Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lenovo Service Disables Laptops With a Text Message

Posted by kdawson on from the say-the-magic-word dept.

narramissic writes "Lenovo plans to announce on Tuesday a service that allows users to remotely disable a PC by sending a text message. A user can send the command from a specified cell phone number — each ThinkPad can be paired with up to 10 cell phones — to kill a PC. The software will be available free from Lenovo's Web site. It will also be available on certain ThinkPad notebooks equipped with mobile broadband starting in the first half of 2009. 'You steal my PC and ... if I can deliver a signal to that PC that turns it off, hey, I'm good now,' said Stacy Cannady, product manager of security at Lenovo. 'The limitation here is that you have to have a WAN card in the PC and you must be paying a data plan for it,' Cannady added."

60 of 257 comments (clear)

  1. Frist psot? by h4x354x0r · · Score: 5, Funny

    From a stolen lapt

    --
    They were right - the revolution did not get televised. It was posted on YouTube instead. All in 120 characters. SLOOSH!
  2. Interesting by Anonymous Coward · · Score: 4, Funny

    Pretty interesting security feature but not if your buddies get a hold of your cell phone.

    1. Re:Interesting by sgbett · · Score: 3, Informative

      I think you need to find different friends

      --
      Invaders must die
    2. Re:Interesting by chrb · · Score: 3, Informative

      Hardly. You can regain access to the laptop just by typing in a recovery password.

    3. Re:Interesting by theaveng · · Score: 3, Insightful

      Even if they don't, this gives a false sense of security.

      "if I can deliver a signal to that PC that turns it off, hey, I'm good now." Um, no, you're not. The thief can remove the hard drive and connect it to another PC to read its content.

      --
      FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
    4. Re:Interesting by RMH101 · · Score: 4, Informative

      Not if you're using the built-in hardware encryption, it can't.
      And IBM are not going to give anyone a recovery password without proof of ownership.

    5. Re:Interesting by efuzed · · Score: 3, Interesting

      Not IBM; Lenovo, and will the Chinese government be able to now stop noisy bloggers better?

    6. Re:Interesting by Abstrackt · · Score: 3, Insightful

      I think you need to find different friends

      I think almost everyone has an asshole "friend" that would pull a stunt like that.

      --
      They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
    7. Re:Interesting by AmigaMMC · · Score: 3, Funny
      >I think almost everyone has an asshole "friend" that would pull a stunt like that.

      I think you stopped being my friend a long time ago. :-p

    8. Re:Interesting by poot_rootbeer · · Score: 2, Interesting

      IBM are not going to give anyone a recovery password without proof of ownership.

      And even if they did, it wouldn't do the thief much good, as these laptops are sold and supported by Lenovo, not IBM.

    9. Re:Interesting by LandDolphin · · Score: 3, Informative

      IF the person who stole your laptop knows their way around a computer, sure. But the average person still is barely capable of navigating MySpace. If they press the power button, and it does not log on, it is going to be useless to them.

      --
      Spelling and Grammar errors have been added to this post for your enjoyment
    10. Re:Interesting by SanityInAnarchy · · Score: 5, Funny

      Acid?

      Real Men use Thermite.

      Bonus: If the thief is holding it in their lap at the time, they have been REMOVED from the gene pool.

      --
      Don't thank God, thank a doctor!
    11. Re:Interesting by nobodylocalhost · · Score: 2, Informative

      it is precisely because you are using disk encryption that you need a feature like this to complement it. Disk encryption only works to lock people out when you need to boot. That means if a computer is on because you entered the password at boot time, disk encryption doesn't do anything to protect your data. By forcing it to shutdown using text message, you just made sure others cannot start it without knowing your pass phrase.

      --
      Where is the "Ignorant" mod tag?
    12. Re:Interesting by redxxx · · Score: 3, Insightful

      This is not about data protection. It is about making the device unusable. Just like you can block your phone when it is stolen.

      It will not stop thiefs of stealing your device. It will not protect your data. As far as I read it does not even claim to do that.

      So, all the talk about how this forces the drive encryption to activate by requiring a shutdown rather than a suspend/hibernate wasn't about protecting data?

      from TFA:

      Since hard disk drive encryption will not work properly if the PC is running or in hibernation mode, this disable feature ensures that the data is secure by shutting the machine down and allowing the hard disk drive encryption to work. If and when the ThinkPad laptop is recovered, the user can restore the notebook, its settings and the data contained on the PC by entering a password.

      So, there is nothing about protecting the data? Carry on.

