Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ericsson and Intel Offer Remote Notebook Lockdown

timothy posted more than 5 years ago | from the and-if-you-refuse-this-offer dept.

Portables 105

MojoKid writes "Ericsson and Intel have announced that they are collaborating on a way to keep your laptop's contents safe when your laptop goes MIA. Using Intel's Anti-Theft Technology — PC Protection (Intel AT-p) and Ericsson's Mobile Broadband (HSPA) modules, lost or stolen laptops can be remotely locked down. Similar to Lenovo's recently announced Lockdown Now PC technology, the Ericsson-Intel technology uses SMS messages sent directly to a laptop's mobile broadband chip. Once the chip receives the lock-down message, it passes it to the Intel AT-p function, which is integrated into Intel's Centrino 2 with vPro technology platform. Unlike Lenovo's anti-theft solution, the Ericsson module includes GPS functionality as well."

cancel ×

105 comments

Sorry! There are no comments related to the filter you selected.

lapjacking (4, Insightful)

Skapare (16644) | more than 5 years ago | (#26085419)

And once the codes to do this leak into the wild, laptop hijacking and ransoms will be next.

Re:lapjacking (4, Informative)

afidel (530433) | more than 5 years ago | (#26085513)

If it's like Lenovo's solution you have two levels of authentication, first the SMS number which sent the message is whitelisted (fairly easy to spoof I assume) and secondly the messages are cryptographically signed. I believe the whitelist feature is to keep from being DDOS'd with bogus messages which the card would have to attempt to decrypt.

Re:lapjacking (1)

Lucky75 (1265142) | more than 5 years ago | (#26086833)

Of course, the paranoid person would balk at having GPS tracking of their computer even without a cellphone.

I see way too many downsides to having remote lockdown. It can be abused too easily, and once the codes get leaked, there is no added security anyways.

Re:lapjacking (3, Insightful)

afidel (530433) | more than 5 years ago | (#26086917)

You keep talking about codes, WHAT codes? The payload that activates the feature (at least in the Lenovo implementation) is a cryptographically signed message, there is no default code! It's just like Blackberries, a cryptographically signed message is received by the device and it initiates a wipe of the device, it the case of the Blackberry it wipes the RAM and flash areas, in the case of the Lenovo it wipes the storage keys from the TPM chip.

Re:lapjacking (2, Informative)

networkBoy (774728) | more than 5 years ago | (#26087383)

plus the legitimate user just enters a passphrase and "poof" notebook is unlocked again.

http://www.google.com/search?hl=en&q=%22theft+deterrent%22+site%3Aintel.com&btnG=Search [google.com]
http://communities.intel.com/docs/DOC-2384;jsessionid=D59F43EDDFB0FCDAA907153C80E0539E [intel.com]
http://communities.intel.com/openport/community/openportit/vproexpert/blog/tags/at-p [intel.com]

some light reading for the paranoid. Besides this is targeted mostly at business (V-Pro?).

Re:lapjacking (1)

networkBoy (774728) | more than 5 years ago | (#26087401)

Return notebook to full functionality via:

 Local passphrase that was preprovisioned by user.

 Recovery token (one-time use) provided by IT.

 Simple, inexpensive way to restore notebook to full functionality without compromising local security features for data access disable or PC disable.

Re:lapjacking (1)

gknoy (899301) | more than 5 years ago | (#26087403)

But, signed by whom? A central authorizing agency? That's just asking to be brute-forced or otherwise stolen. Combine that with the fact that the weak point in encryption is often the implementation, and it's possible that nefarious persons could find (and exploit) a hardware flaw.

Re:lapjacking (1)

INT_QRK (1043164) | more than 5 years ago | (#26090241)

So...a kill code send directly to a broadband chip for a system built off-shore in government controlled factories of a potential adversary country? Oh, OK, the overt channel for the kill code is protocol "protected" and, ooooh, encrypted. I don't mean to sound paranoid, but an I the only one who sees this as at least a potential Trojan system? I sure hope our government would be astute enough to keep these things away from any mission critical shopping lists.

Re:lapjacking (0)

Anonymous Coward | more than 5 years ago | (#26090811)

Your just paranoid because China has been pursuing asymmetric cyber warfare tactics that could be used to cripple a foreign enemy without resorting to traditional military engagement.

Its not like they make the chips and circuit boards and also see the U.S. as that foreign enemy also ... right? ~

Re:lapjacking (1)

LWATCDR (28044) | more than 5 years ago | (#26097257)

wouldn't the built in broadband chip be a bigger danger?
Turning off a notebook is one thing. Reading off the data is another. I mean if you are going to worry something. Broadband chip plus GPS? Shutting it down would be the last thing I would worry about.

Re:lapjacking (2, Insightful)

Paradigm_Complex (968558) | more than 5 years ago | (#26085525)

Unless the actual laptop owners get to set/change the codes themselves - as well as disabling the feature completely - in which case it won't be any worse than SSH/remote_desktop/et al.

Re:lapjacking (1)

networkBoy (774728) | more than 5 years ago | (#26087405)

they don't.
at least not in my show where we are trialing it.
this plus seagate momentus FDE disks and we're golden.

Re:lapjacking (1)

dimeglio (456244) | more than 5 years ago | (#26085533)

Can I make blow up with a simple SMS message? Reminds me of a "The Broken" episode. More thermite!

Re:lapjacking (3, Funny)

tomhudson (43916) | more than 5 years ago | (#26085943)

Can I make blow up with a simple SMS message? Reminds me of a "The Broken" episode. More thermite!

Sure - just check the "Sony Battery" option.

Re:lapjacking (0)

Anonymous Coward | more than 5 years ago | (#26085605)

And once the codes to do this leak into the wild, laptop hijacking and ransoms will be next.

