Ericsson and Intel Offer Remote Notebook Lockdown

← Back to Stories (view on slashdot.org)

Ericsson and Intel Offer Remote Notebook Lockdown

Posted by timothy on Thursday December 11, 2008 @02:02PM from the and-if-you-refuse-this-offer dept.

MojoKid writes "Ericsson and Intel have announced that they are collaborating on a way to keep your laptop's contents safe when your laptop goes MIA. Using Intel's Anti-Theft Technology — PC Protection (Intel AT-p) and Ericsson's Mobile Broadband (HSPA) modules, lost or stolen laptops can be remotely locked down. Similar to Lenovo's recently announced Lockdown Now PC technology, the Ericsson-Intel technology uses SMS messages sent directly to a laptop's mobile broadband chip. Once the chip receives the lock-down message, it passes it to the Intel AT-p function, which is integrated into Intel's Centrino 2 with vPro technology platform. Unlike Lenovo's anti-theft solution, the Ericsson module includes GPS functionality as well."

29 of 105 comments (clear)

Min score:

Reason:

Sort:

lapjacking by Skapare · 2008-12-11 14:11 · Score: 4, Insightful

And once the codes to do this leak into the wild, laptop hijacking and ransoms will be next.

--
now we need to go OSS in diesel cars
1. Re:lapjacking by afidel · 2008-12-11 14:24 · Score: 4, Informative
  
  If it's like Lenovo's solution you have two levels of authentication, first the SMS number which sent the message is whitelisted (fairly easy to spoof I assume) and secondly the messages are cryptographically signed. I believe the whitelist feature is to keep from being DDOS'd with bogus messages which the card would have to attempt to decrypt.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
2. Re:lapjacking by Paradigm_Complex · 2008-12-11 14:25 · Score: 2, Insightful
  
  Unless the actual laptop owners get to set/change the codes themselves - as well as disabling the feature completely - in which case it won't be any worse than SSH/remote_desktop/et al.
  
  --
  "A witty saying proves nothing." - Voltaire
3. Re:lapjacking by tomhudson · 2008-12-11 15:16 · Score: 3, Funny
  
  Can I make blow up with a simple SMS message? Reminds me of a "The Broken" episode. More thermite!
  
  Sure - just check the "Sony Battery" option.
4. Re:lapjacking by afidel · 2008-12-11 18:03 · Score: 3, Insightful
  
  You keep talking about codes, WHAT codes? The payload that activates the feature (at least in the Lenovo implementation) is a cryptographically signed message, there is no default code! It's just like Blackberries, a cryptographically signed message is received by the device and it initiates a wipe of the device, it the case of the Blackberry it wipes the RAM and flash areas, in the case of the Lenovo it wipes the storage keys from the TPM chip.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
5. Re:lapjacking by networkBoy · 2008-12-11 19:56 · Score: 2, Informative
  
  plus the legitimate user just enters a passphrase and "poof" notebook is unlocked again.
  http://www.google.com/search?hl=en&q=%22theft+deterrent%22+site%3Aintel.com&btnG=Search
  http://communities.intel.com/docs/DOC-2384;jsessionid=D59F43EDDFB0FCDAA907153C80E0539E
  http://communities.intel.com/openport/community/openportit/vproexpert/blog/tags/at-p
  some light reading for the paranoid. Besides this is targeted mostly at business (V-Pro?).
  
  --
  whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
well by scapermoya · 2008-12-11 14:23 · Score: 4, Insightful

aside from the security risks, this can only become an effective deterrent if it sees widespread use.
good luck with that.

--
Beware the Jubjub bird, and shun the frumious Bandersnatch.
1. Re:well by fuzzyfuzzyfungus · 2008-12-11 14:28 · Score: 4, Insightful
  
  I suspect that this is less about deterrent and more about mitigating data loss. Laptops are cheap(and, given that this hardware and service aren't exactly going to be free) the cost of replacing some when they get stolen is probably lower than building all sorts of fancy features into them. Being able to nuke the data on the system(specifically, nuke the crypto keys to the disk's already encrypted contents) could be well worth the money for a fairly broad swath of business type purposes.
2. Re:well by tomhudson · 2008-12-11 15:23 · Score: 2, Informative
  
  Scratch that, just remove the mobile broadband chip while its off (possibly sleeping or hibernating) then have fun either reinstalling an OS on it for personal use or decrypting the hard drive and having your way with the user's data.
  
