Slashdot Mirror
Phoenix Unveils Anti-Theft BIOS
linuxwrangler writes "According to articles at PC World, c|net, Internet Week and elsewhere, Phoenix Technology is introducing a new BIOS-based anti-theft system. Every time a TheftGuard equipped machine connects to the internet it pings a server at Phoenix which can instruct the machine to wipe its hard drive, report its location or disable itself. Given that most people don't want to have their every movement tracked and don't want someone else to have the power to wipe their drives, Phoenix figures that corporate clients are the prime customer. I just wonder who is liable when a company sells a surplus laptop on eBay but gets their inventory control screwed up and reports it as stolen..."
Last I checked, the BIOS was in a socket. What stops someone from swaping out the bios chip before turning on the box?
If this technology were to fall into the wrong hands (read government, RIAA, others) life could truely suck. I hope it never materializes in its current form, or we could have a rather large problem on our hands.
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
What happens if the user is running Linux? I can't see the bios pinging anything without the help of the host OS. Let alone erasing hard drives. Linux will become the thieves OS of choice. It's my OS of choice when looking at a computer that's been disabled by a virus.
I logged more hours going back to corporate offices and disabling these "features" and assisting their admins mine out old data then I did installing them. I had to stand there and be told how "God damned stupid all of these features are, and how stupid Dell is for using them, and how stupid you are for working with Dell!!!!". This is when I was 19 and had no more business/customer support experience/skills then a guy serving fries at McDonald's. The shit sucked.
Murphy's Law dictates that the benefits of this idiotic and restrictive measure will be over shadowed by it's rare glitch and/or user incompetence which results in the loss of data.
What happens when your battery dies on the SQl server, and the default settings enact this horrid "feature" and your hard drive is slicked? How bad will it suck when it happens to the CEO's assistant's laptop and she comes storming into your pitiful excuse for a NOC right before you were supposed to go on lunch?
Just imagine (no, not a beowulf!) someone breaking into the Phoenix site and instructing every HD to wipe itself. Now Nimbda looks like a joke...
Opus: the Swiss army knife of audio codec
I am surprised that federal departments/agencies have not developed this yet given the large numbers of laptops that go missing every year. Some of them even have classified data on them with the classic example being a certain former head of the CIA who was a little loose with his Powerbook.
Visit Jonesblog and say hello.
just a thought: how many corporate (or otherwise) IT admins would actually trust a system that enables someone beyond their control to remotely wipe their hard drive clean?
what if you restrict the pings to the phoenix servers? i'm sure people will put up the IPs eventully.
and what if i completely disconnect it from the internet?
I'm the Devil the Windows users warned you about.
Microsoft, the RIAA, and other such organizations have been misusing the words piracy and theft to such an extent lately that the instant i saw anti-theft in the headline my immediate, visceral reaction was to think okay, whatever this is, it has nothing whatsoever to do with preventing theft, and is probably just there to prevent you from fully using your computer, until a split second later when I remembered who Phoenix is, and that if phoenix were selling an "anti-theft" BIOS that would actually be what it is.
-----
I wonder if we're going to just kind of accidentally grow into some kind of wierd, reverse "newspeak", like in 1984, except instead of the government purposefully banning negative words, dodgy politicians, media outlets, and corporate officials will simply misuse all of the negative words there are until they've all lost their meaning in the public mind.
[Sometime in the indeterminate future, New Palestinian Liberation Army breaks into Joe Archetype's house and robs him of all his belongings to sell on the black market to finance their bombing raids, and spraypaints PALESTINE FOREVER on the inside wall. Joe goes next door:]
"Help me! My home has been breached by terrorists!"
"Hm? What's the problem? If you have anti-war protestors in your home, can't you just ask them to leave?"
"This is serious! They've stolen all my furniture!"
"So.. they've made copies of all your furniture? Not very nice of them, i guess, but what's the big deal?"
"ARGH!"
"Maybe you can file a DMCA complaint, i guess."
I can't wait for the round of virii (outlook attachments) that trick this BIOS into thinking it's stolen.
Or, better yet, someone hacks Phoenix's server to tell all the BIOS's they are stolen.
This will be fun to watch.