I don't know about you, but lapjacking invokes an entirely different series of images than what you just described...

Re:lapjacking (0)

Fluffeh (1273756) | more than 5 years ago | (#26086795)

My name is Inigo Montoya. You stole my laptop. Prepare to shut-down.

Re:lapjacking (1)

ruphus13 (890164) | more than 5 years ago | (#26086915)

I found this laptop and started writing this reply when it suddenly froz...

Re:lapjacking (1)

MaskedSlacker (911878) | more than 5 years ago | (#26088375)

In case you were wondering why your joke failed, let me break it down for you:

1) You couldn't have decided to type that sentence until after the lockdown.
2)If you had been cut off you wouldn't have added the ellipsis.

Thank you, please try again.

Re:lapjacking (1)

Jurily (900488) | more than 5 years ago | (#26088055)

And once the codes to do this leak into the wild, laptop hijacking and ransoms will be next.

Nah. More like a new level of DRM.

well (4, Insightful)

scapermoya (769847) | more than 5 years ago | (#26085509)

aside from the security risks, this can only become an effective deterrent if it sees widespread use.
good luck with that.

Re:well (4, Insightful)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#26085569)

I suspect that this is less about deterrent and more about mitigating data loss. Laptops are cheap(and, given that this hardware and service aren't exactly going to be free) the cost of replacing some when they get stolen is probably lower than building all sorts of fancy features into them. Being able to nuke the data on the system(specifically, nuke the crypto keys to the disk's already encrypted contents) could be well worth the money for a fairly broad swath of business type purposes.

They crypto keys should be off-drive anyways (3, Insightful)

davidwr (791652) | more than 5 years ago | (#26085755)

Here's how I would build a lock-downable laptop:

BIOS/preboot environment: Looks to an external device, probably a USB stick, for part or all of the crypto key. Use that to decrypt boot loader on hard disk or other boot device and follow its instructions. Of course this should have a passphrase.

Boot loader will look to whereever it chooses for crypto keys for the rest of the drive. These may be the same keys as the bootloader used or they may be something else. They may be partially or completely downloaded from the Internet, and once decrypted with a passphrase, are stored in memory or better yet only on the CPU in such a way as they are never stored in a paged-memory file.

Furthermore, really sensitive data can be encrypted in container-file partitions, encrypted compressed files, or what not using OS- or application-level-encrypted containers.

This, in conjunction with an "lock all I/O and networking and turn on the screensaver" software when the user is away from the computer, will render it very difficult to get at the data on the drive, difficult to deter all but the most determined adversary.

Now all the user has to do is remember to remove his USB stick after booting. Of course, if his laptop does get stolen he's still out the replacement cost of the machine and the cost of restoring his data from backups.

Re:They crypto keys should be off-drive anyways (3, Insightful)

tomhudson (43916) | more than 5 years ago | (#26085967)

Terrible idea. Now you have yet another failure point - losing the off-drive crypto keys. You don't even need to physically lose the USB key - just break it, have it die from static discharge, etc.

People lose things a lot more expensive all the time - ask anyone who's ever lost a cell phone, or left a laptop on the roof of their car, or lost their wallet or purse.

Re:They crypto keys should be off-drive anyways (0)

Anonymous Coward | more than 5 years ago | (#26086097)

so uhm, keep a copy somewhere secure?

Re:They crypto keys should be off-drive anyways (2, Funny)

jaxtherat (1165473) | more than 5 years ago | (#26086167)

so uhm, keep a copy somewhere secure?

That still relies on the average user not being a retard, and having the presence of mind to do so. Sorry, and that ain't happening any time soon.

Remember, the moment you design an idiot proof system, someone invents a better idiot.

Re:They crypto keys should be off-drive anyways (1)

tomhudson (43916) | more than 5 years ago | (#26086213)

so uhm, keep a copy somewhere secure?

So why not just keep the laptop there instead?

Answer: Because I want to USE it.

In other words, this whole idea detracts from usability and convenience, which is why people get laptops in the first place. Easier to just remove the HD. It's not like it takes more than a minute, or is very large. Most laptops, you don't have to use the screws that hold the drive caddy in place, so just remove the 2 screws holding down the cover, pop the drive out, and your half-terabyte laptop drive is now sitting in your shirt pocket or your purse or hanging from a cord around your neck if you're uber-paranoid.

Re:They crypto keys should be off-drive anyways (2, Insightful)

sumdumass (711423) | more than 5 years ago | (#26086337)

The problem with a thumb drive security stick or removable hard drives and such is that they will all end up in the same bag as the laptop making the separation pointless when someone takes the entire enchilada.

Sure, you can keep them separate but lets be practical here. Keys end up making it onto key rings with other keys, phone numbers all make it to the same places, and so on. It will either be something that is lost or kept together for convenience reasons.

Re:They crypto keys should be off-drive anyways (1)

adolf (21054) | more than 5 years ago | (#26086959)

Nyet.

My thumbdrive (a Sandisk Cruzer Micro, the only thumbdrive I've ever found which fits securely next to my car keys) lives on my keyring. It hangs from the beltloop of my pants on a carabiner, and is always right there whenever it is not in use elsewhere.

So let's be practical. I don't think anybody is going to steal the thumbdrive on a key ring which is attached to my pants, along with my laptop, as long as I'm vigilant in removing the thumbdrive from my laptop whenever I'm out of sight of said laptop.

It's just not very likely to happen.

If it does happen, I'll be right there to chase, pummel, and stab the thief with my finely-honed knife until such a time as they unhand my stuff. And then I'll have my stuff back.

So. Realistically: Given the scenario presented by OP, either the thief would steal a totally non-functional laptop, lacking the USB drive to make it work (who cares? The machine might be gone, but the data is safe), or the thief would have to steal my laptop right out from under my nose along with an attached USB drive.