  ... or just move the little switch on the front of the laptop (I didn't even notice it was there until one day I accidently turned it off and I couldn't get the wireless working).
  Removing the chip on recent HP laptops is really easy - almost as easy as upgrading ram - it's in the same compartment, and you can just snip the lead if you want to leave the chip in there ...
3. Re:well by networkBoy · 2008-12-11 20:08 · Score: 2, Informative
  
  Intel V-pro is on even when the computer is "off" unless on battery or no AC then V-Pro is on.
  You can configure it to be:
  on in S0 only
  on in S0 and suspend
  on in S0, Suspend, Hibernate, S5 (off, living on VSB power).
  in the last mode listed it will accept a poison pill even when "off", so long as there is a network connected.
  We've got a dozen machines with this in my shop right now. pretty cool tech. Not targetted at Joe sixpack, but I could see some hard-core geeks using it to turn on their machine remotely to save power on the vast majority of the time they don't SSH in, but allow it on the rare occasion they do need an SSH connection.
  -nB
  
  --
  whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Government backdoor by Lead+Butthead · 2008-12-11 14:24 · Score: 4, Insightful

The question is if this... feature has a government backdoor to 'assist' in 'terrorism investigation.'

--
ELOI, ELOI, LAMA SABACHTHANI!?
1. Re:Government backdoor by TheGratefulNet · 2008-12-11 14:27 · Score: 3, Interesting
  
  many of us are thinking that, too.
  it took 'this long' to come out with it. but its not really a 'hard' problem. think 'coordination' and 'keys' and 'multiple owners' and I bet you are thinking what I am.
  this is a feature I would search to NOT have, quite frankly. and if I wanted it, *I* would implement it in a one-off private way.
  
  --
  
  --
  "It is now safe to switch off your computer."
horrible idea by ILuvRamen · 2008-12-11 14:30 · Score: 2, Informative

So when they see that their newly stolen laptop suddenly stops functioning, what do they do? They ditch it somewhere, and I don't mean sell it. You'll NEVER get it back then. I mean yeah it's supposed to stop people from stealing your much more valuable personal data but that should be password protected anyway with a directory hider/protector (not like a compressed archive file with a password cuz that's too slow) so why bother? Now people can just fake the signal and shut your laptop off so it seems like it causes more problems than it fixes.

--
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
1. Re:horrible idea by tomhudson · 2008-12-11 15:27 · Score: 4, Insightful
  
  It'll become a source for used/spare parts. Need a battery? A charger? A new screen because you left your lappy on the car roof and drove off? A new keyboard because you spilled crap on it? A bigger hard drive? Extra ram? A new case? A spare drive caddy and connector? A cheap DVD/Blu-Ray upgrade?
  The easily-disposed-of parts of a disassembled laptop are worth as much as the whole lappy.
2. Re:horrible idea by SanityInAnarchy · 2008-12-11 15:44 · Score: 4, Insightful
  
  I mean yeah it's supposed to stop people from stealing your much more valuable personal data but that should be password protected anyway with a directory hider/protector (not like a compressed archive file with a password cuz that's too slow) so why bother?
  Your ignorance is showing...
  Compressed archive files are plenty fast, depending on what you're trying to protect. The real problem is, what happens when you "open" them? Most of the time, it'll be unpacking them to a temporary directory, opening them with some random program on your (unencrypted) hard drive (likely without anything to prevent it from being swapped out, so now your stuff is on disk in the clear twice), saved back to the temporary folder (three times, if you're still counting), and put back into the archive.
  Plus, there's now a mention in Recent Documents, and all kinds of other information letting people know, at the very least, that you have some encrypted files, and what their names are.
  This applies to Truecrypt also, by the way, unless you're using it for fulldisk encryption.
  And if you're encrypting the whole disk -- where will you keep the encryption keys? How will you boot? Doing it in hardware suddenly makes sense -- probably a slight performance boost, also.
  And once you're doing that, having a way to remotely destroy the crypto keys also makes sense -- if you're paranoid enough to encrypt your whole hard drive, this is the next best thing to putting thermite in the case and triggering that remotely instead.
  It's not a deterrent, it's a way to make the crypto much more secure.
  
  --
  Don't thank God, thank a doctor!
It's a good idea, but... by MrCrassic · 2008-12-11 14:32 · Score: 4, Informative

It won't solve for another problem: losing the computer in an area without signal (like a train).

If the thief is smart (which is normally not the case), he can remove the hard drive right on the train or in that same area and completely avoid the SMS message. Unless, of course, the SMS can somehow be sent to the security chip without the interference of an operating system.

When I lost my Treo in the subway, the Good administrator for my hosted email service could not remote wipe the phone because it could never find service. It's possible that someone removed the SIM right away, but I'm sure that I lost it while getting off the train.

Nonetheless, it's a great idea that covers many other common circumstances. Fortunately, most thieves are petty thieves and wouldn't know that this module is there in the first place.
1. Re:It's a good idea, but... by ceoyoyo · 2008-12-11 15:06 · Score: 4, Funny
  
  Foil lined laptop bags. For the modern laptop thief on the run.
Re:The hard drive maybe by afidel · 2008-12-11 14:49 · Score: 2, Informative

I'm assuming they are using the secure instruction included in recent Intel CPU's to talk to the TPM1.2 chip in the laptop and deleting the decrypt key from the keystore therefore making the recovery from FDE like BitLocker basically impossible.

