Ericsson and Intel Offer Remote Notebook Lockdown 105
MojoKid writes "Ericsson and Intel have announced that they are collaborating on a way to keep your laptop's contents safe when your laptop goes MIA. Using Intel's Anti-Theft Technology — PC Protection (Intel AT-p) and Ericsson's Mobile Broadband (HSPA)
modules,
lost or stolen laptops can be remotely locked down. Similar to Lenovo's recently announced Lockdown Now PC technology, the Ericsson-Intel technology uses SMS messages sent directly to a laptop's mobile broadband chip. Once the chip receives the lock-down message, it passes it to the Intel AT-p function, which is integrated into Intel's Centrino 2 with vPro technology platform. Unlike Lenovo's anti-theft solution, the Ericsson module includes GPS functionality as well."
lapjacking (Score:5, Insightful)
Re:lapjacking (Score:5, Informative)
Re: (Score:1)
I see way too many downsides to having remote lockdown. It can be abused too easily, and once the codes get leaked, there is no added security anyways.
Re:lapjacking (Score:4, Insightful)
Re: (Score:3, Informative)
plus the legitimate user just enters a passphrase and "poof" notebook is unlocked again.
http://www.google.com/search?hl=en&q=%22theft+deterrent%22+site%3Aintel.com&btnG=Search [google.com]
http://communities.intel.com/docs/DOC-2384;jsessionid=D59F43EDDFB0FCDAA907153C80E0539E [intel.com]
http://communities.intel.com/openport/community/openportit/vproexpert/blog/tags/at-p [intel.com]
some light reading for the paranoid. Besides this is targeted mostly at business (V-Pro?).
Re: (Score:2)
Return notebook to full functionality via:
 Local passphrase that was preprovisioned by user.
 Recovery token (one-time use) provided by IT.
 Simple, inexpensive way to restore notebook to full functionality without compromising local security features for data access disable or PC disable.
Re: (Score:2)
But, signed by whom? A central authorizing agency? That's just asking to be brute-forced or otherwise stolen. Combine that with the fact that the weak point in encryption is often the implementation, and it's possible that nefarious persons could find (and exploit) a hardware flaw.
Re: (Score:2)
Re: (Score:2)
wouldn't the built in broadband chip be a bigger danger?
Turning off a notebook is one thing. Reading off the data is another. I mean if you are going to worry something. Broadband chip plus GPS? Shutting it down would be the last thing I would worry about.
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
they don't.
at least not in my show where we are trialing it.
this plus seagate momentus FDE disks and we're golden.
Re: (Score:2)
Can I make blow up with a simple SMS message? Reminds me of a "The Broken" episode. More thermite!
Re: (Score:3, Funny)
Sure - just check the "Sony Battery" option.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
In case you were wondering why your joke failed, let me break it down for you:
1) You couldn't have decided to type that sentence until after the lockdown.
2)If you had been cut off you wouldn't have added the ellipsis.
Thank you, please try again.
Re: (Score:2)
And once the codes to do this leak into the wild, laptop hijacking and ransoms will be next.
Nah. More like a new level of DRM.
well (Score:5, Insightful)
good luck with that.
Re:well (Score:5, Insightful)
They crypto keys should be off-drive anyways (Score:3, Insightful)
Here's how I would build a lock-downable laptop:
BIOS/preboot environment: Looks to an external device, probably a USB stick, for part or all of the crypto key. Use that to decrypt boot loader on hard disk or other boot device and follow its instructions. Of course this should have a passphrase.
Boot loader will look to whereever it chooses for crypto keys for the rest of the drive. These may be the same keys as the bootloader used or they may be something else. They may be partially or completely downlo
Re:They crypto keys should be off-drive anyways (Score:4, Insightful)
Terrible idea. Now you have yet another failure point - losing the off-drive crypto keys. You don't even need to physically lose the USB key - just break it, have it die from static discharge, etc.
People lose things a lot more expensive all the time - ask anyone who's ever lost a cell phone, or left a laptop on the roof of their car, or lost their wallet or purse.