If what OP presented actually exists, and unfortunately it doesn't seem that it does, then I wouldn't be worried at all. My laptop would either be cryptographically secure and the information therein safe, or it would be in my immediate possession and protected by me personally.

And in this latter case, there's easier targets for a thief to steal. They'll take the laptop on the next table, or in the next train car, where the owner has left it unprotected.

So, again: If such technology existed in an easily-used form, my data would be very safe indeed.

(Unless, of course, they very purposefully show up with a gun. But when firearms enter the scenario, it's pretty plain that no amount of security is sufficient, short of auxiliary guards, in protecting the data on a portable computer.)

Re:They crypto keys should be off-drive anyways (2, Funny)

magarity (164372) | more than 5 years ago | (#26087269)

don't think anybody is going to steal the thumbdrive on a key ring which is attached to my pants, along with my laptop
 
The way this parses, you make it sound like your laptop is attached to your pants.

Re:They crypto keys should be off-drive anyways (2, Insightful)

jack2000 (1178961) | more than 5 years ago | (#26087483)

How do you know it isn't?

Re:They crypto keys should be off-drive anyways (1)

RMH101 (636144) | more than 5 years ago | (#26087981)

You're not the target audience though. This tech's aimed squarely at big business, which is sick of the sh1tstorm lost laptops cause. Something like 30-40% of all laptops get stolen during their lifetime, and you haev to come up with a secure solution that takes account of this, and also takes into account corporate users a) not really caring, and b) losing keys. You need a mechanism that applies this *by default* with the corp user not being able to easily turn it off. You need a mechanism that your user can phone the helpdesk and say either "i've lost it", in which case they can kill it remotely, or "i've forgotten my password" in which case they have a mechanism for recovery.
Any big business that relies on users never forgetting passwords or having a single point of irrecoverable failure on a USB pendrive's asking for trouble.

Re:They crypto keys should be off-drive anyways (2, Funny)

jonaskoelker (922170) | more than 5 years ago | (#26088333)

My thumbdrive lives on my keyring. It hangs from the beltloop of my pants on a carabiner, and is always right there whenever it is not in use elsewhere.

And who says slashdotters don't have any fashion sense?

Re:They crypto keys should be off-drive anyways (1)

sumdumass (711423) | more than 5 years ago | (#26093549)

Well sure that works for you.

But if you ever have any experience with end users, on probable yourself if you take an honest look, you will understand that they don't always do what they are supposed to do and they don't always follow the rules. Ever go over the speed limit?

Anyways, what this boils down to is that someone that you expect to follow the same regimen will end up not following through and it would be pointless for them at least. You also have the distract and swipe scams too. That is where you or someone else is at a coffee shop or maybe the airport and your on your laptop for whatever reason. Then someone causes something to happen nearby that distracts you, you stand and look, someone walks by, grabs your laptop (in some cases, it's bag and all) and by the time you turn around, it's all gone- key ring and all. Now keep in mind, When I said you, I didn't mean you specifically, I just wanted you to understand how this happens so you can see how it would effect someone else.

Re:They crypto keys should be off-drive anyways (1)

Dan541 (1032000) | more than 5 years ago | (#26088155)

ask anyone who's ever lost a cell phone, or left a laptop on the roof of their car, or lost their wallet or purse.

This is /. there aren't any women here!

Re:They crypto keys should be off-drive anyways (1)

explodymatt (1408163) | more than 5 years ago | (#26089001)

We already have an item that people use to get at something of similar value. Some of them even have a crypto key of some kind or other on them electronically. It's called a set of car keys. people lose them but it's not as bit an issue as you make out.

Re:They crypto keys should be off-drive anyways (1)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#26086121)

My understanding is that the crypto keys are off drive, typically stored in the TPM or whatever half-assed vendor equivalent is included. That is baked into the motherboard somewhere, so it will be lost with the machine; but pulling keys out of a TPM is said to be markedly less fun than just pulling them off a drive, and features like this one are aimed at making it even more irritating. If you have to have a separable token of some kind, TPMs can be made to play with smartcards(or fingerprint scanners, if you only need to feel secure.)

Re:They crypto keys should be off-drive anyways (1)

asdfghjklqwertyuiop (649296) | more than 5 years ago | (#26086529)

What are you trying to accomplish with all these extra steps that any ordinary full disk encryption mechanism can't provide do right now?

Re:They crypto keys should be off-drive anyways (1)

networkBoy (774728) | more than 5 years ago | (#26087425)

making simple removal and replacement of the HDD insufficient to make the notebook pawnable.

Re:They crypto keys should be off-drive anyways (1)

MaskedSlacker (911878) | more than 5 years ago | (#26088431)

what happened to just reformatting the encrypted drive and pawning it?

Re:They crypto keys should be off-drive anyways (1)

networkBoy (774728) | more than 5 years ago | (#26093005)

because the system won't boot. the protection tech is in the chipset not on the hdd.
-nB

Re:well (1)

dimension6 (558538) | more than 5 years ago | (#26086119)

I'm guessing this will only be useful for certain types of users. There are two real theft goals: either the thief is after the computer or after the data. I don't have the numbers, but I suspect the thief is after the computer (to sell on eBay, etc.) 95%+ of the time. Assuming this does actually make the computer inoperable, the thief will simply throw it out when it stops working (you won't get your computer/data back, and he doesn't care what was on the disk). If the thief needed to retrieve data from a laptop, the first thing an intelligent thief (say, a competitor company) would do is take out the hard disk without turning the stolen machine on and put it in a separate machine. This kind of defeats the purpose of a remote lockdown, because as far as I can tell, it requires that the notebook must be powered on. It may or may not be encrypted, but most people don't use full-disk encryption, so they get what they're after. So, this might offer a slightly higher degree of security against the first type of criminal, who is primarily after the laptop, but not the second, who is after the data (which is presumably much more valuable).