    13. Re:Interesting by smellsofbikes · · Score: 2, Interesting

      I saw that when hackaday originally wrote it up and was curiously intrigued, let's put it that way. Their setup seems to be lit off by hand rather than remotely. (It just says they used sparklers to light it.) It'd be nice if it were A: automated, so it could be triggered by a remote alarm system, and B: pretty foolproof. Were I to do this, one thing I'd consider is using an external hard drive, or at least a bank of relays on the power to the system, that cut out when the thermite dumps, so you wouldn't have live power in the midst of a metal-based fire.

      I wonder if an electrical igniter for model rocket engines could start a sparkler on fire... Hm. Tomorrow's a holiday and I have some time to experiment.

      --
      Nostalgia's not what it used to be.
    14. Re:Interesting by feronti · · Score: 2, Insightful

      An Estes igniter probably couldn't do it unless you dipped it in extra pyrogen. A Daveyfire electric match, on the other hand would probably be able to do it, though... they're used to ignite AP composite motors in high power rockets. Or, you could use the exhaust from a small (say a D or an E) AP motor... it has the benefit of lasting a lot longer than the match would, and doesn't need a LEP to get a hold of (Daveyfires are also used to ignite pyrotechnic displays, and other low-explosives, so IIRC, you need a permit to get them).

    15. Re:Interesting by kill+-9+$$ · · Score: 2, Interesting

      And then like any good thief they'll go and throw out or use your laptop for target practice. I think laptop LoJack for Laptop would probably be a better service if they're going through the trouble of putting a WAN card in and what not.

      They must have something like that already, right?

      --

      -- A computer without COBOL and Fortran is like a piece of chocolate cake without ketchup and mustard
    16. Re:Interesting by danieltdp · · Score: 2, Funny

      I don't have such a friend! Oh, BTW, I loved the prank idea. I have to get some of my friends with it.

      --
      -- dnl
    17. Re:Interesting by Mozk · · Score: 2, Interesting

      But the average person still is barely capable of navigating MySpace.

      Is anybody capable of navigating MySpace? I have never seen such a crudely designed website in my life. Perhaps it has gotten slightly easier to use over the past year, but only by adding a metric fuckton (approx. 4481.099526 avoirdupois lb) of unnecessary JavaScript. Honestly, I'm not trying to troll here. The code looks like a bunch of people decided "Hey, your team develop half the site in Dreamweaver, and we'll do half in FrontPage" and threw the result together.

      --
      No existe.
  3. Useless by mentaldingo · · Score: 2, Insightful

    Things a thief can still do:

    • Jammers
    • Reflash the BIOS
    • Remove the GSM chip
    • Or if they're after your data, open it up and take out the HDD

    Honestly, this is completely useless against even a moderately sophisticated thief.

    1. Re:Useless by sgbett · · Score: 2, Insightful

      Depends what you mean by useless.

      Having been in this position, the thing that bother me is not the material loss of the laptop (though It would be nice to know they stole junk) but the data contained on it. So long as your drive is encrypted, then this thing is a bonus

      --
      Invaders must die
    2. Re:Useless by chrb · · Score: 5, Interesting

      The vast majority of thieves aren't even going to realise that this service is enabled. They certainly won't be deploying GPS jammers or reflashing the BIOS or opening the laptop up. And TFA article mentions that the whole point is to protect data by allowing users to shutdown access to an encrypted HDD that might still be open.

    3. Re:Useless by Lumpy · · Score: 4, Insightful

      Thieves typically dont have the IQ to do any of that. When I was robbed, we nailed the thief not only from the video cameras that he looked right at to give us a awesome face shot, but he stole my daughters cellphone. He left it on all the time reporting his position. The cops had his ass in less than 24 hours.

      Honestly thieves barely know how to use a screwdriver outside of prying a door or window with it. You seriously think one would do the delicate task of opening a laptop or flashing the bios? That's plain old funny.

      --
      Do not look at laser with remaining good eye.
    4. Re:Useless by digitalchinky · · Score: 2, Funny

      While it may be some comfort that ones encrypted data gets to stay secret, and this might be enough for many, I'm on the side of the fence where I'd want to tasar the theif, in the neck, in the guts, in the arm pits, in the groin, in the mouth, and so on and so forth. Even if it is just a crappy old work laptop.

      Maybe there's some way to rig it up so that the phone call can activate a bit of a hot power button, push it and it triggers the zapping goodness.

    5. Re:Useless by billcopc · · Score: 5, Funny

      Just use a Sony battery. It will explode in their lap, sooner or later!

      --
      -Billco, Fnarg.com
    6. Re:Useless by Thelasko · · Score: 5, Insightful

      Thieves typically dont have the IQ to do any of that.