Re: (Score:3, Funny)
so uhm, keep a copy somewhere secure?
That still relies on the average user not being a retard, and having the presence of mind to do so. Sorry, and that ain't happening any time soon.
Remember, the moment you design an idiot proof system, someone invents a better idiot.
Re: (Score:2)
So why not just keep the laptop there instead?
Answer: Because I want to USE it.
In other words, this whole idea detracts from usability and convenience, which is why people get laptops in the first place. Easier to just remove the HD. It's not like it takes more than a minute, or is very large. Most laptops, you don't have to use the screws that hold the drive caddy in place, so just remove the 2 screws holding down the cover, pop the drive out, and your half-teraby
Re: (Score:3, Insightful)
The problem with a thumb drive security stick or removable hard drives and such is that they will all end up in the same bag as the laptop making the separation pointless when someone takes the entire enchilada.
Sure, you can keep them separate but lets be practical here. Keys end up making it onto key rings with other keys, phone numbers all make it to the same places, and so on. It will either be something that is lost or kept together for convenience reasons.
Re: (Score:2)
Nyet.
My thumbdrive (a Sandisk Cruzer Micro, the only thumbdrive I've ever found which fits securely next to my car keys) lives on my keyring. It hangs from the beltloop of my pants on a carabiner, and is always right there whenever it is not in use elsewhere.
So let's be practical. I don't think anybody is going to steal the thumbdrive on a key ring which is attached to my pants, along with my laptop, as long as I'm vigilant in removing the thumbdrive from my laptop whenever I'm out of sight of said laptop
Re: (Score:3, Funny)
don't think anybody is going to steal the thumbdrive on a key ring which is attached to my pants, along with my laptop
The way this parses, you make it sound like your laptop is attached to your pants.
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:3, Funny)
My thumbdrive lives on my keyring. It hangs from the beltloop of my pants on a carabiner, and is always right there whenever it is not in use elsewhere.
And who says slashdotters don't have any fashion sense?
Re: (Score:2)
Well sure that works for you.
But if you ever have any experience with end users, on probable yourself if you take an honest look, you will understand that they don't always do what they are supposed to do and they don't always follow the rules. Ever go over the speed limit?
Anyways, what this boils down to is that someone that you expect to follow the same regimen will end up not following through and it would be pointless for them at least. You also have the distract and swipe scams too. That is where you o
Re: (Score:2)
ask anyone who's ever lost a cell phone, or left a laptop on the roof of their car, or lost their wallet or purse.
This is /. there aren't any women here!
Re: (Score:1)
Re: (Score:2)
Well, that's one solution - drive a car that's worth the same as laptop ... you won't need keys - just duct tape to keep it together a la "The Red Green Show." :-)
Then again, if you put enough duct tape on your laptop, nobody's going to steal it, either -
Re: (Score:2)
Re: (Score:2)
What are you trying to accomplish with all these extra steps that any ordinary full disk encryption mechanism can't provide do right now?
Re: (Score:2)
making simple removal and replacement of the HDD insufficient to make the notebook pawnable.
Re: (Score:2)
what happened to just reformatting the encrypted drive and pawning it?
Re: (Score:2)
because the system won't boot. the protection tech is in the chipset not on the hdd.
-nB
Re: (Score:2)
Re: (Score:3, Informative)
Intel V-pro is on even when the computer is "off" unless on battery or no AC then V-Pro is on.
You can configure it to be:
on in S0 only
on in S0 and suspend
on in S0, Suspend, Hibernate, S5 (off, living on VSB power).
in the last mode listed it will accept a poison pill even when "off", so long as there is a network connected.
We've got a dozen machines with this in my shop right now. pretty cool tech. Not targetted at Joe sixpack, but I could see some hard-core geeks using it to turn on their machine remotely
Re: (Score:1)
So many companies (public and private), government agencies, and individuals alike want to make sure their data is safe or at least that it doesn't fall into the hands of the bad guys.