Re:well (2, Informative)

networkBoy (774728) | more than 5 years ago | (#26087453)

Intel V-pro is on even when the computer is "off" unless on battery or no AC then V-Pro is on.

You can configure it to be:
on in S0 only
on in S0 and suspend
on in S0, Suspend, Hibernate, S5 (off, living on VSB power).

in the last mode listed it will accept a poison pill even when "off", so long as there is a network connected.

We've got a dozen machines with this in my shop right now. pretty cool tech. Not targetted at Joe sixpack, but I could see some hard-core geeks using it to turn on their machine remotely to save power on the vast majority of the time they don't SSH in, but allow it on the rare occasion they do need an SSH connection.
-nB

Re:well (1)

thesqlizer (919307) | more than 5 years ago | (#26086253)

Indeed it does seem like it really is about data loss and less about theft deterrent.

So many companies (public and private), government agencies, and individuals alike want to make sure their data is safe or at least that it doesn't fall into the hands of the bad guys.

Funny thing is there are already at least a couple of good programs for laptop recovery [laptopcopsoftware.com] at least for Windows. (If memory serves there might be some Linux and Mac ones, too, at this point, but I digress.)

The Ericcson/Intel offering, while good, will likely never be able to do what some of the third parties are offering because they're web based and allow control of individual files and such.

Re:well (1)

lysergic.acid (845423) | more than 5 years ago | (#26087561)

no, the funny thing is you're comparing some lame remote administration application with hardware/BIOS-based security features. you might as well install netbus/Back Orifice 2000/sub7 on your computer for all the good it'll do you. all the thief has to do is take out the laptop hard drive and mount it onto another system and they've bypassed this "cutting-edge" security program developed for government use in the "War on Terror" (yes, that's an actual line used by the makers of that software).

while the Lenovo and Intel security schemes have their limits, at least they provide real security when used by security conscious (and technically competent) users, which is what they seem to be aimed at. the LaptopCop program OTOH is targeted at naive, technologically illiterate idiots. this is apparent in the complete lack of any technical details about their security measures, their inexplicable neglect of standard security practices (like full disk encryption), and their dubious/nonsensical claims that anyone with the slightest understanding of technology would be able to see through (like their claim that WiFi-based geolocation is more accurate than GPS).

Re:well (1)

RMH101 (636144) | more than 5 years ago | (#26087987)

It's going to be controlled via security at BIOS level, *just like any other decent manufacturer-supplied protection*. I mean, think about it. You'll be using BIOS-keyed FDE built into the drive, so it's certainly not as simple as popping the drive out to read it.

Re:well (1)

Alioth (221270) | more than 5 years ago | (#26087899)

For loss of confidential data, you can already do full disc encryption using TrueCrypt (including the system disc).

Data theft != data loss (1)

jonaskoelker (922170) | more than 5 years ago | (#26088317)

I suspect that this is less about deterrent and more about mitigating data loss.

In my dictionary, "data loss" means you don't have access to the data, whereas "data theft" means someone else has access to the data when they shouldn't.

Backups protect against data loss. Remote disabling protects against data theft.

Full disk encryption also protects against data theft if the laptop is off when stolen. Having the laptop shut down if mydnsname.org/laptop-id/shutdown doesn't 404 (cron job, every minute) would help against data theft if the laptop is on while stolen. If you have a bluetooth phone and enable the screen saver when the phone loses contact with the laptop, it helps you even more if the laptop gets stolen in the on state.

If you trust your backups, you can also backup all the encrypted keys that are on the disk on your secure server, and wipe them from the laptop when you find the shutdown page on the web.

Oh well, I guess the people who like wearing suits and buying stuff trust people who like wearing suits and selling stuff over people who like wearing t-shirts and building stuff.

only works if encrypted (1)

TheMeuge (645043) | more than 5 years ago | (#26089915)

This only works if the valuable data on the laptop is encrypted. Since, as we've seen, companies are perfectly content to put personal info of millions of people on completely unsecured computers, these kinds of features will remain in the domain of curiosity.

Until businesses are held financially responsible for ALL damage resulting from a data breach, no feature will make data secure.

Re:well (1)

Anthony_Cargile (1336739) | more than 5 years ago | (#26085731)

That, and it has to be hooked up to the internet whenever the SMS is sent. Unless of course the code does not run directly in firmware and the thief wipes the OS for a different (non-OEM in the case of Windows) one. If I stole one of these, thats what I would do, stay away from the 'net until its been wiped for Linux or a copy of retail Windows (e.g. out the box).

But all they have to do is make this tie into firmware/BIOS so the OS running on top has 0 control, which is still easily disabled by either physically removing the chip or just disabling it and using a new NIC incapable of communicating with the bus listening for the SMS of death.

And no, I did not read TFA in case I am completely wrong ;).

Re:well (1)

Anthony_Cargile (1336739) | more than 5 years ago | (#26085781)

Scratch that, just remove the mobile broadband chip while its off (possibly sleeping or hibernating) then have fun either reinstalling an OS on it for personal use or decrypting the hard drive and having your way with the user's data.

Read the article this time.

Re:well (2, Informative)

tomhudson (43916) | more than 5 years ago | (#26085993)

Scratch that, just remove the mobile broadband chip while its off (possibly sleeping or hibernating) then have fun either reinstalling an OS on it for personal use or decrypting the hard drive and having your way with the user's data.

... or just move the little switch on the front of the laptop (I didn't even notice it was there until one day I accidently turned it off and I couldn't get the wireless working).

Removing the chip on recent HP laptops is really easy - almost as easy as upgrading ram - it's in the same compartment, and you can just snip the lead if you want to leave the chip in there ...

