Slashdot Mirror
Intel's Sandy Bridge Processor Has a Kill Switch
An anonymous reader writes "Intel's new Sandy Bridge processors have a new feature that the chip giant is calling Anti-Theft 3.0. The processor can be disabled even if the computer has no Internet connection or isn't even turned on, over a 3G network. With Intel anti-theft technology built into Sandy Bridge, David Allen, director of distribution sales at Intel North America, said that users have the option to set up their processor so that if their computer is lost or stolen, it can be shut down remotely."
What could possibly go wrong.
is there an on switch?
Cue rampant predictions of abuse, but I wonder if it can be combined with an on-chip encryption key to make full-disk encryption more effective (if complete control is given to the user)
I AM NOT A MACHI--
*detonates*
That's good.... for hackers!
Knowing right out of the gate that some one else COULD have access to this kill feature is unnerving at best.
Why does this have to be IN the processor? Intel needs to calm down with the paranoid shit and just make processors.
Of course, Intel guarantees there is only one kill switch and it can only be used with the owner's consent ;-)
An AMD proccesor.
Is it me or is this one of the dumbest ideas ever to come out of Intel?
Killing the cpu just means they have to transfer the drive to a new laptop in order to steal all your information? That's one whole extra step! That's innovation. --edfardos
um. maybe I'm being thick... but what's the point? Just to make it worthless and thereby make it less worth stealing?
why not just have a normal processor and a sticker that says "super dooper anti theft kill switch". After all it works for cars, no-one ever steals them anymore!
Anyone else getting the vibe that since this thing will have a 3g connection on the backend, that it can be misused by others(governments) to track and remotely control/access your device. Geeeeeeeeee. This does not sound like a good idea... Well unless your the TSA.
I was looking forward to this CPU. Now, I am really going to research this. This may flip me back to AMD. I didn't like when Intel did the tracking on the PIII and the sound of this makes me just as uncomfortable.
Great people don't need people to complete them, great people complete other people. -- Matthew Pawlikowski.
...it could be used to remotely disable the computer on a government's whim, or when Inhell decides it's time to upgrade?
-uso.
What you hear in the ear, preach from the rooftop Matthew 10.27b
Want to shut down the opposition's operations? Just disable their computers.
Do. Not. Want.
Can't they just hook it up to a nice big capacitor so it discharges 50,000 volts on command? It might not help you recover the computer but it would give you a little satisfaction.
Viruses will be written to detect anti-virus code coming in and trip the kill switch as punishment for trying to remove the virus.
now we need to go OSS in diesel cars
While I wouldn't say it isn't possible for someone to break in and kill your machine, it isn't likely. We have been using Absolute software's offering and have been able to do remote wipes on laptops for a long time now. Nobody has broken in and wiped out all the computers with this technology. That being said, do you really think IT who implements this doesn't have a backup? And that our legal departments wouldn't get fair compensation if said "gotcha" really occurs? I would rather have the ability to disable a phone or pc in any way possible when I need it to happen. For the comment above about just moving the hard drive to another machine.. Really? Who goes through the trouble of enabling this, and paying monthly for the service and just skips the whole drive encryption bit? My vote is go Intel.
So how much of a drain does this put on the battery?
Battery life is one of the most crucial attributes of a laptop, I know what I wont be buying now.
I dream of a nation where a man is not judged by his skin color but by an number assigned by a credit rating agency.
What a convinient way to make people buy new computers. When the previous one dies because of some random timer in intel headquarters, you just need to buy a new one.
It'll be their way of making us rent the machines, and not actually own them.
Let's hope the chinese gets some more power behind it's Loongson-processor, and we would see some really interesting CISC vs. RISC stuff the next 5-10 years.
This to me says it will push foreign governments to non-intel machines. Can't risk the US government getting control of something like this.
Or any other power for that matter. No government or military would really want this on their systems. They might think they want it to "stop theft" but the consequences of someone else getting control are way to much.
This seems likely to support leased computers--miss a payment, your processor gets switched off.