Funny thing is there are already at least a couple of good programs for laptop recovery [laptopcopsoftware.com] at least for Windows. (If memory serves there might be some Linux and Mac ones, too, at this point, but I digress.)
The Ericcson/Intel offering, wh
Re: (Score:2)
no, the funny thing is you're comparing some lame remote administration application with hardware/BIOS-based security features. you might as well install netbus/Back Orifice 2000/sub7 on your computer for all the good it'll do you. all the thief has to do is take out the laptop hard drive and mount it onto another system and they've bypassed this "cutting-edge" security program developed for government use in the "War on Terror" (yes, that's an actual line used by the makers of that software).
while the Leno
Re: (Score:2)
Re: (Score:2)
For loss of confidential data, you can already do full disc encryption using TrueCrypt (including the system disc).
Data theft != data loss (Score:2)
I suspect that this is less about deterrent and more about mitigating data loss.
In my dictionary, "data loss" means you don't have access to the data, whereas "data theft" means someone else has access to the data when they shouldn't.
Backups protect against data loss. Remote disabling protects against data theft.
Full disk encryption also protects against data theft if the laptop is off when stolen. Having the laptop shut down if mydnsname.org/laptop-id/shutdown doesn't 404 (cron job, every minute) would help against data theft if the laptop is on while stolen. If you have a bluetoot
only works if encrypted (Score:2)
This only works if the valuable data on the laptop is encrypted. Since, as we've seen, companies are perfectly content to put personal info of millions of people on completely unsecured computers, these kinds of features will remain in the domain of curiosity.
Until businesses are held financially responsible for ALL damage resulting from a data breach, no feature will make data secure.
Re: (Score:2)
But all they have to do is make this tie into firmware/BIOS so the OS running on top has 0 control, which is still easily disabled by either ph
Re: (Score:2)
Read the article this time.
Re: (Score:3, Informative)
Removing the chip on recent HP laptops is really easy - almost as easy as upgrading ram - it's
Re: (Score:2)
Presumably as standard you boot to a passcode, probably with the option to sync to Active Directory like Pointsec does, so if there's no GSM coverage you still need a password.
Re: (Score:2)
Every alarm system has a switch to disarm it. A "security system" for a retail without a fallback fail mode that is user-friendly will just not be accepted.
Government backdoor (Score:5, Insightful)
The question is if this... feature has a government backdoor to 'assist' in 'terrorism investigation.'
Re:Government backdoor (Score:4, Interesting)
many of us are thinking that, too.
it took 'this long' to come out with it. but its not really a 'hard' problem. think 'coordination' and 'keys' and 'multiple owners' and I bet you are thinking what I am.
this is a feature I would search to NOT have, quite frankly. and if I wanted it, *I* would implement it in a one-off private way.
Re: (Score:2)
The question is if this... feature has a government backdoor to 'assist' in 'terrorism investigation.'
Forget terrorism.
This is a wet dream for drug dealers, organized crime, corrupt politicians etc.
Normal procedure is to keep the computer as-is until they can do their forensics.
So unless the police have a faraday cage or pull the HSPA chip in time, they're screwed.
So you pretty much have to assume that there's a backdoor,
otherwise law enforcement and the Feds would be shitting bricks.
Re: (Score:1)
Please put your tinfoil hat back on.
Drug dealers don't keep records. They especially don't keep records in/on laptops. Cellphones are a different story, but it's not like there is a sales record in there.
In any case, any reasonably competent geek can make a laptop utterly impenetrable to forensic examination. No remote kill is required.
I have set up encrypted systems for high security usage. My personal computer uses the same system that I sell to customers.
1) Boot password.
2) OS password.
3) Encrypted s
It's a matter of time (Score:1)
...Once the chip receives the lock-down message, it passes it to the Intel AT-p function, which is integrated into Intel's Centrino 2 with vPro technology platform. Unlike Lenovo's anti-theft solution, the Ericsson module includes GPS functionality as well..."
In a few months, this capability will be broken to my delight. Oh wait...where is that fella "DVD Jon?"
horrible idea (Score:2, Informative)
Re:horrible idea (Score:5, Insightful)
The easily-disposed-of parts of a disassembled laptop are worth as much as the whole lappy.