Re:well (1)

RMH101 (636144) | more than 5 years ago | (#26087999)

Do you really think they'd be dumb enough to implement a system that you can disable with a switch? Presumably if they've half thought about this the failback when it doesn't detect a valid, working hardware module is going to be to LOCK and await the passcode.
Presumably as standard you boot to a passcode, probably with the option to sync to Active Directory like Pointsec does, so if there's no GSM coverage you still need a password.

Re:well (1)

tomhudson (43916) | more than 5 years ago | (#26099551)

Do you really think they'd be dumb enough to implement a system that you can disable with a switch?

Every alarm system has a switch to disarm it. A "security system" for a retail without a fallback fail mode that is user-friendly will just not be accepted.

Government backdoor (4, Insightful)

Lead Butthead (321013) | more than 5 years ago | (#26085521)

The question is if this... feature has a government backdoor to 'assist' in 'terrorism investigation.'

Re:Government backdoor (3, Interesting)

TheGratefulNet (143330) | more than 5 years ago | (#26085553)

many of us are thinking that, too.

it took 'this long' to come out with it. but its not really a 'hard' problem. think 'coordination' and 'keys' and 'multiple owners' and I bet you are thinking what I am.

this is a feature I would search to NOT have, quite frankly. and if I wanted it, *I* would implement it in a one-off private way.

Re:Government backdoor (1)

TubeSteak (669689) | more than 5 years ago | (#26087783)

The question is if this... feature has a government backdoor to 'assist' in 'terrorism investigation.'

Forget terrorism.
This is a wet dream for drug dealers, organized crime, corrupt politicians etc.

Normal procedure is to keep the computer as-is until they can do their forensics.
So unless the police have a faraday cage or pull the HSPA chip in time, they're screwed.

So you pretty much have to assume that there's a backdoor,
otherwise law enforcement and the Feds would be shitting bricks.

Re:Government backdoor (1)

Anonymous Coward | more than 5 years ago | (#26088443)

Please put your tinfoil hat back on.

Drug dealers don't keep records. They especially don't keep records in/on laptops. Cellphones are a different story, but it's not like there is a sales record in there.

In any case, any reasonably competent geek can make a laptop utterly impenetrable to forensic examination. No remote kill is required.

I have set up encrypted systems for high security usage. My personal computer uses the same system that I sell to customers.

1) Boot password.
2) OS password.
3) Encrypted system drive.
4) Separately encrypted data drive.

The correct Boot password decrypts the system drive. Allowing the OS to boot. The wrong one more than twice locks it for 72 hours.

The Correct OS password gets you into the OS. The wrong one does nothing.

The correct data password unlocks the data drive for no more than 4 hours at a time. The wrong one more than once locks the drive for 72 hours.

The honeypot password opens only a completely separate data storage with nothing interesting in it, but it's got lots of boring data to keep people busy.

The duress password at any stage other than OS will destroy the data drive entirely.

I assure you, even the NSA isn't getting this data without my willing cooperation. (not in this lifetime anyway)

This is done using entirely open source software that anyone can get.

Call me paranoid, but I sell computer security consulting. I've sold this system to half a dozen companies worried about various data theft problems. It's bullet proof, and it's entirely under the control of the admin.

I could write in some remote kill software, but it's redundant. The time it would take to brute force the system is longer than the useful life of the data. That, and one of the duress passwords (always have at least 3) is "password". I promise anyone trying to break in will try that one early on and destroy the data they are trying to get.

It's a matter of time (0)

bogaboga (793279) | more than 5 years ago | (#26085595)

...Once the chip receives the lock-down message, it passes it to the Intel AT-p function, which is integrated into Intel's Centrino 2 with vPro technology platform. Unlike Lenovo's anti-theft solution, the Ericsson module includes GPS functionality as well..."

In a few months, this capability will be broken to my delight. Oh wait...where is that fella "DVD Jon?"

horrible idea (2, Informative)

ILuvRamen (1026668) | more than 5 years ago | (#26085603)

So when they see that their newly stolen laptop suddenly stops functioning, what do they do? They ditch it somewhere, and I don't mean sell it. You'll NEVER get it back then. I mean yeah it's supposed to stop people from stealing your much more valuable personal data but that should be password protected anyway with a directory hider/protector (not like a compressed archive file with a password cuz that's too slow) so why bother? Now people can just fake the signal and shut your laptop off so it seems like it causes more problems than it fixes.

Re:horrible idea (4, Insightful)

tomhudson (43916) | more than 5 years ago | (#26086011)

It'll become a source for used/spare parts. Need a battery? A charger? A new screen because you left your lappy on the car roof and drove off? A new keyboard because you spilled crap on it? A bigger hard drive? Extra ram? A new case? A spare drive caddy and connector? A cheap DVD/Blu-Ray upgrade?

The easily-disposed-of parts of a disassembled laptop are worth as much as the whole lappy.

Re:horrible idea (1)

houghi (78078) | more than 5 years ago | (#26088213)

The easily-disposed-of parts of a disassembled laptop are worth as much as the whole lappy.

A thief is not in it only for money. He is in it for easymoney. He rather get 1x500EUR then 6x100EUR. Also the market for new portables is larger then the market for parts.

Re:horrible idea (1)

tomhudson (43916) | more than 5 years ago | (#26099575)

The easily-disposed-of parts of a disassembled laptop are worth as much as the whole lappy.

A thief is not in it only for money. He is in it for easymoney. He rather get 1x500EUR then 6x100EUR. Also the market for new portables is larger then the market for parts.

What's this "thief" do - just steal high-end macs? The market for stolen laptops is going the same way as the market for stolen DVD players ... they're getting so cheap that most people will say "Why bother?"

