NitroPad: Secure Laptop With Unique Tamper Detection

Do you think your computer hardware is secure? Can you rule out that in your absence no one has manipulated your computer? In a world, where most users do not have any real control over their hardware and have to blindly trust the security promises of vendors, NitroPad unlocks a refreshingly new security experience. NitroPad X230 is significantly more secure than normal computers. With NitroPad, you'll have more control over your hardware than ever before while maintaining ease of use.

 

Features

Tamper Detection Through Measured Boot
Thanks to the combination of the open source solutions Coreboot, Heads and Nitrokey USB hardware, you can verify that your laptop hardware has not been tampered with in transit or in your absence (so-called evil maid attack). The integrity of the TPM, the firmware and the operating system is effectively checked by a separate Nitrokey USB key. Simply connect your Nitrokey to the NitroPad while booting and a green LED on the Nitrokey will show that your NitroPad has not been tampered with. If the LED should turn red one day, it indicates a manipulation.
 

Deactivated Intel Management Engine
Vulnerable and proprietary low-level hardware parts are disabled to make the hardware more robust against advanced attacks.
The Intel Management Engine (ME) is some kind of separate computer within all modern Intel processors (CPU). The ME acts as a master controller for your CPU and has broad access to your computer (system memory, screen, keyboard, network). Intel controls the code of the ME and severe vulnerabilities have been found in the ME enabling local and remote attacks. Therefore ME can be considered as a backdoor and has been deactivated in NitroPad.
 

Preinstalled Ubuntu Linux With Full-Disk Encryption
NitroPad ships with a preinstalled Ubuntu Linux 18.04 LTS with full-disk encryption. Ubuntu is one of the most popular, stable and easiest to use Linux distributions. Switching from Windows to Linux has never been easier.
 

Optional: Preinstalled Qubes OS For Highest Security Requirements
Instead of Ubuntu Linux, on request you can get your NitroPad with preinstalled Qubes OS 4.0 and full-disk encryption.
Qubes OS enables highly isolated working by means of virtual machines (VM). A separate VM is started for each application or workspace. This approach isolates applications and processes much more than conventional operating systems. Qubes OS keeps your system secure, even if a vulnerability has been exploited in one of the software applications used. Example: If your PDF viewer or web browser has been successfully attacked, the attacker cannot compromise the rest of the system and will be locked out once the VM is closed.
In addition, separate virtual workspaces can be used, such as an offline workspace for secret data and an online workspace for communication. NitroPad with Qubes OS is technically similar to SINA clients (for governments), but remains transparent thanks to open source. Qubes OS is for users who want maximum security.
 

Keys Under Your Control
All individual cryptographic keys are generated directly on the NitroPad exclusively during installation and are not stored by us. However, all individual keys can be replaced by you. Unlike "Secure Boot", the keys for securing the operating system remain under your control and do not depend on the consent of the vendor.
 

Nitrokey USB Key Included
NitroPad comes with a Nitrokey Pro 2 or a Nitrokey Storage 2. Their security features include for example email encryption (PGP, S/MIME), secure server administration (SSH) and two-factor authentication through one-time passwords (OTP). The Nitrokey Storage 2 additionally contains an encrypted mass storage with hidden volumes.
 

Professional ThinkPad Hardware
Based on Lenovo ThinkPad X230, the hardware finish and robustness meet professional quality standards. The famous ThinkPad keyboard with background lighting and TrackPoint allows comfortable working. The used laptops have been refurbished.
 

Out-of-the-Box User Experience
With NitroPad, you don't need to take care of opening the hardware casing to flash the BIOS chip, installing and configuring Linux, or pairing the Nitrokey Pro/Storage. We do this work for you. The Nitrokey is already configured with your NitroPad so that it can be used for tamper detection without any further configuration effort.
 

Security Conscious Shipping
To make it more difficult to intercept and manipulate your NitroPad, the NitroPad and the Nitrokey USB key can be shipped in two separate shipments if desired.

 

    Use Cases

    For Everyone
    NitroPad enables you to detect hardware tampering. For example, if your laptop is being inspected while crossing the border or if you leave your device unattended in a hotel or during travelling, you can check the integrity of your NitroPad with the help of the Nitrokey.
     

    For Enterprises
    NitroPad can serve as a hardened workstation for certificate authorities and other use cases requiring high-security computers. On business trips, the NitroPad protects against evil maid attacks while the computer is unattended in a hotel or baggage.
     

    For Governments
    Governments can use NitroPad to protect themselves against advanced persistent threats (APT) without relying on foreign proprietary technology.
     

    For Journalists
    If you as an investigative journalist are serious about protecting your confidential sources, NitroPad helps you getting there.

     

    NitroPad X230 is now available in our Online Shop.

     

    More details are available in the product factsheet.

    11.1.2020

    Comments

    Nice idea the of Nitropad. It would be also a good idea to make the same kind of device as "Tiny Hardware Firewall VPN Client" that is only available to USA buyers. They have several devices. Nitrokey can have at least a device with Wi-Fi (2.4GHz/ 5 GHz) (a/ b/ g/ n/ ac/ ax) to capture the signal and WAN port (10/ 100/ 1000 Mbps), and Wi-Fi to distribute the Secure Wi-Fi (2.4GHz/ 5 GHz) (a/ b/ g/ n/ ac/ ax) and also 4 or more LAN ports (10/ 100/ 1000 Mbps). WPA2 and WPA3 enable for the Secure Wi-Fi. No WPS or similar. Wi-Fi Passwords by default at least like these: 74102-nxbbg-63135-jcynk-69351, and to access the device also things like username: wjghog-495535 and password: jsdsjb-244644 just to make life a little harder by default to attackers. Of course OpenVPN that allows multiple profiles, and also to have multiple jumps between different OpenVPN providers to make it harder for any of them individually to spy on the user, and a nice visual interface to show if any of them is not working and why the device it is not working (not reach the server, local network block, wrong credentials, etc.). And of course technology to allow to bypass attempts to prevent OpenVPN connections (bridges, obfuscation, etc.). Onion ("Tor") network also available. Compatible with login portals (captive portal friendly). With some sort of internal battery that can be easily replaced (say "21700 battery" or something else) and allow external power for even extended periods like "Powerbanks" and/ or directly connected to the electricity network.

    Add new comment

    Fill in the blank.