When a TheftGuard-equipped system is stolen, the owner provides instructions through the TheftGuard web site. The next time the lost computer connects to the Internet, TheftGuard is activated and either disables the machine, wipes its hard drive, or transmits information on the physical location where the signal originates.
The problem with this seems to be that TheftGuard only performs actions after the stolen computer is connected to the Internet. And by the time that happens (if that happens) it's too late. My understanding is that when computers are stolen, the data on them is what's sought, as it is what's most valuable. And once the data is in the wrong hands, it's too late. The data on it can be copied to another place, and perhaps individual hardware components can be removed and sold. Am I wrong about anything here?
Laura
... I guess anything with Phoenix BIOS can't safely be used for mission-critical systems then.
I remember reading an interesting article somewhere about a guy who got his mac back by using some remote software on there. It reported its IP address every time the theif connected to the net and as I recall, the guy was uploading scripts to it and so forth to get it to do various things to help recover the box.
I remember thinking at the time that this was a neat idea, but having a third-party with the power to frag my hard drive does not fill me with comfort.
Regardless of how the system works at the technology level, it is potentially open to attack via social engineering... "Hi Phoenix, it's Fred from SCO... those nasty Linux people have pinched my laptop... yep, frag it please..."
Yup, time to tighten up my outbound firewall rules.
the no
Now, just how upset would you be if someone came to your door and said that the laptop you bought on eBay last week was stolen? Granted, you'd try to contact the seller to get your money back, but if he's been even the slightest bit clever about things, you might never find out who it was. Further, even if you *DO* find out who the guy is, you still won't get your money back because he'll probably be doing jailtime in the very near future, if he isn't already. Of course, you can legally sue him, but just how do you think you're going to collect?
Not that I'm saying that theft should be ignored... it shouldn't. But doesn't anyone think that efforts might be better spent on technologies that might enable them to catch the criminals *BEFORE* they exploit someone else?
File under 'M' for 'Manic ranting'
Does anyone recall the low-level format utility that used to be built into hard drive controller ROMS?
All we need now is some script kiddie to figure out the address of the "ZAP" routine in the Phoenix BIOS to jmp to, then the next outlook virus will cause hell. Change one instruction anywhere in your system's software (I guess boot sector is as good as any, before protected mode) to jump to that point, and all is lost.
Why bother with your own devious erase code, when Phoenix thoughtfully provides one for you?
You are in a twisty maze of processor lines, all alike.
There is a lot of hype here.
I see all these posts about sniffing and other attacks but how about the question of how Theftguard's website actually authenticates that YOU are the owner of the pc being reported stolen. What if the data needed is ON the pc or some other easily bypassed measure. This is doomed.
So if an evil minded Hax0r gets his hands into Phoenix' server, or manages to get at the keycodes and to redirect the trafic, he can wipe all of any corporations laptops if they adopted this scheme?
That means they're introducing a risc to get their business fscked (or rather formatted) if they depend on those laptops and need to connect them to the internet. I think that's a high price to pay to protect against the theft of a few laptops.
Also it doesn't even work: maybe it's hard to change the BIOS chip (given a replacement BIOS and the right equipment it should be doable), but if the thief is really interested in just the data he simply reads it without conecting the laptop to the internet, or he even removes the harddisk altogether and analyses its contents.
If they really want to protect their data they should go for encrypted filesystems or at least encrypt the sensible data so only authorized persons can access it, problem solved.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
So a virus that rewrites your DNS to point Pheonex's servers to itself will allow it to destroy an entire company in one fell swoop... Excellent.
OK, so they manage to kill the origional hard disk. What about the copy of the rest of the FS I have in a binary image, with no HBA involved?
Sorry, this isn't a deterent to people who have more than a trivial interst in the contents of a stolen hard disk.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
Your average criminal is looking for some fast cash, and doesn't know a damn thing about IP, firewalls or flashing the BIOS.
Mea navis aericumbens anguillis abundat
As it stands now, this looks like a bad idea, as expressed multiple times by many of the comments. Besides the technical problems, to me it points to a larger problem that is growing every day: Private businesses trying to provide law enforcement.
Assuming they could get past all the potential technical hurdles regarding security and authentication, we still are basically saying that a private company can alter/damage the contents of a computer legally without any coordination with law enforcement. That scares me.
