Can anyone with physical access to my computer access my files? [closed]

hacking

I wonder what will happen if my computer got stolen.

Can a hacker gain access to the files on my computer?

I have Ubuntu 14.04 and have not installed any security programs - should I do something to protect myself against this?


Solution 1:

Linux systems do not protect against abuse through physical access. An admin password can be changed through grub and through a live session without supplying the previous admin password (this is intentional: having ownership allows you to do anything with it).

Your data is not accessible if you use encryption for at least your private data or for your whole system. However, I believe more people lost their data by forgetting their access key than through theft. Plus in general it is the hardware they want, not your data. And it is always smart to format a disk without accessing it if it was not yours: a simple keylogger is enough to send details about the connection it is using to your mail account so you can track the system down.

Solution 2:

Anyone who has physical access to your computer can reset the password quite easily. The general Linux philosophy is that if someone has physical access to PC then has possibility to do anything. For example see this post. It is a proper philosophy as you wouldn't like to lose your hardware/software/data just because you forgot your passwords.

If you wish to protect your PC then consider BIOS/UEFI password and disk encryption.

Solution 3:

I know you're likely not worried about state secrets or very valuable data, but the correct answer is "Yes". Someone with physical can always access your files, always. Full disk encryption makes the process significantly slower (time could be measured in years or centuries), but the attacker can access your files.

See the 10 immutable laws of security. Law 3 specifically states:

If a bad guy has unrestricted physical access to your computer, it's not your computer anymore

The article goes into a number of great ways you can get owned here, including but not limited to making a copy of your disk, adding a keylogger and giving it back to you. Once you enter the password, the malware can send it back to the attacker, letting him decrypt his copy of your disk.

And never forget what xkcd has taught us:

Passwords are insufficient if you are not torture-resistant

Passwords are insufficient if you are not torture-resistant

Bottom Line

If you're not worried about the NSA, or other groups willing to spend millions of dollars, years of time, or torture you, full disk encryption is probably fine. But it does not mean that you are 100% safe. Storing no data on your laptop and only VPN'ing to a secure machine is probably a better idea. Don't forget MFA and your tin foil hat.

Related

Install Canon scanner
Is there a GUI to convert/extract images to/from pdf?
SATA Drive is not detected when hotswapping
How to use multiple Python versions on the same System?
How do I get Synapse to search my Tomboy notes?
Apache 2 could not bind, address already in use
I can't install libtiff on my 64-bit Ubuntu
installation stuck at detecting file system
A great Python IDE for Ubuntu [duplicate]
Banshee is unable to determine audio cd metadata
Will 11.04 use other filesystem than ext4?
jQuery Validation - Two fields, only required to fill in one