Just like buy-here/pay-here car "dealers", with a remote vehicle disabler. ...and as others have said, DO NOT WANT.
Remain calm! All is well!
It's working, it's killed my interest already!
What a pity all the important information is stored on the HD, not the CPU.
Why OpalCalc is the best Windows calc
Wow. More than 30 comments already and no-one has brought up Microsoft killing the cpu if it thinks your copy of the OS is pirated. Must be a slow day. ;)
You're just jealous 'cuz the voices talk to *me*
...Until some hacker finds a security flaw in the system used to send the kill signals, and goes on a rampage disabling as many computers as they can (which fate will ensure will be the vast majority that have been sold with these processors at the least, and after thousands/millions of them have been sold and are in average users' desktops/laptops). Que a shitload of inconvenienced customers and tech support guys wanting to blow their brains out from all the calls they will be getting.
After years of not using a signature, I am going to make one to say the following: Fuck Beta
They can stop the processor. It's the data that's in the HD that's important. It's kind of like saying that I'm going to make a vehicle anti-theft device. When you steal the car, the radio won't work.
I don't work for Intel, so I don't know exactly how they do this. But I don't think this is all the processor (it won't work without a 3G radio for one, so at least some of this capability rests in the mainboard), and how much is the firmware.
My guess is when you boot the machine, the processor runs the BIOS/EFI, and when initializing the 3G radio it sees if there is a flag. If so, the system shuts down. If it does this before even looking for an OS or starting up the display, you'd never know it even tried to boot. Otherwise, it goes on its way.
Also I only see this being used on laptop systems (as they are the only systems likely to have a 3G radio). Adding a 3G radio to a desktop mainboard seems like a waste of money (but if you are the CIA, maybe it's worth it).
- silvein
that's similar to the computrace stuff which also provides remote control capabilities in the bios,
the part with the 'kill switch' is probably only the tip of the eisberg - it would also be possible to modify/flash firmware, bios, etc so they then can modify the filesystem (each step can do a little bit more) -
the nice thing when you read patents is that you can get a lot of information: e.g. do the computrace patents mentioned remotely triggered modification to the microcode of the processor.
so, now we know were we are heading.
If Intel can include a remote-activated kill-switch, what's to prevent them from installing a remote-activated vulnerability switch? If your hardware can be compromised remotely it's the end of all security on that computer. You have no guarantee that your cryptographic keys are safe or that your every keystroke isn't being logged. Once they have your hardware under their control, you're doomed.
The thief gets away with a server and only has to replace the processor.. that's like giving them a car and having them replace the window they smashed to get into it.
The very worst has been posted a few times already.
Next up: anyone, inside of government or not, who accesses or downloads anything from WikiLeaks will have their computer remotely fried. Who needs a warrant to search and seize when ya got 3G?
So you can brick the processor? So I can replace the processor.
How about GPS so we could, y'know, get the computer back?
1. Sell CPU.
2. Break it remotely.
3. Goto step 1.
I don't want to pay for "features" like this.
Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
Serious question, who else will have access to the datacenter that issues these kill commands?
I think we all know, everything else aside, some hacker out there would LOVE to claim credit for disabling thousands of computers, costing intel a fortune in replacement fees.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
There is absolutely no use for this beyond revenge. It is not "anti-theft" as they call it. Your computer is still going to get stolen the only difference is that the thief doesn't get to use it after you disable the processor. Of course revenge is sweet, but this does not protect you from theft. Also, any files on the hard drive can still be pulled out. As we all suspect, a remote kill switch is a bad idea all around, but it would seem that even the intended use of this fails.
What is needed is a remote means of wiping or at least making unusable data stored on hard drive or mass storage media. In the case of SDD, the technology should be obviously transferable. In the case of hard drives, perhaps an encryption key can be stored in a non-volatile RAM area and then erased on remote command to disable the data on the drive.
Disabling the processor will only hurt crack-heads. On the other hand, disabling or erasing data remotely will give businesses and government a chance to prevent data from getting into the wrong hands.
Now we'll know when it's time to upgrade.
