Haven + Killer as running PC killswitch

[HulaHoopWhonix]

Hi! Whonix dev here. We've recently come across "killer" [0] on Linux, a system tamper detector that shuts down a system when it detects unexpected actions. My first thought was that there is a potential opportunity for collaboration between the two projects. The rich input from mobile sensors can provide further options for a tripwire that protects a running machine when the owner is away.

Thoughts:

• I'm not sure about the details of how it works, but Haven could have a text event protocol that other programs like killer can standardize around and understand.

• Besides the wifi means of communication, Haven can support USB in case an attacker tries wifi jamming to prevent its killswitch from triggering.

---

On the killer side, it would need to support a listening daemon that runs a an ephemeral onion service. Add support for the Haven protocol. Make use of a keep alive signal between it and Haven and shut off the device if there isn't a ping after a preset amount of time.

Feel free to discuss this in more detail and I hope something exciting can come from it! :-)

[0] https://github.com/Lvl4Sword/Killer

cc/ @Lvl4Sword @adrelanos

[Lvl4Sword]

I'm not sure how a hidden service would work with Killer, and don't see it as beneficial for the project as a whole. Would require far more dependencies, and Killer has to run as root to start with. So the attack surface would increase significantly.

Keepalive signals would require a huge rework, and I don't feel there's much of a reason to have them anyway.

What would be better is making issues for custom commands to support paying attention to what is available on the systen, such as the sound threshold for the mic ( there's already one dubbed "ScreamLock" in the issues ) and other things. Not too sure if light/gyroscope/gps is available on a lot of devices though.

@GhostofGoes - Your input?

[HulaHoopWhonix]

I'm not sure how a hidden service would work with Killer, and don't see it as beneficial for the project as a whole. Would require far more dependencies, and Killer has to run as root to start with. So the attack surface would increase significantly.

I see.

What would be better is making issues for custom commands to support paying attention to what is available on the systen, such as the sound threshold for the mic ( there's already one dubbed "ScreamLock" in the issues ) and other things. Not too sure if light/gyroscope/gps is available on a lot of devices though.

Interesting and maybe acting on webcam input too? Though it will be tougher to use it for light/motion detection.

Edit:
For motion detection there is "motion" on Linux that takes snapshots when it detects movement. Maybe killer can watch its directory for any newly created files and kill when any are created.
https://www.maketecheasier.com/setup-motion-detection-webcam-ubuntu/

For light detection you may be able to repurpose the guts of autobrightness/Wildguppy to measure light changes, but instead of adjusting display brightness you would shut off the system.
https://github.com/billyboar/autobrightness/
https://askubuntu.com/a/633033

[Lvl4Sword]

Let's go ahead and talk about this in Lvl4Sword/Killer#48