Lenovo Service Disables Laptops With a Text Message

narramissic writes "Lenovo plans to announce on Tuesday a service that allows users to remotely disable a PC by sending a text message. A user can send the command from a specified cell phone number — each ThinkPad can be paired with up to 10 cell phones — to kill a PC. The software will be available free from Lenovo's Web site. It will also be available on certain ThinkPad notebooks equipped with mobile broadband starting in the first half of 2009. 'You steal my PC and ... if I can deliver a signal to that PC that turns it off, hey, I'm good now,' said Stacy Cannady, product manager of security at Lenovo. 'The limitation here is that you have to have a WAN card in the PC and you must be paying a data plan for it,' Cannady added."

Re:Implementation?

[chrb]

It looks like the disable is handled in the BIOS, so either the GPS hardware is capable of receiving SMS texts while the laptop is hibernating, or the text is received when the BIOS boots up. Either way, you just have to send one text - your cell network provider will store and forward it to the receiver, it's just a regular text.

Re:Interesting

[RMH101]

Not if you're using the built-in hardware encryption, it can't.
And IBM are not going to give anyone a recovery password without proof of ownership.

Re:Always assuming ...

[RMingin]

Yes, it'll probably be as secure as the Lenovo BIOS supervisor passwords.

(Hint: Supervisor password? Get a paperclip. The data pin goes to ground, boot laptop. Enter bios. Remove paperclip, set [new] supervisor password. It overwrites the old one. Which chip to mess with and which pins are which I leave to you and Google. Shouldn't take long.)

Re:reinstall?

[chrb]

It isn't quite that simple on a ThinkPad - the BIOS password is tied in to the TPM chip. And I really doubt your average thief is going to be building custom hardware and soldering it to the laptop mainboard...