Re: (Score:2)
Re: (Score:2)
What's this "thief" do - just steal high-end macs? The market for stolen laptops is going the same way as the market for stolen DVD players ... they're getting so cheap that most people will say "Why bother?"
Re:horrible idea (Score:5, Insightful)
I mean yeah it's supposed to stop people from stealing your much more valuable personal data but that should be password protected anyway with a directory hider/protector (not like a compressed archive file with a password cuz that's too slow) so why bother?
Your ignorance is showing...
Compressed archive files are plenty fast, depending on what you're trying to protect. The real problem is, what happens when you "open" them? Most of the time, it'll be unpacking them to a temporary directory, opening them with some random program on your (unencrypted) hard drive (likely without anything to prevent it from being swapped out, so now your stuff is on disk in the clear twice), saved back to the temporary folder (three times, if you're still counting), and put back into the archive.
Plus, there's now a mention in Recent Documents, and all kinds of other information letting people know, at the very least, that you have some encrypted files, and what their names are.
This applies to Truecrypt also, by the way, unless you're using it for fulldisk encryption.
And if you're encrypting the whole disk -- where will you keep the encryption keys? How will you boot? Doing it in hardware suddenly makes sense -- probably a slight performance boost, also.
And once you're doing that, having a way to remotely destroy the crypto keys also makes sense -- if you're paranoid enough to encrypt your whole hard drive, this is the next best thing to putting thermite in the case and triggering that remotely instead.
It's not a deterrent, it's a way to make the crypto much more secure.
Re: (Score:2)
And if you're encrypting the whole disk -- where will you keep the encryption keys? How will you boot?
I don't know about Truecrypt, but using the standard methods in GNU/Linux (I don't even know what it's called, beyond that it uses LUKS and the command I use is called "cryptsetup"), the encryption key will be on the hard drive itself, encrypted with a symmetric cipher (and ideally you would have a reasonably strong passphrase committed to memory).
On GNU/Linux "full disk encryption" requires a small unencrypted partition which contains the kernel and initrd, and initrd has the tools to decrypt the other par
Re: (Score:2)
the encryption key will be on the hard drive itself, encrypted with a symmetric cipher (and ideally you would have a reasonably strong passphrase committed to memory).
In which case, it's still a passphrase that must be remembered, and typed every boot -- which means there's an incentive for keeping it short and easy to remember.
On GNU/Linux "full disk encryption" requires a small unencrypted partition which contains the kernel and initrd, and initrd has the tools to decrypt the other partition and continue the full booting process.
It's actually trivial to just put /boot on a separate partition. What I used to do is keep /boot on a USB key, without a passphrase -- the assumption being that it was unlikely that both the laptop (in my backpack) and the key (in my pocket) would be stolen at the same time, and that the attacker would figure it out.
This is still better -- if the
Re: (Score:2)
And if you're encrypting the whole disk -- where will you keep the encryption keys? How will you boot? Doing it in hardware suddenly makes sense -- probably a slight performance boost, also.
You encrypt the disk with a master key K. Each user has a password p_u and a key generated from the password, K_u = pbkdf(p_u). Store K encrypted under K_u, for all u, on the disk. The user inputs his password on bootup, the system computes K_u, decrypts K, and is ready to use it for decrypting the disk.
You can destroy the keys with a little bit of dd magic; ask shred for some bit patterns, and/or add some layers of cryptographically random data.
If your CPU has the "aes" instruction, doing crypto in soft
It's a good idea, but... (Score:5, Informative)
If the thief is smart (which is normally not the case), he can remove the hard drive right on the train or in that same area and completely avoid the SMS message. Unless, of course, the SMS can somehow be sent to the security chip without the interference of an operating system.
When I lost my Treo in the subway, the Good administrator for my hosted email service could not remote wipe the phone because it could never find service. It's possible that someone removed the SIM right away, but I'm sure that I lost it while getting off the train.