There's no security benefit to the consumer, and the types of customers who'd really be interested in security features are business buyers - meaning the purchaser is going to be at least a marginally-IT-aware person who'll grok this (since business purchases aren't generally handled by the end user).
#DeleteChrome
Tin-Foil Laptop Sleeves are down Aisle 7.
since it doesn't explain how this works, or what's it's really all about.
It doesn't permanently disable the processor, you can revive it if you know the password. To do a kill over 3G, you send an encrypted SMS, and the laptop obviously needs 3G capability and the OS needs to be running.
"National Security is the chief cause of national insecurity." - Celine's First Law
Because if your $1k computer is stolen, then it would be useful to wait a year for a Security officer to find it on his "beat list" as stolen property that is worth less to maintane, so he remotely disables the CPU so it isn't used by terrorists/tourists.
Because vwe know it's assuring the value of property, not guarunteeing some 'tard with Hollywood widgets a $250/hr job payed through the reasonable Billing departmeent of Legislated courts of limited liability that handle your payments vfor child support and taxes.
Place stolen laptops in lead foil lined bag. Abscond with bag to faraday cage. Disable in an as yet unknown way.
So, you can remotely disable a system that has been stolen. This will mean criminals of opportunity will just throw the device away (and you'll never get it back) or criminals with intent to steal your data will just yank the drive.
Better solution? Discreet tracking. Keep an eye on the system and track where it goes so you can recover it when you're ready.
As for all the controversy around this, how is it any different to what Apple do with its beloved iPhone?
1. purchase license for remote recovery service. 2. enable service on laptop bios, encrypt drive, enable intel kill switch. 3. now I can see all computer's GPS history in a nifty web portal. It has pretty maps and charts, good manager bait. Now I can set fences based on country, state etc to start a wipe and shut down if it leaves that fenced area. 4. User reports stolen laptop, we report to security service. 5. Remote wipe sensitive directories, execute any custom commands. 6. Alert cops to pick it up, start a timer for kill switch based on battery life. 7. Cops don't pick it up, battery is low, disable machine completely with intel switch (only new part here). If you own a laptop, get in the bios right now and look for computrace activation. If it is a business class machine, it is already there and has been for years. If you don't like it, don't get an aircard. All of this technology is up and running for me and a lot of other corporations. If you don't like it, and you work for me, fine. Quit. If you are a home consumer, disable it. Every other service on your computer is equally vulnerable to unknown unwritten malware.
I think I'll pass on that one intel.
There was another article today about a "honeypot new release" too see how foolishly the news media would react to a story linking cell towers to fertility. Now there is a idiotic story about CPU that can be shut down by a G3 cell network even though it isn't connected to the Internet. Why would supposedly technical people believe that a CPU could be made to self destruct even though it has no cell phone, let alone believe that Intel would do it. How do you think that magic signal is going to get inside a cpu? Grow up kids, it's a bogus story.
And I shouldn't even have to mention that Intel has shown no inclination to do this. They could indeed work with a few major players to disable stolen computers when they are connected to the Internet. But they don't. They could very easily maintain a list of stolen CPU serial numbers, both individual's stolen machines as well as bulk batches of processor chips stolen before manufacturer, but they don't. They could maintain a list that indicated the intended marked speed of chips by serial number to prevent remarking fraud, but they don't. Yet you are ready to believe that they can somehow receive a G3 cellular signal inside a cpu without a phone attached, and that they would do this? Not only can't they do this, they wouldn't do it if they could. They have no intention to hand over all of their business to AMD the day a hacker figures out how to kill all, which is certainly what would happen.
I'm an American. I love this country and the freedoms that we used to have.
In other news, AMD is now hiring thousands of hackers with 3G cellular experience. For what purpose, nobody knows.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
We like to think that it's designed for this scenario:
1. You have a laptop with important and valuable secrets
2. It's stolen by corporate or government agents
3. They extract your hard drive and take your important and valuable secrets
4. ??? and profit, I suppose
In fact, here's what is more likely to happen.