--
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
They crypto keys should be off-drive anyways by davidwr · 2008-12-11 14:50 · Score: 3, Insightful

Here's how I would build a lock-downable laptop:
BIOS/preboot environment: Looks to an external device, probably a USB stick, for part or all of the crypto key. Use that to decrypt boot loader on hard disk or other boot device and follow its instructions. Of course this should have a passphrase.
Boot loader will look to whereever it chooses for crypto keys for the rest of the drive. These may be the same keys as the bootloader used or they may be something else. They may be partially or completely downloaded from the Internet, and once decrypted with a passphrase, are stored in memory or better yet only on the CPU in such a way as they are never stored in a paged-memory file.
Furthermore, really sensitive data can be encrypted in container-file partitions, encrypted compressed files, or what not using OS- or application-level-encrypted containers.
This, in conjunction with an "lock all I/O and networking and turn on the screensaver" software when the user is away from the computer, will render it very difficult to get at the data on the drive, difficult to deter all but the most determined adversary.
Now all the user has to do is remember to remove his USB stick after booting. Of course, if his laptop does get stolen he's still out the replacement cost of the machine and the cost of restoring his data from backups.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
1. Re:They crypto keys should be off-drive anyways by tomhudson · 2008-12-11 15:20 · Score: 3, Insightful
  
  Terrible idea. Now you have yet another failure point - losing the off-drive crypto keys. You don't even need to physically lose the USB key - just break it, have it die from static discharge, etc.
  People lose things a lot more expensive all the time - ask anyone who's ever lost a cell phone, or left a laptop on the roof of their car, or lost their wallet or purse.
2. Re:They crypto keys should be off-drive anyways by jaxtherat · 2008-12-11 15:46 · Score: 2, Funny
  
  so uhm, keep a copy somewhere secure?
  That still relies on the average user not being a retard, and having the presence of mind to do so. Sorry, and that ain't happening any time soon.
  Remember, the moment you design an idiot proof system, someone invents a better idiot.
  
  --
  http://www.zombieapocalypse.tv/
3. Re:They crypto keys should be off-drive anyways by sumdumass · 2008-12-11 16:13 · Score: 2, Insightful
  
  The problem with a thumb drive security stick or removable hard drives and such is that they will all end up in the same bag as the laptop making the separation pointless when someone takes the entire enchilada.
  Sure, you can keep them separate but lets be practical here. Keys end up making it onto key rings with other keys, phone numbers all make it to the same places, and so on. It will either be something that is lost or kept together for convenience reasons.
4. Re:They crypto keys should be off-drive anyways by magarity · 2008-12-11 19:28 · Score: 2, Funny
  
  don't think anybody is going to steal the thumbdrive on a key ring which is attached to my pants, along with my laptop
  
  The way this parses, you make it sound like your laptop is attached to your pants.
5. Re:They crypto keys should be off-drive anyways by jack2000 · 2008-12-11 20:12 · Score: 2, Insightful
  
  How do you know it isn't?
6. Re:They crypto keys should be off-drive anyways by jonaskoelker · 2008-12-11 23:26 · Score: 2, Funny
  
  My thumbdrive lives on my keyring. It hangs from the beltloop of my pants on a carabiner, and is always right there whenever it is not in use elsewhere.
  And who says slashdotters don't have any fashion sense?
Parts are worth more by Matt+Perry · 2008-12-11 15:00 · Score: 4, Funny

No problem. Laptops are worth more when you sell the parts individually rather than the whole thing.

--
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Re:The hard drive maybe by afidel · 2008-12-11 15:39 · Score: 4, Informative

Taking the HDD out gains you NOTHING, in theory it's already fully encrypted with 256 bit AES which is uncrackable by any currently known method. The idea is that there is only one real vulnerability in a TPM based system and that is the TPM chip's keystore and the databus that the TPM chip uses to talk to the CPU, if you erase the keystore and thus makes sure that both those pathways are neutralized there should be no possible way to retrieve the data off the disk. There's still the cooled RAM trick and possibly a trace of the key left in the disk controller's cache, but those are both VERY sophisticated attacks that have a very low chance of working even in lab conditions. Oh and I just thought of something, if the TPM keystore is wiped then the TPM trust web collapses and the machine should reboot thus flushing the key from ram.

--
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I am getting that creepy OnStar vibe... by Phizzle · 2008-12-11 15:57 · Score: 3, Interesting

Another great "Big Brother" innovation. Can't you just imagine, during the next "threat escalation" all laptops get cockblocked "just in case" for the Greater Good ®, of the patriotic nation?

--
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
1. Re:I am getting that creepy OnStar vibe... by Hal_Porter · 2008-12-11 19:10 · Score: 2, Funny
  
  DHSS eCleanup squad to slashdot sid 08/12/12/0050255, stat! We've got ourselves a rowdy one.
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;