[ale] lojack for laptops?

Jim Kinney jim.kinney at gmail.com
Tue Jun 16 13:00:01 EDT 2009 

All tools have both benign and nefarious uses and that one just scared
the bejeezus out me. Imagine a scenario where a particular laptop is
targeted, remotely activated over a wake-on-lan wireless NIC which
then is used to modify the bios to phone home on boot and report GPS
coordinates, upload keystroke logger, etc.

The potential for large-scale abuse it staggering. Maybe I _should_
keep some of my old hardware that required a physical _wire_ for WoL
to work.

Hmm. I recall seeing a similar remote capability in a thinkpad T20
bios. At that time, it required a mini-pci card to activate but once
activated, it could not be deactivated with out destroying the
computer.

where's my tin-foil beanie cap!

On Tue, Jun 16, 2009 at 12:42 PM, Michael H. Warfield<mhw at wittsend.com> wrote:
> $$!#@$@#!#!@
>
> That was not suppose to get sent yet...  Fat fingers...
>
> On Tue, 2009-06-16 at 12:35 -0400, Michael H. Warfield wrote:
>> On Mon, 2009-06-15 at 18:34 -0400, Bob Toxen wrote:
>> > On Mon, Jun 15, 2009 at 02:52:24PM -0500, Preston Boyington wrote:
>> > > Geoffrey wrote:
>> > > > Anyone use any software like this?  I'm considering it for my daughter's
>> > > > macbook as she heads off to Tech in the fall.
>> > > >
>> > > > Suggestions, recommendations?
>> > > >
>> > > > Anyone know of anything like this for Linux??
>> > > >
>>
>> > > I would love a hardware solution.  That way the thief wouldn't need to
>> > > power on the unit for the locator to work.
>> > Uh, is that like the Pointy Hair Boss saying that he wanted the unit
>> > to have a light that comes on when the battery is dead?  Yes there was
>> > Dilbert about this.  Sorry I couldn't resist.
>>
>> > Seriously, this would be a device physically attached to this but not
>> > electrically connected -- since all such PCMCIA cards and such don't
>> > have power unless the laptop is running.  Hence, it's not really laptop
>> > related as you could just as easily attach it to your pen (if it were
>> > small enough).
>>
>>       Actually, that's not totally true.  PCI includes a backup power buss (B
>> Bus or something like that, I don't recall the exact nominclature) for
>> things like "wake on lan".  If you didn't have that, wake-on-lan
>> wouldn't work.  Certain very low level functions and powered and
>> operational even if you only have power to the device and don't have it
>> powered up.
>
>        Wake-on-lan info:
>
>        http://en.wikipedia.org/wiki/Wake-on-LAN
>
>>       The really scary extension to that is the Intel ATM  / vPro technology.
>
>>       http://en.wikipedia.org/wiki/Intel_Active_Management_Technology
>
>> "Almost all AMT features are available even if PC power is off, the OS
>> is crashed, the software agent is missing, or hardware (such as a hard
>> drive or memory) has failed."
>
>> Intel AMT supports these management tasks:
>>
>>       * Remotely power up, power down, power cycle, and power reset the
>>         computer.[1]
>>       * Remote boot the PC by remotely redirecting the PC’s boot
>>         process, causing it to boot from a different image, such as a
>>         network share, bootable CD-ROM or DVD, remediation drive, or
>>         other boot device.[1][7] This feature supports remote booting a
>>         PC that has a corrupted or missing OS.
>>       * Remotely redirect the system’s I/O via console redirection
>>         through serial over LAN (SOL).[1] This feature supports remote
>>         troubleshooting, remote repair, software upgrades, and similar
>>         processes.
>>       * Access and change BIOS settings remotely.[1] This feature is
>>         available even if PC power is off, the OS is down, or hardware
>>         has failed. This feature is designed to allow remote updates and
>>         corrections of configuration settings. This feature supports
>>         full BIOS updates, not just changes to specific settings.
>
>        There are other potential uses for the ATM technology and, if you can
> load certitificates and other software up there, there's quite a few
> possiblities.  But it is intended to be tightly restricted.  You can't
> update it from the normal running OS.  But it is intended for remote
> management, EVEN WHEN THE MACHINE IS INITIALLY turned off.  A "lojack"
> functionality has been discussed in some forums.  I'm not aware of any
> product that actually takes advantage of it for those purposes and I'm
> not sure how widely deployed it is (like the accelerometers on our
> laptops, Bob, or VT/SVM capabilities for virtualization).
>
>> > > Early possibilities for this seem to be a company called S5 Wireless
>> > > (http://www.s5w.com/):
>> > >
>> > > http://www.gadgetvenue.com/s5-gps-like-tracking-device-is-tiny-12174830/
>> >
>> > Bob Toxen
>> > bob at verysecurelinux.com               [Please use for email to me]
>> > http://www.verysecurelinux.com        [Network&Linux security consulting]
>> > http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
>> > Quality spam and virus filters.
>> > Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
>
>        Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>   NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>



-- 
-- 
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness

More information about the Ale mailing list