There are a number of choices available if you need a small, powerful but affordable mini desktop PC, from the $500 Mac Mini, to the cheaper Google Chromebox, or HP Pavillion Mini Desktop.
But can more be done to keep these devices secure, not just from software exploits, but scenarios in which the attacker has gained physical access to the device?
The makers of ORWL, a flying saucer-shaped mini desktop for the security-minded, think it can, providing you’re willing to fork out a relatively hefty $699. The team behind the ORWL is taking a second crack at crowdfunding, after the project failed to meet a $175,000 target on KickStarter last year. This time, the ORWL has a more modest target of $25,000 on Crowd Supply.
ORWL, whose name is inspired by George Orwell, is billed by its maker Design Shift as the first “physically secure computer” due to the lengths it’s taken to lock down data stored on the device.
Hardware-wise, the device sports an Intel Skylake Core m3 processor, with 8GB RAM, and either 120 or 480GB SSD. It has two USB 3.0 Type C ports, one micro HDMI port, and supports 4K output. The system can run Ubuntu and other GNU/Linux systems, Windows 10, or the security-focused Qubes OS.
Key to the device’s physical security features is a secure microcontroller (MCU), which is used to store and generate the drive’s cryptographic key. According to Design Shift, the MCU is integrated into the motherboard and verifies the integrity of firmware prior to boot. The other key physical security layer is a so-called “active mesh” clamshell that encases the gadget. The case borrows from techniques used to physically protect ATMs and security tokens. The material contains a printed circuit board that will shatter when drilled, triggering instructions for the MCU to delete the drive’s encryption key. Try pry the clam open and the device’s data will be rendered inaccessible in the same fashion.
The ORWL doesn’t offer any of the fancier biometric methods for authentication, but instead relies on a paired NFC chip held on a key fob for authentication. The device uses Bluetooth to monitor the proximity of the key fob. If the key fob moves out of range, the device will lock down until the next time the NFC chip is in range again.
Finally, to assure buyers of the ORWL’s integrity, the company is promising to open source its hardware and software. This includes schematic and layout files, as well as the firmware for the BIOS, secure controller, and key fob.
But while Apple, Google and Microsoft are doubling down on security features for their respective platforms, it’s not clear that equipment with security as the main selling point is anything more than a niche product, even after Edward Snowden’s leaks about US surveillance capabilities.
Silent Circle, the maker of the encrypted BlackPhone, recently revealed weak sales of the device. BlackBerry has also struggled to find a market for its security-focused, Android-powered BlackBerry Priv, though it’s taken a second punt on the market with its DTEK450.