Slashdot Mirror
Location-Based Encryption
davidwr writes "Eweek reports Apple co-founder Steve Wozniak has a new way to prevent theft of company secrets on stolen laptops: 'Wozniak offered a peek into his vision for the company on Ziff Davis Media's Security Virtual Tradeshow, where he introduced "wOz Location-Based Encryption," an application that uses GPS tracking within a wireless hub to encrypt and decrypt sensitive data for large businesses.' Today's encryption is good enough but I do like the tracking capability. Imagine your laptop screaming 'I'm being stolen! I'm being stolen!' and paging security as the janitor walks out the door with it."
All GPS devices I've come across simply stream out NMEA data from a serial port (or over a bluetooth connection). What would stop someone that really desperate to get the data from hacking the GPS module or the dongle so they can stream in their own forged (or recorded) NMEA data which reports the laptops current position to be where they stole it from (after all, they should remember)? Usually anything these days that requires a GPS uses a standard GPS module, and at some stage, the position data from it ends up in an interceptable form on the edge interface of some module. Hardly bulletproof security?
Our diversity is our strength
What if they had that for cars? Imagine someone tries to steal one and an alarm goes off! Everyone will pay attention and call the police right away. Car theft will be a thing of the past for sure...
Or does it?
In Soviet Washington the swamp drains you.
Some though would have to be applied to this, but a GPS system in your car that alerts you if some operational parameters are crossed would be nice.
"Hey, I'm being towed away from the parking garage, even though my keys are more than 100 yards from me"
...yup...
Zztxt Flrqtp fnz p47eltnzd.
Oh, I'm sorry, you need to move two steps to the left.
It seems like the real risk would be when you are on-site, traveling, etc. As a consultant, my laptop never leaves my side. I'd hate to have to "check out" every time I left the building. Also, I don't think I would like my employer having the possibility of tracking my every movement. Sure, you could turn off the tracking, but then you've lost the security as well.
Post-rock/Ambient/Drone and other noise.
...thieves put stolen laptops in bags lined with aluminium foil. (can also be used for hats)
Does anybody else see a problem with a laptop you can't use outside of the office?
It's not like you'd buy a laptop so you could TAKE IT WITH YOU and work outside of the office, or anything..
Ok, may be I'm missing something, but wouldn't a simple shut down get rid of this 'feature'?
And before you tell me how you can't shut it down without the apropriate password: Unplug / get rid of the battery. If you're stealing the notebook, why would you mind turning it off? After all, there'll be plenty of time back home to retrive the data.
Error! Unable to open file!
In order to open this file you must move 3 metres northwest of your present position
This has come up before- here is a link to a 2001 Wired article about the British intelligence services using laptops with ``a built-in electronic self-destruct mechanism that erases a laptop's hard drive if the case is opened by force'' when a code is forgotten, as well as ``a tracking feature that allows a computer gone astray to call home." This was after a spate of embarrassing episodes where laptops with lots of important info went missing. I don't know if it's been implemented but this does seem to have some interesting applications, potentially...
It's psychosomatic. You need a lobotomy. I'll get a saw.
I was always under the impression that laptops were supposed to be mobile (but maybe that's just me)...
It seems like this would be more useful for company systems that have highly proprietary, sensitive data on them that you wouldn't want moving around. I could see a very nice, dual G5 screaming "I'm being stolen" as the janitor carts it out with his supplies (though how it does that without a power source is beyond me, I guess you would need a secondary power source just for this system).
Also, and I'm really not trying to start a flame war here, but first, what's wrong with a janitor having a laptop, and why assume that it's a janitor stealing the laptop? I would guess that it's a disgruntled employee or just-fired employee (that's not properly escorted out) that would pull a stunt like that. And I would think that laptops are stolen from public places like libraries and parks rather and work places where I think a system like this might not be as useful.
"Throughout the entire process, Wozniak said the encryption key is controlled in a central location through a secure transmission. Because the wOz Platform and the wOzNet network are proprietary, he said it is not open to Wi-Fi spoofing or password sniffing."
proprietary != secure from sniffing
I wonder if it's based on the current wireless encryption or if it's something completely new.
There are 10 kinds of people in the world; those that understand binary and those that do not.
IBM Thinkpads have had RFID in them for a while now, to prevent them being taken out of specific areas.