1. You have a laptop with unimportant and banal secrets
2. It's stolen by a drug addict, who doesn't even power it on
3. It's pawned off to the guy on the street corner, who may check if it boots
4. It's on-sold to a "professional" fence, at a markup
5. It ends up on eBay, at a markup
This anti-theft technology is meant to address steps 4 and 5 of the above. (Whether it will be effective is another thing.)
So now my computer has to wear a tin foil hat to remain safe from evildoers?
Works without an internet connection, even while the device is turned off.
Spooky action at a distance?
Computers could be considered as "means to access illegal content" as much as Thepiratebay gets to be guilty of "providing means to get illegal content". One lawsuit and kiss your processor goodbye. Awesome news for AMD fanboys though. This could mean several new clients for AMD.
Sounds like this is the end of the second hand market.
Once a phone/computer is deactivated, I'll wager that there is only one way to get it back on.
Calling Intel, paying the fees (repurchasining) and hoping it works.
TFA sort of implies this "feature" will be optional and users will be able to "set it up" if they want to. I surely hope so, because otherwise this could be a huge deal-breaker for me.
I'm more concern about the data on the computer than preventing a thief from using it. Unless it can remote wipe the hard drive, I'm not interested.
If you are suspected of...anything, they can kill off your computer....or if anyone figures the 3g coding used they can maliciously kill peoples computer causing all kinds of damage...it's not intended for "theft" it's intended to take away toys from people who disobey big brother. With wireless access to your processor they can literally see everything you have done on that computer, fuck that.
First an internet kill switch, now CPU kill switches? I'm feeling safer all the time!
virus that trigger this sounds like a big DoS attack just waiting to happen but who will want this when AMD will have a cheap cpu with better built in video.
So what you're saying is that there's not actually a remote kill switch that disables the processor, that it's a business feature that helps companies lock down stolen hardware, and that TFA and TFS got it completely and utterly wrong?
Yep. It's a normal day at Slashdot.
MCF
or, Mail and Catch Fire. on smtp magic matches, the cpu will execute the HCF instruction at elevated priority.
--
"It is now safe to switch off your computer."
I think airplane autopilots are still on 386 or at least they where in 2005.
amd will have one with decent integrated gpu that does not lock out 3rd party chipsets like intel does.
The "kill-switch" is intended for businesses and governments - the cost of a computer is negligible compared to the potential cost of a data breach. Encryption should be standard for these organisations. If the encryption is done properly then it should be tied to both the hardware and the user, so that data can only be accessed on authorised computer systems. Hence the "kill-switch" which will prevent data from being decrypted (by denying access to the hardware) even if the user's passwords are known. This is far more security than the average person wants or needs.
Discrete tracking may allow equipment to be recovered. But just like anti-theft ID chips in Caravans etc. it isn't necessarily the thief that is out of pocket when the equipment is recovered.
I would think corporations would be a big user of this feature. They go insane trying to prevent any info from being leaked through a stolen laptop. With encryption in place, if they could just kill the laptop anytime it would add to the security.. However, what would really add to the security would be a kill switch connected to a dormant magnet. If the kill switch gets turned on the magnet gets turned on wiping the hard drive..
Have you fscked your local propeller head today?
When you've got one of these?
Some days it's just not worth
chewing through my restraints.
I guess this is how Skynet won... time travel is a bitch.
Hire me...
Q1. How often have you misplaced your car key? (Be honest now..)
Q2. How often have you accidently locked a car, whle the keys were in it? (Remember - honest answers, now..)
***
QA. How often have you ever forgoten a pasword?
QB. How often (exactly) have you personally lost/had a computer stolen, and still cared more about whether or not the processor sill worked than your data?
***
Add up sum from answers Q1 & Q2, subtract number of times QB is applicable, multiply resulting number by QA & the number of days to Christmas (In the Year 2525), then.. ..boycott this (and every other) backdoor BS, seriously.
Joke.
How do you contact the NSA?
Pick up any phone and ask for them. They are already listening.
1. Buy AMD stock.
2. Short Intel stock.
3. ??? -- Send the kill signal to thousands of Intel computers
4. Profit!
oh no - I have to make a faraday cage out of aluminum foil for all those computers I steal and use constantly.........