Re:horrible idea (0)

Anonymous Coward | more than 5 years ago | (#26091787)

If all laptop were the same, I'd agree with you.

But they're not.

In fact, even for the parts that *are* the same, ie. components like disks and RAM, there really isn't much of a black market, and to make a worthwhile amount out of it, you'd have to steal a lot of laptops.

I don't see a lot of people go on laptop stealing sprees to sell the parts on the street or on Ebay.

Re:horrible idea (4, Insightful)

SanityInAnarchy (655584) | more than 5 years ago | (#26086155)

I mean yeah it's supposed to stop people from stealing your much more valuable personal data but that should be password protected anyway with a directory hider/protector (not like a compressed archive file with a password cuz that's too slow) so why bother?

Your ignorance is showing...

Compressed archive files are plenty fast, depending on what you're trying to protect. The real problem is, what happens when you "open" them? Most of the time, it'll be unpacking them to a temporary directory, opening them with some random program on your (unencrypted) hard drive (likely without anything to prevent it from being swapped out, so now your stuff is on disk in the clear twice), saved back to the temporary folder (three times, if you're still counting), and put back into the archive.

Plus, there's now a mention in Recent Documents, and all kinds of other information letting people know, at the very least, that you have some encrypted files, and what their names are.

This applies to Truecrypt also, by the way, unless you're using it for fulldisk encryption.

And if you're encrypting the whole disk -- where will you keep the encryption keys? How will you boot? Doing it in hardware suddenly makes sense -- probably a slight performance boost, also.

And once you're doing that, having a way to remotely destroy the crypto keys also makes sense -- if you're paranoid enough to encrypt your whole hard drive, this is the next best thing to putting thermite in the case and triggering that remotely instead.

It's not a deterrent, it's a way to make the crypto much more secure.

Re:horrible idea (1)

novakyu (636495) | more than 5 years ago | (#26087439)

And if you're encrypting the whole disk -- where will you keep the encryption keys? How will you boot?

I don't know about Truecrypt, but using the standard methods in GNU/Linux (I don't even know what it's called, beyond that it uses LUKS and the command I use is called "cryptsetup"), the encryption key will be on the hard drive itself, encrypted with a symmetric cipher (and ideally you would have a reasonably strong passphrase committed to memory).

On GNU/Linux "full disk encryption" requires a small unencrypted partition which contains the kernel and initrd, and initrd has the tools to decrypt the other partition and continue the full booting process.

Also, I don't think by "password protected" GP means such weak "encryption" as password protected archives. He probably means either GnuPG-encrypted material, or something that uses equally strong encryption. There are a lot of free software (and proprietary software, although I wouldn't know any) that uses encryption that even NSA would have hard time breaking, if ever.

Re:horrible idea (1)

SanityInAnarchy (655584) | more than 5 years ago | (#26096199)

the encryption key will be on the hard drive itself, encrypted with a symmetric cipher (and ideally you would have a reasonably strong passphrase committed to memory).

In which case, it's still a passphrase that must be remembered, and typed every boot -- which means there's an incentive for keeping it short and easy to remember.

On GNU/Linux "full disk encryption" requires a small unencrypted partition which contains the kernel and initrd, and initrd has the tools to decrypt the other partition and continue the full booting process.

It's actually trivial to just put /boot on a separate partition. What I used to do is keep /boot on a USB key, without a passphrase -- the assumption being that it was unlikely that both the laptop (in my backpack) and the key (in my pocket) would be stolen at the same time, and that the attacker would figure it out.

This is still better -- if the key is kept in hardware, and the OS never actually gets to see it, there's fewer ways to compromise it -- for instance, stealing it while on, cooling the RAM, swapping it into another machine, and reading the crypto keys straight out of RAM -- and it's also nice for this remote detonation method, which doesn't even require the laptop to be on.

Also, I don't think by "password protected" GP means such weak "encryption" as password protected archives. He probably means either GnuPG-encrypted material, or something that uses equally strong encryption.

Yes, I know -- all of which is moot when the attacker finds something in your temporary files or swap space.

I realize that crypto can be strong. But crypto isn't the weak link, it's either misapplied crypto, or software doing insecure things with the data once decrypted.

That's why I advocate full-disk encryption in the first place -- that way, it doesn't matter how poorly the software is written, as long as it's not actually leaking stuff over the network, the data is safe on disk.

Re:horrible idea (1)

jonaskoelker (922170) | more than 5 years ago | (#26088391)

And if you're encrypting the whole disk -- where will you keep the encryption keys? How will you boot? Doing it in hardware suddenly makes sense -- probably a slight performance boost, also.

You encrypt the disk with a master key K. Each user has a password p_u and a key generated from the password, K_u = pbkdf(p_u). Store K encrypted under K_u, for all u, on the disk. The user inputs his password on bootup, the system computes K_u, decrypts K, and is ready to use it for decrypting the disk.

You can destroy the keys with a little bit of dd magic; ask shred for some bit patterns, and/or add some layers of cryptographically random data.

If your CPU has the "aes" instruction, doing crypto in software is fast. You might be able to gain a little by doing it in hardware before it leaves the disk, but I think doing it in software is competitive. The performance differential cost buys you something: you can change keys (or ciphers) in a hardware-agnostic way.

It's a good idea, but... (4, Informative)

MrCrassic (994046) | more than 5 years ago | (#26085613)

It won't solve for another problem: losing the computer in an area without signal (like a train).

If the thief is smart (which is normally not the case), he can remove the hard drive right on the train or in that same area and completely avoid the SMS message. Unless, of course, the SMS can somehow be sent to the security chip without the interference of an operating system.

When I lost my Treo in the subway, the Good administrator for my hosted email service could not remote wipe the phone because it could never find service. It's possible that someone removed the SIM right away, but I'm sure that I lost it while getting off the train.