Basically, this is sort of a computer version of low-jack. Which is cool. But in this version, it would be as if you could call up the low-jack people, have the car disabled, get a report of where the car is and take care of the matter yourself. Of course, as far as I can tell, low-jack doesn't work that way. My roommate can't find my documentation for the low-jack, make a phone call and leave me stranded just to play a joke.
I'd like to see this system in place. I for one sure would be happier to know that if somebody stole one of my laptops there was some method out there to recover it. But that's a job for the police, not some big business. Sure, Phoenix can build tools that I might buy that would assist the police, but I'd want to be dang sure that they can't do anything to one of my machines until the cops tell them it's all right. And the cops can't tell them that until I've filed a police report and asked them to do it.
Yes, I know that law enforcement has a long way to go to really get a handle on computer based crimes, and at the moment are pretty impotent in catching the bad guys. But what I don't like seeing is big faceless corporations coming in and picking up the slack.
The Internet is generally stupid
Eades hopes the TheftGuard logo--which could be presented in a visible place on the laptop--would itself deter thieves. By installing protection at the BIOS level, the standard process of reformatting or replacing hard drives won't work. The machine, then, is virtually useless to any thirds party (unless, of course, they can stay off of the Internet).
Exactly. As long as they stay off internet, nothing happends. And of course, the computer might be valueless then, if you don't wanna change any parts. But you can get out the data. And since the aim here is not to protect the computer (Well...that also since it can give location), but Data! And when you put a mark on a computer, it will say to the thief: Hey. Take me, but don't connect to the internet. If this shall work, it has to be hidden. I do not think I would connect such computer to the internet. So then you are back at starting line? Maybe a computer that called home, via satelite or GSM networks. Then it would be far more difficult to cut off. But again, then it would have to be "Don't call, we call you", the Phoenix side would have to call your box, saying hello, can you please get rid of that sensitive data?. Anyway, the BIOS is hardwired...so go on....change.
Assembling etherkillers for fun an profit
a computer gets stolen, thieve removes the harddrive, sticks it into a second computer (with an older BIOS) ..... and reads the disk.
How does this Hot New Protection from Phoenix protect business information/secrets ?
a full-disk encryption seems to be more effective
Oh gee, like thats gonna be REAL popular with people.. How long will it take an enterprising young 14-year-old to write a little hack that sits on a network, opens promiscuous mode on a NIC, watches for calls to Phoenix's verification IP, and answers back with a smurfed "AAGH! DANGER WILL ROBINSON!" reply before Phoenix, Inc. has a chance to?
And I, for one, don't want the operation of my machine to be wholly dependent upon whether or not it's connected to a public network.
Stupid idea, if you ask me.
You want PC security? A note on the wall that says "If you screw with this machine, I'll know, and i'm quite capable of kicking your ass, having you fired, or both." will do the trick nicely.
Seriously..When I was in HS, the guy who ran the computer room was massively anti-piracy. If he even *suspected* you were using pirated shit in the lab, he'd confiscate your disk and literally staple it to the wall. Got the point across.
Bowie J. Poag
1 TheftGuard BIOS enabled computer suite
1 Source address spoofed packet
1 Broadcast address
200 dead machines, well, until it reboots, fails to boot from c, boots from the network and copys a harddisk image from the file server.
I suggest to you that a military organization would use hardware that is sturdy and reliable, with quality encryption.
I also suggest that the computer hardware utilized for this job would not be permitted to exit certain areas through the utilization of access controls and a complex system of security clearance that only permits acceptable people to have access to data of various levels of classification.
You would have sealed rooms, sealed networks, safes, measures against electronic eavesdropping. Guard dogs and barbed wire, as well as guys with SAWs, are not out of the question either.
Lastly, i'd suggest that anything like the Phoenix system would be considered totally inappropriate because if you let the data get into a situation like that, you've already failed in your charge to keep the data secure.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
This idea goes completely against my most trusted and effective security practice. Don't give even the most trusted person more access than need, or in this case, don't give them an ability you wouldn't want anyone in the world to have. The idea of my computer being a tracking device, or for that matter wiping out it's hard drive is not appealing to me. Anyone know how good this things' authentication is?
Karma: Bad. Mostly because the only moderators that notice me are conservatives.