Yeah, most of these guys don't have any idea of work that goes on in the real world.
This is primarily for corporate environments, and they do indeed have uses for it.
So now they have a kill switch function that can be remotely operated.
What next - packet / password sniffing directly from the processor? The 3G architecture would already be in place. I certainly wouldn't want to do my online shopping / banking with that chip.
Another great idea from Intel. What's next, CPUs that self-destruct? Oh, that was the Prescot series!
It seems nobody has yet posted this, so I think I should:
Next, might see a return to the old-style cold-war export restrictions. Instead of not exporting, it will be only Intel to be exported legally. Then all those jerks running some nuke factories in Iran or North Korea become much less of a danger, since their facilities can be disabled remotely whenever the State Department feels like.
Then the Barack Obamas and Sarah Palins will get an additional emergency button added to their repositories: The infamous 'D'-button, enabling the 'D'isablement of all CPUs in the axes of evils.
True. Think about how FEW processors are even dual-core outside of home PCs.
This will be like Vista.
I'm just going to place a 10k pull-down resistor on the "DISABLE_CPU" node.
Problem solved.
The "kill-switch" is intended for businesses and governments - the cost of a computer is negligible compared to the potential cost of a data breach. Encryption should be standard for these organisations.
Yes, and companies who care about the data protection already have full disk encryption deployed. I worked for one such company.
If the encryption is done properly then it should be tied to both the hardware and the user
It is tied to the HDD itself, as I understand, and maybe to the TPM chip (Windows BitLocker.) I'm unsure that corporations will be happy to tie expensive data to a piece of hardware that can fail on its own (and in businesses with thousands of laptops this happens all the time.)
so that data can only be accessed on authorised computer systems.
Technically, "only on computer systems that have the right key." Being authorized is only a preference :-)
Hence the "kill-switch" which will prevent data from being decrypted (by denying access to the hardware) even if the user's passwords are known.
It will do no such thing. The thief - who will be briefed on appropriate measures - will pull the battery from the laptop even before he cuts the security cable. Without power the laptop can't do anything. Since you say "the password is known" then it becomes a trivial task of going into a place with no 3G coverage (a basement, a desert, whatever) and powering up the laptop there. Since 3G will be inoperative, the thief will have plenty of time to copy the HDD onto an external drive. Then the laptop is physically destroyed.
So I don't see how this new kill switch would increase security anywhere.
You can find the information on Intel's own site: http://www.intel.com/technology/anti-theft/ . The 3G kill switch requires the operating system to keep working, but there are other disable mechanisms, such as a watchdog, that don't.
Most people steal because they want your stuff, not your information.
A dead hard drive doesn't do much to diminish the value of a computer in terms of pawning it or selling it on ebay. A dead CPU, especially in a laptop, makes the computer worthless. Therefore, there's no point stealing it.
For this to be effective it has to be in wide use. Otherwise the odds of getting a worthless laptop are too small to concern yourself with when looking for something expensive to steal.
Also, if you tie the encryption of the hard drive to a particular CPU then killing the CPU makes your information inaccessible.
Work Safe Porn
Granted, if you are feeling vindictive, you can deny the thief the use of your laptop. Though in all likelihood, by the time you've exhausted other possibilities and actually convinced yourself to go through with the kill switch process, the thief would already have sold it to an unwitting party. Or even assuming that the thief wanted to keep the laptop, killing it is just going to give him a reason to steal another laptop from someone else, thereby increasing the number of thefts and victims. Sounds more to me like a pro-theft device.
Is this supposed to be a deterrent effect? If so, how is this "feature" advertised to potential thieves? It would be the laptop manufacturer who has to make a highly visible statement on the chassis: "DON'T STEAL ME, I CAN BE REMOTELY DISABLED." That's actually what this feature boils down to, and is equally effective as a bluff with a 25-cent sticker.
In either case, you do not get your laptop back. You would still be as much a victim of theft as before. Only now, you have the risk of accidentally killing your own laptop, or having malicious parties figure out how to kill yours. Thieves aren't going to look at the specs of your laptop before tucking it under their arm and walking off with it.