      Remember, there are two kinds of thieves. There are amateurs and there are pros.

      Amateurs are desperate people, usually because of an addiction of some sort, who steal whenever an opportunity presents itself. They see a car with an unlocked door, or an open window and they act. These people are the most common type of thieves, and will be caught with this technology.

      Professionals steal things for a living. They are very calculated and know all of the security measures people use, and how to avoid them. This technology will not stop a professional. In fact, nothing will stop a professional. Professionals are why you buy insurance.

      Fortunately, there aren't many professional thieves. When you think about it, it's very difficult to become a professional thief. This is because a pro cannot be desperate. They need to have time to study their target and come up with a plan of attack. This requires a person with a certain personality, that doesn't steal out of last resort, but steals for some other reason. There aren't many people like this in the world, and most of them are caught before they become very good at stealing.

      My favorite piece of information about stopping thieves can be found here. (Warning, link contains flash video)

      --
      One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
    7. Re:Useless by Kent+Recal · · Score: 5, Funny

      Exactly. Smart thieves perform a thorough risk/reward calculation and a lot of planning before they go for target. They are near impossible to catch.

      I, for one, regularly steal rolls of toilet paper from work.
      I'll never get caught because I put a lot of forethought into each coup and perfectionized my strategy over years. I only lift one roll at a time so it doesn't get noticed and so I can at any time pretend to be just carrying it around because I need to "clean my desk or something". Plus, I always drop the roll into my bag while sitting at my desk and without looking down. Eyes must be focussed on screen, innocent facial expression - nobody would ever notice from a distance that I'm performing a felony under the table in just that moment!

      Bare the occassional accident (when I miss the bag and have to crawl under the table to recover the loot) I think I can safely claim that the perfect crime is possible and I have mastered it.

  4. Hmmm by TheSpoom · · Score: 3, Insightful

    My normal Slashdot cynicism wants to find a problem with this technology, but I can't so far, other than that a smart thief would just make sure to remove the WAN card and flash the BIOS (possibly with a new serial number or the remote disable, uh, disabled).

    You win this time, Lenovo. *shakes fist*

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
  5. Implementation? by number17 · · Score: 2, Interesting

    The article is pretty slim on how this is actually going to work. Do I assume that I make the phone call once and Lenovo will constantly try to connect with it until it is successful? If not, how many times do I call it until I cut off my data plan?

    I would like to be able to turn this off in the future when attempting to sell the laptop as well.

    1. Re:Implementation? by chrb · · Score: 4, Informative

      It looks like the disable is handled in the BIOS, so either the GPS hardware is capable of receiving SMS texts while the laptop is hibernating, or the text is received when the BIOS boots up. Either way, you just have to send one text - your cell network provider will store and forward it to the receiver, it's just a regular text.

  6. Meh... by Lurker2288 · · Score: 4, Funny

    This would excite me more if I could send a remote command that would detonate a small brick of C4 in the laptop. Why disable the computer when you can disable the thief?

    1. Re:Meh... by mentaldingo · · Score: 2, Insightful

      You could always mod your laptop to generate a spark when the kill signal is received. Then all you need to do is pack it with C4.

    2. Re:Meh... by couchslug · · Score: 4, Funny

      "You could always mod your laptop to generate a spark when the kill signal is received. Then all you need to do is pack it with C4."

      So much for being allowed to carry lappies on airliners, thank you very much! :)

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  7. Always assuming ... by overshoot · · Score: 2
    that the thief doesn't reimage the thing first off.

    It's like the "LoJack for Laptops" that they'll sell you -- strictly part of the installed Microsoft setup.

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
    1. Re:Always assuming ... by RMingin · · Score: 5, Informative

      Yes, it'll probably be as secure as the Lenovo BIOS supervisor passwords.

      (Hint: Supervisor password? Get a paperclip. The data pin goes to ground, boot laptop. Enter bios. Remove paperclip, set [new] supervisor password. It overwrites the old one. Which chip to mess with and which pins are which I leave to you and Google. Shouldn't take long.)

      --
      The preceding comment is my own, and in no way construes an opinon of the Emperor of Mankind.
  8. Re:Superficial? by chrb · · Score: 2, Informative

    The shutdown is supposed to be utilised with hard disk encryption - the whole point is that your data is better protected. The disabling is carried out by the BIOS; presumably it checks the disable bit before booting the OS and allows the legal user to enter a recovery password.

  9. Hmm by saintm · · Score: 2, Insightful

    'You steal my PC and ... if I can deliver a signal to that PC that turns it off, hey, I'm good now,'

    Apart from not having a laptop or your data anymore.

