Slashdot Mirror
Phoenix Unveils Anti-Theft BIOS
linuxwrangler writes "According to articles at PC World, c|net, Internet Week and elsewhere, Phoenix Technology is introducing a new BIOS-based anti-theft system. Every time a TheftGuard equipped machine connects to the internet it pings a server at Phoenix which can instruct the machine to wipe its hard drive, report its location or disable itself. Given that most people don't want to have their every movement tracked and don't want someone else to have the power to wipe their drives, Phoenix figures that corporate clients are the prime customer. I just wonder who is liable when a company sells a surplus laptop on eBay but gets their inventory control screwed up and reports it as stolen..."
It was stolen. Police are investigating.
Damn Mozilla!
I logged more hours going back to corporate offices and disabling these "features" and assisting their admins mine out old data then I did installing them. I had to stand there and be told how "God damned stupid all of these features are, and how stupid Dell is for using them, and how stupid you are for working with Dell!!!!". This is when I was 19 and had no more business/customer support experience/skills then a guy serving fries at McDonald's. The shit sucked.
Murphy's Law dictates that the benefits of this idiotic and restrictive measure will be over shadowed by it's rare glitch and/or user incompetence which results in the loss of data.
What happens when your battery dies on the SQl server, and the default settings enact this horrid "feature" and your hard drive is slicked? How bad will it suck when it happens to the CEO's assistant's laptop and she comes storming into your pitiful excuse for a NOC right before you were supposed to go on lunch?
Just imagine (no, not a beowulf!) someone breaking into the Phoenix site and instructing every HD to wipe itself. Now Nimbda looks like a joke...
Opus: the Swiss army knife of audio codec
just a thought: how many corporate (or otherwise) IT admins would actually trust a system that enables someone beyond their control to remotely wipe their hard drive clean?
Wiping the drive after it is removed from the machine is a pretty neat trick.
Why do you view the BIOS as being able to do nothing without the host os?
If the BIOS pings a server using the onboard nic before it tries to bootstrap to a drive, it would be very difficult to disable this...
When a TheftGuard-equipped system is stolen, the owner provides instructions through the TheftGuard web site. The next time the lost computer connects to the Internet, TheftGuard is activated and either disables the machine, wipes its hard drive, or transmits information on the physical location where the signal originates.
The problem with this seems to be that TheftGuard only performs actions after the stolen computer is connected to the Internet. And by the time that happens (if that happens) it's too late. My understanding is that when computers are stolen, the data on them is what's sought, as it is what's most valuable. And once the data is in the wrong hands, it's too late. The data on it can be copied to another place, and perhaps individual hardware components can be removed and sold. Am I wrong about anything here?
In my organization, we have been using Computrace which serves the same function. The software installs into the computer's boot sector and is nearly invisible if you don't know to look for it. It contacts the Computrace NOC frequently over IP or modem and reports it's IP address (or caller ID). We now have a pretty nice log of where all our laptops go. The software isn't capable to destroying or disbling the PC, but it's invisibility and reporting features are enough to make it useful.
Computrace reports having retrieved a number of stolen computers based on the data reported by the software. It's definitely useful for any corporate IT department!
From my experience, CEOs usually have very very fine assistants.
Hey, maybe she is actually very technically capable, and consciously activated the erase-all-data feature just so have an excuse to talk to you, give you a chance to ask for her extension etc. =)
Aww shutup and let me daydream.
My life in the land of the rising sun.
"Since TheftGuard's also in the BIOS, even if you remove the hard drive, we can still track or disable the machine, or wipe the drive," he said. Another trick that can eradicate anti-theft software -- running FDISK to reformat the drive -- also is foiled by TheftGuard's place in the HPA section of the hard drive, which is immune to simple reformatting tools.
Any hard disk forensics person will tell you the wonders of dd and netcat working together. Adjust the dd parameters a tad, and the HBA is no longer a problem. If they think the bad guys don't have access to this knowledge, they're as FDISKed as they seem.
This is seriously stupid, so it must have come from marketing, not the techies.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
It always amazes me when some student at my campus steals a lab computer and doesn't think that our DHCP server will let us know the next time it gets plugged back in to our network. Over half our stolen computers get recovered that way. Just last night, one was stolen (end of the academic year is always bad for theft) and the kid decides to plug it in in his room. He really should have waited 5 more days to use it and he would have graduated on time. Now he is facing expulsion. Idiots!
I think some of the technical folks on here have missed the point: A 'ping' signal doesn't have be the regular ICMP ping. It could be any sort of protocol that requests an echo back from the target.
...just my 3 cents worth (Canadian funds :-)
I do think that an awful lot of people on here are getting the point: What happens when I, mister malicious black
hat decides to spend a little money on research material and aquires, by one menas or another, a few of these units for destructive testing and reverse engineering? Now I can spoof the Pheonix server on any given LAN and - proof - Merry Christmas, Bob's your uncle!
I can see the military and paramilitary organizations liking something like this. I'd also be surprised if they don't have something similar under lock and key right now. If I recall, most of the concern over the laptops wasn't over the data on them, but more over how the security procedures when awry. There were one or two that went missing from internal areas that wouldn't have been equipped for travel, but they likely wouldn't have been protected by this system either.