Useless, risky, and draconian best sum up this idea.
I put this right up there with screen doors on submarines, Chocolate teapots, and rubber crutches.
"users have the >>>>option to set up their processor so that if their computer is lost or stolen, it can be shut down remotely" but some how people read this and assume Intel has full control of your CPU, along with the RIAA/MPAA or any other organization people here don't like. I akin this to the unique ID feature added to Intel processors a few years back that was optional and can be turned on or off in the BIOS but everyone was worried about it being some form of Big Brother conspiracy to track your every use of your computer. BTW the majority of the top 10 smartphones have a kill switch in them, you know, the ones all of you are using.
Oh the irresponsibility... Now that's a feature just waiting to be exploited. That feature serves no benefit to anyone other than big brother or criminals... oh, that's right, just criminals.
What consumer would want a kill switch? Seriously, processors are so cheap, having this kill switch will only do one thing...namely give control of consumer computers to someone (cough* USA *cough). How about a "Really Kill" switch, that has some actual use...ie: kills the person with the chip...now that would be some awesome technology, and much harder for a government to hide....not that I am paranoid about government doing things it should not.... =)
I don't believe this anti-theft crap for one second. You know what this is.. it's a kill switch for the **AA's to hold over your head. Mark my words this is not for YOUR security, it's security for your corporation/government.
A version of 386ex is used by Honeywell and Garmin in many products. They do have a kill switch as required by DO-254 standart. A dead processor is better than a crazy one.
A really common mistake for people who don't know how processor generations work is to confuse things that are IN the cpu with things that are features in that generation of chipset incl wireless that arrive WITH that cpu. Intel Anti Theft is mostly a platform technology - it's mainly not about the cpu. But because it arrives as part of the Sandy Bridge generation platform, it's assumed to be a purely cpu technology. Hence the idiot, earlier that thought this meant 3G in the processor. Instead of being surprised at that, he should have reconsidered the premise that this IS all in the cpu
This is public knowledge since 2006:
The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations.
The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him.
Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia.
http://news.com.com/FBI+taps+cell+phone+mic+as+eavesdropping+tool/2100-1029_3-6140191.html
Cellular carriers will remotely update the firmware of a smartphone by government request in order to turn your apparently inactive phone into an active microphone.
...about protecting the consumer from computer theft, they would target the HD and RAM (where data is held). "Security RAM" that instantly self-erases when it is disturbed could be a beneficial feature for some.
Instead, the only significant thing Intel's new feature does is give the US government a channel for denying powerful CPUs to its enemies during a conflict.
And where is the backdoor, via 3G no less. p.s. Anti-theft should be available at the OS level, not at the CPU level.
"Still" implies things haven't changed since the heyday of 386 boxen.
For those thinking just that, it's more the case that mission critical tech relies on *older* tech due to the cost of hardening circuitry to random solarflare bitflips and whatnot. When a 386 was a beastly rig, something from the early 80s would have been the choice.
Now big brother can watch every bit of my life...
"To prevent this day from getting any worse, I'll just read ERROR as GOOD THING" 1GJU8xLuDKDxEs4KLf8fAGyptoDsqvEsBT
Problem solved!
This feature looks just up Chrome OS's alley. As other posters have pointed out, it's the data (typically in the form of the hard disk) that's important, not the processor. So, imagine a cloud-based computer like Chrome OS being stolen. Your data's mostly safe, so you can afford to spite the thief by having the Chromeputer remotely bricked.
I'd think that any bit of security at this point that would be implaced by a corperation as large as this one would have some alignment with the US government. Of course this will be exploited, anything that can be exploited will be. I'm starting to feel as if it's time that big brother, big mother, and our even bigger father to lay the hell off. I just hope that more people start to feel that way. Of course this is all speculation... I'm really not that tech savy compaird to most of you. However, I do feel that most of the freedoms that people so much better than myself died for, are long gone.
