NFC for the initial setup then once they're paired the Java card applet on the fob that's responsible for pairing is actually deleted and from then on the fobs communicate their distance from or well over encrypted low-energy Bluetooth and the machine will actually lock down if you get more than 10 meters away in lockdown mode Orwell's ports that's two five gigabit USB type C's for power and peripherals and a mini HDMI for the display are shut off so no one can plug in their Stuxnet flash drive or boot the computer using an external device and the CPU is put to sleep that is unless the mainboard secure MC use three axis accelerometer and gyroscopes detect movement at which time it will actually be powered completely off forcing a potential hacker to build their lab a around the Machine rather than carrying it away to be prodded at in privacy okay then Linus what if I go around the MCU by freezing it with a spray refrigerant ha well since the MCU also monitors for drastic temperature changes freezing it will actually result in Orwell destroying the encryption key and even if you could freeze the RAM for example which typically retains information for a few seconds after being powered down you'd have a hard time reading anything from it because it is soldered on to the board and going at it the other way isn't an option either the boot sequence is designed to wipe the RAM before post to prevent attackers from somehow inserting code into the memory during boot I mean most of that stuff though is kind of hypothetical anyway because you probably would never get that far the entire system is physically tamper proof and I'm not talking about a handful of pressure sensors that you can just drill holes around and disable no no the entire system in addition to the mainboard MCU and the MCU and the FOB the system is wrapped in a conductive dye shield with multiple pressure switches and a wire mesh barrier this protects against physical ingress and certain side-channel attacks like over-the-air power analysis since no meaningful power leakage will make it through the die shield and if you disturb any of that stuff the encryption key gets Newt and all of this works even without Orwell being plugged in since the main board MCU is onboard battery can actually last for several months now to be clear security features like this have been around for years in some industries but design shifts pitch is that they're delivering Bank level information security for everyone without changing the overall user experience and they're actually mostly there the fobs are a little too bulky right now in my opinion and while they are rechargeable over microUSB they lack a battery indicator light so when they die in your Orwell locks down you're gonna have a bad but once you're logged into Orwell it behaves just like a regular computer as advertised so that's really cool but I still think their audience will end up being somewhat limited the Orwell breezed through our thermal tests staying relatively quiet without throttling but even the top tier model sticks you with a mobile processor eight gigs of RAM and integrated graphics and that's at three times the cost of a similarly Specht tablet computer to be clear that could be considered cheap compared to some of the other options that are out there and there are definitely going to be customers for this tech but I just have to wonder if the next step for design shift has to be a notebook to give extra flexibility to anyone who wants to take his or her secure computing on the road alright then with all that out of the way let's see if we can lose our data after this message from tunnel bear tunnel bear is the simple VPN app that makes it easy to browse privately and enjoy a more open Internet well if tunnel bear turned on your Wi-Fi connection is secured and your online activity is kept private from your internet provider advertisers and anyone else looking to track you or profit from your data tunnel bear is a top-rated privacy policy and does not log your activity so go Tritonal bear for free with no credit card required at tunnel bear comm slash LTT we're gonna have that linked below so thanks for watching guys if this video sucked do you know what to do but if it was awesome get subscribed hit that like button or check out the link to where to buy the stuff we featured there it is at the link in the video description also linked down there is our merch store which has cool shirts like this one and our community forum which you should totally join