Like tinyurl, but one letter less! http://qurl.co.uk/
A few years ago, a securtity head-honcho at my company gave a presentation about keeping confidential documents off our desks, because "you never know when the janitors can come in and just swipe it out with them. I know they don't speak Englis, but it doesn't take a lot to swipe stuff off a desk..."
I've had my fair share of stuff stolen, and it's never been a janitor.
Watch the Teaser Trailer for "The Lightning Thief" Her
So... how easy is it to spoof a GPS signal?
SteveB.
True, very true...
Also one should note that in most cases, when someones steals a laptop, it is for the laptop itself, and they couldn't care less for the data on it...as long as they can download the corresponding drivers later on...
One the laptop get sold, it'll suffer a quick reinstall. and the security dongle will become a nice high tech keychain 8)
+ This system assumes I have a physical access to the machine...
If I have physical access to the machine (usually you find them plugged into the network, and no screensaver password...) all I have to do is either install a quick soft from the net or from the cd/usb key I have with me...
Keylogger/bot/zombie/spyware/remote desktop... I can do whatever I want...and your security is breached...
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
I've been playing with a high-end GPS device recently, and the first thing I learned was that you can forget about getting a reading indoors. So how will this device work when there is no GPS reading in the office???
Wozniac is a nutjob no doubt about it. He'd still be a legend, though, even if it weren't for Apple. He was an early phreaker, and a good friend of John Draper - Cap'n Crunch for gods sake! He was an important figure in the Silicon Valley hobbyist community, and even if he hadn't done either Apple or phreaking he'd still be a footnote in the big book of commodity PCs because of that. Certainly more than you or I can claim.
He and Jobs didn't start their relationship selling computers together - they originally sold blue boxes. Woz still works for Apple, mostly as a consultant, and he and Jobs still collaborate (though Woz has claimed that on many occasions Jobs credits him with ideas that he had minimal participation in).
Since leaving Apple he's been as much a humanitarian with his skills and money as Bill Gates (though in smaller absolute amounts). He personally provides free tech support for the local school system, and (at least when System 8 was still cutting edge) held computer classes for preschool and elementary school kids. He's sponsered charity concerts, and more.
Problem with Wozniak is he has a great technical mind, a wonderful sense of playfulness, and even a good sense of what users want in products, but his business sense is poor. That's why there hasn't been as much output from Woz since leaving Apple - their hasn't been a Steve Jobs. Wozniak was the Paul Allen to Job's Bill Gates, and much like Allen, Wozniak has dabbled here and their, with no truly successful financial venture yet. That doesn't mean he's worthless
With my experience with GPS. They tend not to get a signal unless you are outside and have a clear view of the sky. When Driving in tunnals, or a road with a thick covarage of trees I tend to loose signal. And I have never got it to work while I was inside my apartment. Most people tend to use Laptops inside buildings and a lot of them are not nessarly near windows or have the window shades open (the heat of an afternoon sun in summer is pritty bad). So for most cases this will not work because they cannot get a GPS signal.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Imagine that your WEP gets encrypted with a key dependent on your location. A large company could enable campus-wide WIFI, but you would only be able to get on the network if you are inside one of the buildings. Not the ultimate protection, but one extra barrier.
10 ?"Hello World" life was simple then
I have a better idea - you build a pair of hardware keys that operate like rfid ID tags, sort of (except that the key would be battery powered and generate different keys based on what it was given for a timestamp - like a secureID card for a vpn).
You'd hang one of these little devices off your belt or on your keys or something. When the laptop is within a few feet of you, you can access the encrypted data. When it's not, you can't. Seems simple enough....now we just have to make sure that nobody gets smart and tapes the device to the laptop (or packs it in their laptop bag).
I've been in offices for many many years. There has been only one time the Janitor Did It, and it was a case of they put it somewhere we wern't expecting.
Can we stop with the steriotype? All of the janitors I have known have been honest, hardworking people that are just trying to make a living. While I a sure there are dishonest janitors around, I sure that like anywhere else the vast majority are not crooks.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
I have a 1st generation GPS device so maybe my info is out of date, but it has a hard time getting a location in heavy forest, never mind in a massive concrete and steel building. All this seems like it would rule out most real world applications, so I think something is missing in this story - Woz aint no dummy. Any conjectures?