Any society that would give up a little liberty to gain a little security will deserve neither and lose both. -Ben Franklin
Intel is announcing this processor at CES on january, but it's already being sold. I am in australia for the holidays, and just bought a i5-2300 sandy bridge with a gigabyte motherboard, 8 gigs ddr3 ram and ati 5770 for less than 750, which is to say cheap considering where i am.
Open Source Java Web Forum with LDAP authentication
uhh I'll be putting a Cellular Network Jammer next to my computer, can buy one @ www.dealextreme.com
This kill switch will help in casual theft cases. Drunk corporate officer leaves laptop in nightclub. It gets grabbed by a club rat. Next day, IT disables the CPU. If the machine is found again, recovering the data even with an erased TPM isn't hard. BitLocker can store the recovery bits in Active Directory, or even as a data recovery agent, so if the laptop is recovered, the key can be reinputted and the TPM information resealed, or the drive can be unlocked and mounted by IT for document recovery.
This kill switch will help in casual theft cases. Drunk corporate officer leaves laptop in nightclub. It gets grabbed by a club rat. Next day, IT disables the CPU.
I fail to see the advantage of disabling the CPU here, as long as the laptop already has full disk encryption. It is completely integrated (we used PGP Whole Disk Encryption) and invisible to the user; it's just you enter your password earlier.
With regard to the recovery of the laptop, both this "kill switch" and the WDE do the same thing; you reenter the key and the HDD gets decrypted. The difference is small and technical: the kill switch physically wipes the key from the integrated TPM, whereas WDE simply doesn't have the necessary secret (your passphrase) to generate the HDD decryption key.
If we start assuming that the passphrase is known to the thief then all bets are off anyway - he can instantly boot it up and copy the data before the loss is detected, even if you use an ansible to send the signal. Your drunken sales droid is not likely to realize that the notebook is lost until he wakes up in the morning, and there wouldn't be any password written on the laptop itself.
An industrial spy can steal a notebook from a company office. They actually do that, and it's not too difficult. They dress appropriately, tailgate an employee, look around, take what they need and leave, all within 5 minutes. In a larger office there is no way for workers to detect an extra person. In this scenario if the password is written somewhere at the cubicle the thief can have it. Then both methods converge - the thief takes the laptop into a shielded room (a basement) and does his thing there.
You pay for the WDE software only once (as opposed to the continuous 3G service.) Then the laptop doesn't depend on 3G availability to lock the thief out - it's safe by default. This means that you have to have WDE anyway. So what exactly the CPU block buys you if the HDD can't be accessed? Do you (or the company) want to pay money for the service to simply annoy the thief? Most companies can't care less about the laptop hardware, these notebooks are often leased for the duration of the refresh cycle, and/or insured. Companies care about the data, and WDE protects it pretty well. So again, how exactly the kill switch will *improve* security above & beyond existing solutions?
IMO, Intel proposes this simply because they can, and because that's the only security option they can think of. It's a poor option, on par with the unique CPU ID, and it will be equally disabled on majority of notebooks. I think they added it just for a checkbox on sales materials. Technically it is worthless for pretty much everyone and will not be used. Low-end users, like that sales guy, will find this an overkill. High-end users, like CIA, will find this inadequate. Middle-range users already have WDE and have no need to pay for a service that disables a chip that doesn't do anything anyway.
What they are not telling us is the miniature microphone next to the switch...
I think you are right about that, and the reason is, that the processors have to be very resilient against external influences, like the elevated radiation up at around 1km height (~4k feet).
I know they do special hardened chips for anything that goes to space, as the most important thing up there is reliability. I imagine it's similar for planes, though not that extreme.
Besides the simpler and more robust build for these chips, the probably also draw much less power than a modern workhorse processor, and that's pretty critical when the power goes out and you are flying on a little emergency battery.
There is also the tons of optimized code for these things. Developing airplane control software is not exactly like building a website, and it's expensive as hell (multiple reviews of every line, test cases ad infinitum, etc.). The current software works well on that architecture, so there is no inherent reason to quickly switch (unless the production lines run dry, of course).
mission critical tech relies on *older* tech due to the cost of hardening circuitry
Exactly. It's not so much the speed of the part, it's the size of the transistors. A modern gate is about 1/15th the size of the ones in a 386. It's like comparing hitting a coffee cup with a tennis ball, and hitting a beer keg (although, the proton is much smaller than a tennis ball on that scale).