Nonetheless, it's a great idea that covers many other common circumstances. Fortunately, most thieves are petty thieves and wouldn't know that this module is there in the first place.

Re:It's a good idea, but... (1)

afidel (530433) | more than 5 years ago | (#26085797)

That's why Blackberry's are better than Treo's with Good, as soon as the device can talk GPRS or better it will get the wipe signal based on its PIN, it's not tied to the SIM.

Re:It's a good idea, but... (1)

MrCrassic (994046) | more than 5 years ago | (#26085951)

There are a lot of reasons why Blackberry devices are better than anything Good Technology can put out. Start with the basic stuff like UI and work your way up.

Re:It's a good idea, but... (1)

Hal_Porter (817932) | more than 5 years ago | (#26086037)

There are a lot of reasons why Blackberry devices are better than anything Good Technology can put out. Start with the basic stuff like UI and work your way up.

There's actually a company called Good Technology?

That's disappointing. I thought when the GP poster said "the Good Admin" he was talking about a company that had one Good Admin, several Incompetent Admins (who nuke the wrong laptops) and one Highly Competent but Evil Admin (he knows he's nuking it after you got it returned, but you can't prove he knows).

Re:It's a good idea, but... (4, Funny)

ceoyoyo (59147) | more than 5 years ago | (#26085875)

Foil lined laptop bags. For the modern laptop thief on the run.

Re:It's a good idea, but... (0)

Anonymous Coward | more than 5 years ago | (#26086129)

Actually what thieves will probably do is make something close to a Faraday cage. They already do this for shoplifting to bypass the theft alarm devices near the doors at stores. What they do is just take a bag and line the inside with tin foil. Its electro-magnetic shielding. Signals in and out of the bag are essentially blocked or reduced.

Sounds like a zesty match for "digital manners"... (1)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#26085621)

So, anybody else remember when we talked about [slashdot.org] "digital manners policies", the delightful form of DRM where devices selectively disobey you based on their environments?

Well, reading the patent application linked to in that article should give you all kinds of delightful ideas about what you could do with a computer that has some sort of embedded supervisor processor with GPS and a cell data link...

The hard drive maybe (1)

rogere (1353247) | more than 5 years ago | (#26085721)

They're talking about the processor and stuff, but what about the hard drive? I mean, in a list of what I want secured, isn't the HD the first thing anyone would check? What about it? There's nothing in the article, looks like an infomercial if you ask me...

Re:The hard drive maybe (2, Informative)

afidel (530433) | more than 5 years ago | (#26085749)

I'm assuming they are using the secure instruction included in recent Intel CPU's to talk to the TPM1.2 chip in the laptop and deleting the decrypt key from the keystore therefore making the recovery from FDE like BitLocker basically impossible.

Re:The hard drive maybe (1)

morgan_greywolf (835522) | more than 5 years ago | (#26085857)

First rule of data security: assume nothing.

Re:The hard drive maybe (1)

rogere (1353247) | more than 5 years ago | (#26085867)

Ok so you retain your privacy even if you lose your comp... unless as some said you take out the HD before the SMS, or add some tinfoil... but as some more said the thieves are in it for the hardware. Still if I were to steal private info, I guess I wouldn't bother and go for the recycle bin. Still seriously paranoÃd is one to buy that.

Re:The hard drive maybe (4, Informative)

afidel (530433) | more than 5 years ago | (#26086101)

Taking the HDD out gains you NOTHING, in theory it's already fully encrypted with 256 bit AES which is uncrackable by any currently known method. The idea is that there is only one real vulnerability in a TPM based system and that is the TPM chip's keystore and the databus that the TPM chip uses to talk to the CPU, if you erase the keystore and thus makes sure that both those pathways are neutralized there should be no possible way to retrieve the data off the disk. There's still the cooled RAM trick and possibly a trace of the key left in the disk controller's cache, but those are both VERY sophisticated attacks that have a very low chance of working even in lab conditions. Oh and I just thought of something, if the TPM keystore is wiped then the TPM trust web collapses and the machine should reboot thus flushing the key from ram.

Parts are worth more (4, Funny)

Matt Perry (793115) | more than 5 years ago | (#26085829)

No problem. Laptops are worth more when you sell the parts individually rather than the whole thing.

Re:Your sig (1)

inasity_rules (1110095) | more than 5 years ago | (#26086165)

No problem. Laptops are worth more when you sell the parts individually rather than the whole thing.

Like Cars?

Re:Parts are worth more (0)

Anonymous Coward | more than 5 years ago | (#26086887)

If that's the case, let's all go to Wal-Mart, buy everything they have on the shelves and get paid.

Re:Parts are worth more (1)

Hal_Porter (817932) | more than 5 years ago | (#26087189)

No problem. Laptops are worth more when you sell the parts individually rather than the whole thing.

Only most of the parts though, I still end up with the stripped carcasses propped up on bricks in the front yard.

My bitch neighbour Lurleen done called the sheriff about that again.

marketing gimmick (0)

Anonymous Coward | more than 5 years ago | (#26086205)

More of a marketing gimmick than anything else. Maybe an attempt to get stupid customers pay for some monthly fee "security" service, like alarm monitoring, OnStar, etc.

I am getting that creepy OnStar vibe... (3, Interesting)

Phizzle (1109923) | more than 5 years ago | (#26086237)

Another great "Big Brother" innovation. Can't you just imagine, during the next "threat escalation" all laptops get cockblocked "just in case" for the Greater Good ®, of the patriotic nation?

Re:I am getting that creepy OnStar vibe... (2, Funny)

Hal_Porter (817932) | more than 5 years ago | (#26087195)

DHSS eCleanup squad to slashdot sid 08/12/12/0050255, stat! We've got ourselves a rowdy one.

