Ericsson and Intel Offer Remote Notebook Lockdown

MojoKid writes "Ericsson and Intel have announced that they are collaborating on a way to keep your laptop's contents safe when your laptop goes MIA. Using Intel's Anti-Theft Technology — PC Protection (Intel AT-p) and Ericsson's Mobile Broadband (HSPA) modules, lost or stolen laptops can be remotely locked down. Similar to Lenovo's recently announced Lockdown Now PC technology, the Ericsson-Intel technology uses SMS messages sent directly to a laptop's mobile broadband chip. Once the chip receives the lock-down message, it passes it to the Intel AT-p function, which is integrated into Intel's Centrino 2 with vPro technology platform. Unlike Lenovo's anti-theft solution, the Ericsson module includes GPS functionality as well."

Re:lapjacking

[afidel]

If it's like Lenovo's solution you have two levels of authentication, first the SMS number which sent the message is whitelisted (fairly easy to spoof I assume) and secondly the messages are cryptographically signed. I believe the whitelist feature is to keep from being DDOS'd with bogus messages which the card would have to attempt to decrypt.

horrible idea

[ILuvRamen]

So when they see that their newly stolen laptop suddenly stops functioning, what do they do? They ditch it somewhere, and I don't mean sell it. You'll NEVER get it back then. I mean yeah it's supposed to stop people from stealing your much more valuable personal data but that should be password protected anyway with a directory hider/protector (not like a compressed archive file with a password cuz that's too slow) so why bother? Now people can just fake the signal and shut your laptop off so it seems like it causes more problems than it fixes.

It's a good idea, but...

[MrCrassic]

It won't solve for another problem: losing the computer in an area without signal (like a train).

If the thief is smart (which is normally not the case), he can remove the hard drive right on the train or in that same area and completely avoid the SMS message. Unless, of course, the SMS can somehow be sent to the security chip without the interference of an operating system.

When I lost my Treo in the subway, the Good administrator for my hosted email service could not remote wipe the phone because it could never find service. It's possible that someone removed the SIM right away, but I'm sure that I lost it while getting off the train.

Nonetheless, it's a great idea that covers many other common circumstances. Fortunately, most thieves are petty thieves and wouldn't know that this module is there in the first place.

Re:The hard drive maybe

[afidel]

I'm assuming they are using the secure instruction included in recent Intel CPU's to talk to the TPM1.2 chip in the laptop and deleting the decrypt key from the keystore therefore making the recovery from FDE like BitLocker basically impossible.

Re:well

[tomhudson]

Scratch that, just remove the mobile broadband chip while its off (possibly sleeping or hibernating) then have fun either reinstalling an OS on it for personal use or decrypting the hard drive and having your way with the user's data.

... or just move the little switch on the front of the laptop (I didn't even notice it was there until one day I accidently turned it off and I couldn't get the wireless working).

Removing the chip on recent HP laptops is really easy - almost as easy as upgrading ram - it's in the same compartment, and you can just snip the lead if you want to leave the chip in there ...

Re:The hard drive maybe

[afidel]

Taking the HDD out gains you NOTHING, in theory it's already fully encrypted with 256 bit AES which is uncrackable by any currently known method. The idea is that there is only one real vulnerability in a TPM based system and that is the TPM chip's keystore and the databus that the TPM chip uses to talk to the CPU, if you erase the keystore and thus makes sure that both those pathways are neutralized there should be no possible way to retrieve the data off the disk. There's still the cooled RAM trick and possibly a trace of the key left in the disk controller's cache, but those are both VERY sophisticated attacks that have a very low chance of working even in lab conditions. Oh and I just thought of something, if the TPM keystore is wiped then the TPM trust web collapses and the machine should reboot thus flushing the key from ram.

Re:lapjacking

[networkBoy]

plus the legitimate user just enters a passphrase and "poof" notebook is unlocked again.

http://www.google.com/search?hl=en&q=%22theft+deterrent%22+site%3Aintel.com&btnG=Search [google.com]
http://communities.intel.com/docs/DOC-2384;jsessionid=D59F43EDDFB0FCDAA907153C80E0539E [intel.com]
http://communities.intel.com/openport/community/openportit/vproexpert/blog/tags/at-p [intel.com]

some light reading for the paranoid. Besides this is targeted mostly at business (V-Pro?).

Re:well

[networkBoy]

Intel V-pro is on even when the computer is "off" unless on battery or no AC then V-Pro is on.

You can configure it to be:
on in S0 only
on in S0 and suspend
on in S0, Suspend, Hibernate, S5 (off, living on VSB power).

in the last mode listed it will accept a poison pill even when "off", so long as there is a network connected.

We've got a dozen machines with this in my shop right now. pretty cool tech. Not targetted at Joe sixpack, but I could see some hard-core geeks using it to turn on their machine remotely to save power on the vast majority of the time they don't SSH in, but allow it on the rare occasion they do need an SSH connection.
-nB