    I'm not sure that can be described as being 'good'.

    1. Re:Hmm by Anonymous Coward · · Score: 2, Funny

      "I'm not sure that can be described as being 'good'."

      No, you're right, instead of shutting down the laptop, Lenovo should have put in telescopic legs with wheels on the bottom so that it could make its way home to its rightful owner.

  10. Re:reinstall? by morgan_greywolf · · Score: 2, Informative

    Of course it requires the use of a cellular network. That means that if the would-be thief really wants to steal your notebook with data intact, all he or she needs to do is either A) pull out the cellular card or B) if the cellular card is built-in, encase the laptop in a carefully-crafted metal box to designed to block the cell signal.

    Either way, it's only a deterrent to people who don't know what they're doing.

    --
    My blog
  11. Nearly there by Henry+V+.009 · · Score: 2, Funny

    I would pay for the version that explodes with maximum anti-personnel affect.

    Bizarre that Lenovo is considering this instead of an el-cheapo GPS phone-home device.

  12. Wait, What? by meist3r · · Score: 4, Insightful

    So you're telling me there will be a GSM module in the laptop that is constantly connecting to my network to wait for such a kill signal? Like say, a tracing bug? I know it'll be a pain for the thief but what about me? What a craptacular idea. Having my laptop become my personal GSM tracking device. Where have I been? Wait lets ask my "anti theft"-device.

    1. Re:Wait, What? by Anonymous Coward · · Score: 2, Interesting

      So you're telling me there will be a GSM module in the laptop that is constantly connecting to my network to wait for such a kill signal? Like say, a tracing bug?

      Better put on your tinfoil hat - here's something you don't know: the cellular network knows where devices on the cellular network are and which cellular towers the devices are talking to. That is how the cellular network knows to send your phone calls to your phone.

      Also, it's not your network - it's the cellphone company's network.

      Having my laptop become my personal GSM tracking device. Where have I been? Wait lets ask my "anti theft"-device.

      There is a big difference between a GSM device and a GPS device. The laptop doesn't know where it is, the cellular network knows where the laptop is.

      And most people already have a tracking device - it's called a cell phone. Many cell phone companies already offer a tracking service for parents/employers to see where the phones are.

    2. Re:Wait, What? by Anonymous Coward · · Score: 3, Insightful

      I am sure that if the government wanted to track you, they would use your cell phone which is on GSM/CDMA network nearly-100% of the time, or iPhone which has the added flexibility of GPS. If you are the type of person to care about you being tracked here or there, than don't purchase a Lenovo laptop with this feature.

      However what all the tin-foil crowd seems to forget is one fact: No one cares about 99.999% of you to date you, much less follow your every movement. Especially a Chinese laptop manufacturer.

      I would figure you would support this, since your super secret, AES-256 encrypted collection of blurry UFO pictures could be safe from the prying eyes of Joe the Laptop Thief.

  13. not only thing wrong with this... by hesaigo999ca · · Score: 2, Insightful

    The network card is not the only thing that is wrong with this, the fact that you now turned off the machine, states the machine will not turn back on...to give you a location of where it is.
    Someone will open it up...change the network card with another...or just add a usb one...and there you go...problem solved.

  14. Re:reinstall? by NovaHorizon · · Score: 3, Funny

    and dismantling the entire laptop to reset the BIOS is actually FASTER than an OS reinstall..

    --
    Defective Logic
  15. Most criminals are stupid anyway by hellion0 · · Score: 3, Insightful

    This feature doesn't seem to be aimed at stopping blackhats or organized criminals, two of the more "intelligent" varieties. No, this thing is meant to royally screw Joe Crackhead.

    The feature doesn't appear as if it's ever going to stop a sophisticated high-tech criminal, naturally. Nor does this seem the intent. Identity thieves and data miners don't even need possession of the laptop, so no good there. Even then, the new feature is easily defeated. Organized criminals tend to know what they're doing as well, and any safety measure can be defeated by competence and planning. Still, they're both rare enough.

    No, this sounds perfect for the two-bit junkie, the most common of criminals. Brick the laptop, especially remotely, and suddenly it's worthless for him to offload for his fix.

    --
    Do I get bonus points if I act like I care?
  16. Re:some kind of revenge system. by schnikies79 · · Score: 2, Informative

    It's not meant to discourage theft, it's meant to protect your data.

    If the HDD is encrypted, you can lock the thief out.