Personally, I think people fall into one of two categories:
1) The stupid/ignorant. These people wouldn't buy this BIOS anyway. They're gonna be hooped when their data gets lost/stolen.
2) The paranoid. These people are probably already using strong encryption, finger print scanners, etc. They're gonna be hooped as well... unless they were paranoid enough to do regular backups! Admittedly, the thief won't have access to the data, but I suspect most of the stolen laptops get wiped shortly after the thief copies the porn off for his own amusement anyway.
I see IT managers loving this because it covers their arses. I see the users either not needing it or not liking it.
-Rob
It's cheep security, None of the peripherals seem to be protected and that's the meat of any system.
If you buy a used PC with that system in it you should have the ability to contact the maintainer of the system to work out ownership transfer. There should be no fee for this.
Prediction by MrPredicter:
One week after deployment a copy of the BIOS will be posted to usenet, Seventy Six Milliseconds after that it's cracked, patched and offered on WareZ sites with instructions on how to burn, unplug or desolder and install the new chip.
Fixing the above, off the top of my head:
Hardwired into the motherboard is a distributed encryption device that holds all of the motherboard chips, drives, ram and compatible installed cards in an inactive state until a USB or other device is insterted. The unlocking device needs to have been activated with a PIN prior to insertion so that the secret key inside can encrypt a challenge response with the devices in the computer. The device in the computer should also do realtime transparent encryption of the drives and offer network encryption as it would be trivial to add. Internal keys in the device would be the provence of the local IT security staff, they could not be changed by the user.
One nice feature of this method is that, with a well setup OS each users network presence (data, settings, drives ect) could be transparently encrypted, each PC would be generic with no user or company data stored on the PC just on the network. Other networkable protocols could be implemented. I think Linux is close to part of this done in software.
The device would need to be distributed, that way an attacker would have to compromise every device in the computer to make any use of the computer. Even the ram would not be of use.
It would be possible to do this in a compatible way to protect the addons use extenders/risers that contain the encryption receivers which would be epoxied to circuit cards, drives and ram would slightly reduce cost and void warranties but allow easier upgrades by just adding a riser. The other method is to order specially modified hardware and only the Motherboard needs this. Yes, there are all sorts of drawbacks mostly stability issues and the CPU is stil not protected from theft.
Isn't there some sort of specification for all this, this didn't just come to me a vacuum, well I vacuumed it up, most probably from the cypherpunks mailing list but can't remember.
Total added cost to the PC, too much:
Just hire a damned good degreed security specialist and a retain a good physical security consultantcy and let them work with a team of people to implement a reasonable security system and stick with it. Add to that good training for the security people and rigorous *reoccuring* background checks. Also a mid/upper level management that actually listens to the experts in this is needed, eviserate the dead weight as needed.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
Ok, so if you "acquire" such a laptop/desktop, just flash the BIOS before connecting to the net. Don't feel like scrounging around for a floppy? Ok, block the laptop MAC at your firewall, plug in the ethernet cable, log where it attempts to go, and redirect that hostname to 127.0.0.1, again problem solved. This is weak stuff that only the absolute dumbest of criminals would fall for.
That said, the interesting part would be to find out what the BIOS uses to identify the PC to the TheftGuard server. My guess is the (yawn) MAC address since it needs to be connected to the 'net to be effective. So change the MAC if it's programmable on the NIC in question, or (if it's not a laptop) just toss the NIC in the trash and spend $10 on a new one.
They'll probably sell a lot of these to CIOs who think they can outwit industrial spies. Yeah, it's better than nothing but the level of security they're making it out to be is way beyond it's piss poor practical value.
Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws-Plato
<CARRIER DISCONNECTED>
Dude, if you're gonna act all I-was-hip-way-back-in-the-BBS-days, at least get it righ&' 8Ré
NO CARRIER
Oh gee, like thats gonna be REAL popular with people.. How long will it take an enterprising young 14-year-old to write a little hack that sits on a network, opens promiscuous mode on a NIC, watches for calls to Phoenix's verification IP, and answers back with a smurfed "AAGH! DANGER WILL ROBINSON!" reply before Phoenix, Inc. has a chance to?
And I, for one, don't want the operation of my machine to be wholly dependent upon whether or not it's connected to a public network.
Stupid idea, if you ask me.
You want PC security? A note on the wall that says "If you screw with this machine, I'll know, and i'm quite capable of kicking your ass, having you fired, or both." will do the trick nicely.
Seriously..When I was in HS, the guy who ran the computer room was massively anti-piracy. If he even *suspected* you were using pirated shit in the lab, he'd confiscate your disk and literally staple it to the wall. Got the point across.
Bowie J. Poag
you forgot the suggested: ;) i honestly wonder how some people get their degrees.
2 viruses = virii
3 viruses = viriii
and so on. now doesn't that make one feel educated?
i guess an unknown quantity of viruses would be vir(i*)... as in, "well, there are many vir(i*) that could be the end of humanity." *shakes head in wonderment*
No, no, no.. It's inelegant to extend a latin root by just adding extra "i"s.. To be true to the spirit of the language, surely it would be more appropriate to proceed thusly:
4 viruses = viriv
9 viruses = virix
1001 viruses = virmi
etc..