I can already do a remote kill via SMS. It's built into all Nokia E71s and I assume other models.
Reception anyone? 3G only covers 25% of the country. So most people don't have to worry about this.
But thanks for letting me know what to avoid.
---- Booth was a patriot ----
WikiLeaks
So I steal your computer, and wrap it in foil. No 3G signal, no kill switch. This isn't put in for the goal of personal security, it's something else.
In other news, Intel codenames their processor a perfect stripper name.
None of this is nearly as much fun as some of the comments I've read, but it happens to be true.
Hmm.. sounds like "the man" wants a backdoor to disable you.
Probably due to the Pentium math bug. They don't dare to upgrade to a more modern processor due to the risk of bugs in more complicated processors.
It would be very bad if aircrafts crashed due to a hardware bug, and it could prove fatal for the processor manufacturer.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Will the above feature also be enabled on these chips?
"History is the realm of the true lie." A.Szerb
Another stroke of brilliance (sarcasm) and another brick in the wall. I wonder what kinds of discussion occurred and with whom at Intel's marketing department on how they would sell this to the "sleeping lemmings". Where might such a requirement might have arisen? Incorporation of a mobile 3G transceiver onto the die doesn't come for free. Speculation: Can you spell US government subsidy to INTEL for each Sandy Bridge Processor sold? This is or may become a path for surveillance of non-internet connected computers with a handy marketable AntiTheft angle. Security asset? This is an I/T security nightmare! This should yield some interesting posts in the future as we read how this access point will be exploited. If this story is true, one should think twice about purchasing INTEL CPUs. Consider other processors and virtualized Intel machines.
Most servers sold are quad core.
Yea, I do work in classified and higher environments. We are not allowed to bring cell phones into closed containers. In on of the DOD demonstrations they get a cell phone from the audience and remotely activate it as a wiretap in real time.
This is not a "myth", its that other thing, what is that called again, oh yea, a "fact".
No special application required either. See your cell phone _is_ the application. It is running all the time the phone is on, it listens to commands and responds to them.
For a day-to-day proof. Go buy a new cell phone. Put the battery in. Then don't turn it on for a day. When you do turn it on it will have been "provisioned" even though it was "off". Go buy another cell phone and take the battery out immediately for 24 hours. I will not work when you finally put the battery in and turn it on. This is because the provisioning messages couldn't find and program your phone because the receiver had no power. In the latter case you will probably have to call the cell phone provider and ask them to re-send your provisioning. This request will _not_ confuse even the first-tier support people.
If your phone has power, it can be turned on and off and reprogrammed all from the other end using just your IMEI and maybe your GSM key. Both of these things are known to your provider as a requirement of providing service to you.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
Why would a foreign government buy Intel CPUs, knowing that the US gov could force Intel to shut them down? It seems like a deal breaker for any
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
Who else has that option. Hmmmm I wonder...
It's like comparing hitting a coffee cup with a tennis ball
Roger Federer can knock a can off your head with his serve. That would put him into the 486 class.
Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
Intel -- It's Inside. It's Insiiiiiiiiiide of yoooooouuuuuuuu. Intellllllllllll.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
Older processes use the larger feature size which makes them inherently more robust against radiation. Background counts are already quite a lot higher at 30,000 feet. Also you generally just don't need the horse power anyway.
The Grey Goo disaster happened 3 billion years ago. This rock is covered in self replicating machines!
also, in an airplane you don't want them shut over 3G network by, say, freshly graduated moron at DHS mistyping processor number
Excuse the shameless plug, but I would be foolish not to point out that this technology would be a great compliment to our software that locates, locks down, and protects the sensitive data on Windows/Mac/Linux based notebooks, tablets, and desktop computers as well as smartphones. Check it out here: http://www.i-contain.com/icnet.php