    --
    Gone!
  17. Perfect. by GWLlosa · · Score: 4, Funny

    This is exactly what we need in terms of laptop security. To you nay-sayers out there spinning doom and gloom scenarios about friends pranking your laptop with text messages, I can only assume that there is some secret passcode that you must send as part of the text-message to disable the machine. In fact, it should be convoluted, and hard to remember. Fortunately, as the proud owner of a brand-new Lenovo laptop, you can keep information like that stored right on the laptop, which you take everywhere.

    1. Re:Perfect. by token_username · · Score: 2, Insightful

      This is a decent idea in theory as a simple theft deterrent, but it makes me ask two questions:

      • Does this allow my laptop tracked in any way? Probably if you know what you're doing.
      • Can this connection do anything besides receiving a kill command? I'm skeptical.

      Another question you have to ask is how fast and how completely word will spread about this feature on Lenovo laptops. That's what its success depends on. If a potential thief doesn't know about the feature and steals your laptop, he's not going to give it back because it doesn't work. Is this where the tracking come in?

  18. Re:Shared responsibility by billcopc · · Score: 2, Informative

    If you think Phoenix is that smart, well I have a bunch of bridges to sell you.

    This isn't the first security gimmick they've deployed. They've had the internet version of this sort of thing for years now (Computrace / Lojack). It's a software client that runs in the taskbar, Windows-only, that triggers the BIOS kill bit.

    I wouldn't be surprised if this "new" cell-based feature were just a new client app working with the same kill bit as the old ones. That makes it easier to develop and deploy, since it would only require trivial changes in the BIOS code that can be implemented on any machine, regardless of vintage.

    --
    -Billco, Fnarg.com
  19. Re:reinstall? by chrb · · Score: 4, Informative

    It isn't quite that simple on a ThinkPad - the BIOS password is tied in to the TPM chip. And I really doubt your average thief is going to be building custom hardware and soldering it to the laptop mainboard...

  20. DIY by wytcld · · Score: 4, Interesting

    How about setting up a simple script that periodically polls a remote site - say a web page under your control? If it can't reach it, or it reaches it and gets a default response, no action's taken. If on the other hand the page returns an innocuous looking kill code, a small program is run that disables the BIOS? On the server side, you'd be mailed the IP your stolen laptop connected from, which might give you some location info.

    --
    "with their freedom lost all virtue lose" - Milton
  21. Even better by horza · · Score: 4, Funny

    Why not install Windows Vista, iTunes and the game Spore. That way you don't even need to send an SMS, just wait until code is activated progressively making the computer useless.

    Phillip.

    --
    Property for sale in Nice, France
  22. Re:of course by crimperman · · Score: 2, Insightful

    what makes you think they wouldn't just put the dead laptop itself on eBay? They claim it is "recently untested but worked a while ago" and some sucker buys it. I mean we're not talking about honest people here are we?

  23. Re:some kind of revenge system. by Anonymous Coward · · Score: 2, Interesting

    I have to disagree with you on this point. Nothing, I repeat, nothing, pisses me off more than a thief. 90% of the time they no have no interest in what they stole, they just want money for it.

    If I can catch you, I will beat your ass. You have a duty to protect your property.

  24. Alcatel-Lucent has a similar product by shakuni · · Score: 2, Informative

    http://www.internetnews.com/infra/article.php/3679026

  25. Re:Don't disable it, track it! by zymurgyboy · · Score: 2, Interesting

    I think the best idea is to start tracking the laptop. Send out GPS coordinates, send out IP addresses, send out _fingerprints_, take screen shots, etc.

    If it has a webcam, add mugshot. Compare the image on a local mugshot database, get some likely culprits and their last known address. Then maybe automate the search warrant, police report, and insurance claims process and you've got a real solution. Of course, the search warrant part is now optional, I believe.

    --
    If you never make mistakes, it's probably because you're not doing anything.
  26. Devils advocate. by cemaco · · Score: 2, Insightful

    Any time you provide a tool like this, it has the potentiall to be used against the owner as well, especially if someone else with access to the equipment understands the tool better than the owner does.

    I can see several scenarios, some more plausible than others where another party might be inclined to use it to lock the owner out of access to his own data.

    Yes if the other party has access to the machine, they can always cripple it by other means but the beauty of this is that it can be used even after that party apparently no longer has access.

  27. A GSM Tracking Device.... by Anonymous Coward · · Score: 2, Informative

    You say... like a cellphone?

  28. Sprints doing something similar. by SMS_Design · · Score: 2, Interesting

    Sprint offers a similar service with some of their WAN cards. The difference is that the Sprint card acts as a key to full-drive crypto. No card, no data. If the card is remotely disabled, no data. Really seems like a great way to lock down your laptops containing sensitive info.