Nonetheless, it's a great idea that covers many other common circumstances. Fortunately, most thieves are petty thieves and wouldn't know that this module is there in the first place.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
There are a lot of reasons why Blackberry devices are better than anything Good Technology can put out. Start with the basic stuff like UI and work your way up.
There's actually a company called Good Technology?
That's disappointing. I thought when the GP poster said "the Good Admin" he was talking about a company that had one Good Admin, several Incompetent Admins (who nuke the wrong laptops) and one Highly Competent but Evil Admin (he knows he's nuking it after you got it returned, but you can't prove he knows).
Re:It's a good idea, but... (Score:5, Funny)
Foil lined laptop bags. For the modern laptop thief on the run.
Sounds like a zesty match for "digital manners"... (Score:2)
Well, reading the patent application linked to in that article should give you all kinds of delightful ideas about what you could do with a computer that has some sort of embedded supervisor processor with GPS and a cell data link...
The hard drive maybe (Score:1)
Re: (Score:3, Informative)
Re: (Score:1)
First rule of data security: assume nothing.
Re: (Score:1)
Re:The hard drive maybe (Score:5, Informative)
Parts are worth more (Score:5, Funny)
No problem. Laptops are worth more when you sell the parts individually rather than the whole thing.
Re:Your sig (Score:1)
No problem. Laptops are worth more when you sell the parts individually rather than the whole thing.
Like Cars?
Re: (Score:1)
No problem. Laptops are worth more when you sell the parts individually rather than the whole thing.
Only most of the parts though, I still end up with the stripped carcasses propped up on bricks in the front yard.
My bitch neighbour Lurleen done called the sheriff about that again.
I am getting that creepy OnStar vibe... (Score:3, Interesting)
Re: (Score:2, Funny)
DHSS eCleanup squad to slashdot sid 08/12/12/0050255, stat! We've got ourselves a rowdy one.
In other news... (Score:1)
War SMS'ing (Score:1)
System's already jacked, move along. (Score:2)
Relying on cell phone communication? If it's GSM, it's already been p0wn3d. info [binrev.com]. At the moment, it's only within reach of large corporations, but those barriers are artificial. There's also been development on creating a fake base station using a USRP (google it), a very nice piece of hardware kit that can do the signals processing necessary... So the hardware exists for $1000 to pull this hack off. Failing that, just pop the screws and cut the antenna leads to the internal wifi (which is likely the same
Re: (Score:2)
P.S. Taking out the battery works too. ^_^ Then just flip your cell phone open, find a place with zero bars, and plop down.
If you want to be fancy, build yourself a small faraday cage. Woo-woo...
For This Project You Will Need:
* replacement outdoor screening material, approx. 200sqft. You can get this at a Fleet Farm or online.
* 4 2x8s
* 2 2x16s,
* 1 50" extension cord,
* six metal rods approx. 6" in length (suggest construction reed bar)
* power stapler
* wood glue (or similar)
* hacksaw
* pile driver
Note: You don
GPS ? (Score:1)
The "-P" convention (Score:2)
Intel AT-p
2200 Mission College Blvd., Santa Clara, CA 95054-1537
long live OEMs (Score:1)
humm. another trustworthy firmware piece of code I have no control of. great. but why should I care - I'm running a open platform ! i can verify every single line of code I'm running ! think again. the hw barrier endures - coding is much easier than pcb printing. So you end up with g00gle pitching android as 'open and free' while restricting any root privileges, your TPM chip busy DRM'ing on your behalf & your TiVo phoning home. how long until your LCD denies you playing videos ? what will prevent Sony
Orbicule's Undercover (Score:1)
Undercover, from Orbicule, has been doing something similar for Mac laptops for a long time:
http://www.orbicule.com/ [orbicule.com]
just use a server (Score:2)
If I can lock down my laptop, then how long until criminals and crackers find a way to lock it down as well using the same technology as a new DoS attack?
I think the problem of theft can be solved very easily by just not storing any data on any local machine, store everything on your own servers instead.
Here's a better idea (Score:1)