In other news... (1)

nitsnipe (1332543) | more than 5 years ago | (#26086243)

sales of lead-lined suitcases have increased heavily.

War SMS'ing (1)

nicc777 (614519) | more than 5 years ago | (#26086451)

Remember war dialling? Well, as soon as you know the SMS string, you can now start walking through number ranges and "lock" laptops - a whole new DoS attack :-) Cool :-)

Don't see the value (0)

Anonymous Coward | more than 5 years ago | (#26086731)

FTFA "One potential limitation to these designs is that the laptops have to be powered on in order to receive the SMS "kill" message. So if an enterprising thief is aware of the anti-theft technology, he might be able to disable the remote functionality simply by removing or disabling the broadband module. Therefore, if you are concerned about your data falling into the wrong hands, you'd be well advised to also password protect your laptop in both hardware and software, encrypt the hard drive, and even set up a policy that locks the laptop after repeated failed log-in attempts." Ericsson states that its anti-theft technology will be available in Centrino 2-based laptops by the second half of 2009."

Well, if you already know how to do all that properly - and actually do it - then it's hard to see what this innovation brings apart from a monthly cellular bill for your laptop.

System's already jacked, move along. (1)

girlintraining (1395911) | more than 5 years ago | (#26087095)

Relying on cell phone communication? If it's GSM, it's already been p0wn3d. info [binrev.com] . At the moment, it's only within reach of large corporations, but those barriers are artificial. There's also been development on creating a fake base station using a USRP (google it), a very nice piece of hardware kit that can do the signals processing necessary... So the hardware exists for $1000 to pull this hack off. Failing that, just pop the screws and cut the antenna leads to the internal wifi (which is likely the same antenna as the cell phone), or use a x-acto blade and cut the etching. Worse case scenario, look for the power pin(s) and cut them. Oh noes, I lost wifi ($30 for a cardbus card) and gained myself a free laptop!

When I can crack your security using a $5 hobby knife, you've got issues.

Re:System's already jacked, move along. (1)

girlintraining (1395911) | more than 5 years ago | (#26087127)

P.S. Taking out the battery works too. ^_^ Then just flip your cell phone open, find a place with zero bars, and plop down.

If you want to be fancy, build yourself a small faraday cage. Woo-woo...

For This Project You Will Need:
* replacement outdoor screening material, approx. 200sqft. You can get this at a Fleet Farm or online.
* 4 2x8s
* 2 2x16s,
* 1 50" extension cord,
* six metal rods approx. 6" in length (suggest construction reed bar)
* power stapler
* wood glue (or similar)
* hacksaw
* pile driver

Note: You don't necessarily need the metal rods, you can connect to any solid earth ground. I just figure if you're going to do it, do it right eh?

um... thieves with foil-lined rucksacks? (0)

Anonymous Coward | more than 5 years ago | (#26087957)

'All' a thief has to do is block the signal. Given how wireless and mobile reception is, wouldn't it only take 3 or 4 layers of aluminium foil to prevent the signal getting through? You could bond those to plastic to make a few study envelopes, then put the laptop in one, and put that in another, and put that in another, etc, and jam the whole lot into the laptop bag.

Would help for opportunistic thefts where the tealeaf isn't lugging a roll of cooking foil around.

GPS ? (1)

Ofloo (1378781) | more than 5 years ago | (#26088563)

This is privacy for security, .. sony will be able to track when you are online and where you are, with there gps module, .. this is not something i'm waiting for and what if there is an exploit in the system and it gets widely available to hackers, .. nothing is perfect, but such things shouldn't be in a computer, this is asking for trouble.

Finally a way to disable a botnet ! (0)

Anonymous Coward | more than 5 years ago | (#26088883)

Just send an sms to disable spam botnets...

The "-P" convention (1)

HTH NE1 (675604) | more than 5 years ago | (#26090127)

Intel AT-p

2200 Mission College Blvd., Santa Clara, CA 95054-1537

Worthless... (0)

Anonymous Coward | more than 5 years ago | (#26090269)

1) Steal Laptop
2) Remove hard drive
3) Throw away rest (w/broadband chip)
4) Sell data
5) Profit!

Isn't the real purpose here obvious? (0)

Anonymous Coward | more than 5 years ago | (#26092147)

This is being marketed as a theft-deterrent device and a data-loss prevention device. Yeah, that's it.

The real intent here is to create consumer demand for a foot-in-the-door approach to controlling computer usage among users. Downloading copyrighted material? BZZT - now your laptop is dead. Using unauthorized applications or operating systems? BZZT - now your laptop is dead. Making comments in chat rooms that don't tow the homeland security line? BZZT - now your laptop is dead.

This is just "trusted computing" in sheep's clothing. If manufacturers can create consumer demand for this, it will be easy for the government and the RIAA (mostly synonymous, I know) to co-opt it for their purposes at some point down the road.

long live OEMs (1)

tapr00t (1255430) | more than 5 years ago | (#26092583)

humm. another trustworthy firmware piece of code I have no control of. great. but why should I care - I'm running a open platform ! i can verify every single line of code I'm running ! think again. the hw barrier endures - coding is much easier than pcb printing. So you end up with g00gle pitching android as 'open and free' while restricting any root privileges, your TPM chip busy DRM'ing on your behalf & your TiVo phoning home. how long until your LCD denies you playing videos ? what will prevent Sony from taking another shot at RK technology at the firmware level ?

I know that asking for fully open hardware is asking for a lot - but seriously - can we compromise for any thing else ? I only hope I'll have the guts to swallow the performance penalty once such hardware exists.

Orbicule's Undercover (1)

decavolt (928214) | more than 5 years ago | (#26096437)

Undercover, from Orbicule, has been doing something similar for Mac laptops for a long time:

http://www.orbicule.com/ [orbicule.com]

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>