Schneier on Security
A blog covering security and security technology.
« Anti-Terrorism Stupidity at Yankee Stadium |
| Washington Post Comments on Terrorist Plots »
July 24, 2008
Open Source Laptop Tracking Service
Adeona. Looks good.
Posted on July 24, 2008 at 11:59 AM
• 32 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
So do we encrypt our laptops enough to protect sensitive data _and_ leave the machine functional enough to leave messages at OpenDHT?
Well, users of whole-disk encryption have essentially decided that the security of the data is worth more than the recovery of the device. This is because they know (or should know) that if the device is stolen, and found to be unusable without an authenticator, the next thing that will happen to it is that it will have its disk re-formatted and a new OS installed on top. The chances of recovery are next to nil.
Adeona/OpenDHT is for people who value the device more than the security of the data, and want a chance of recovering it. For this to happen, the device necessarily has to be at least partly usable by whoever stole/fenced/bought it, and the more usable it is the more likely it will be used in a way that leaves a trace.
You could possibly have it both ways... Have a boot manager that defaults to booting, say, a vanilla winxp home installation that takes up a few GB of space, and has little loaded on it except perhaps a few programs and, of course, the adeona client. The other boot option (that you would only notice was there if you closely watched it boot up) would be a WDE-protected (or at least whole-partition-encryption-protected) secure OS of your choice.
The really awesome thing, of course, would be to build this client into your BIOS. And add in a GPS.
Not exactly. Computrace lives in the BIOS. If you just reinstall Windows, it will reinstall itself. The only way to get rid of it is to hack the BIOS.
If the thief keeps the laptop and loads Linux, Computrace will remain in the BIOS but won't be able to run. But really, how many stolen laptops are going to get linux installed on them? They're going to get pawned for $100 and sold to someone on the street for $300, chances are they won't even bother reinstalling the OS. If it makes it to a shop first, and the shop nukes the drive and installs Windows, CT will reinstall itself and it will call home first chance it gets.
Unless you know it's there and take active steps to remove/disable it, then the chances of recovery are good. Of course, you still need to make an attempt to find it; it might sit unclaimed at a lost and found or at the police station. You figure it's gone so let your computrace account expire, and so when it gets listed as abandoned a year later and sold at auction, it does report home but by that time the company doesn't bother to report it's been located.
I'm a bit confused as to what this is supposed to do.
If my laptop is stolen, it most certainly will not magically get online until the attacker either replaces the drive, or manages to hack the BIOS drive password and then formats and installs their own OS.
Even if it was stolen in standby (and I treat standby as an "on" state, meaning that I don't let it out of my paws), I certainly wouldn't configure my laptop to hop on any wifi network in range just for giggles, so unless the thief drove by my office or house and stopped long enough for the laptop to signal where it is and then wait for me to come rescue it, I'd never hear from this software or the laptop again.
What am I missing?
"These files are temporarily unavailable. Please check back soon."
First you need to download it successfully.
Heh, and of course this is just the sort of software which would disappear from the world if your recent suggestions on liability were followed through as this is open source software licenced under the GPL ...
It took a team of researches a year to do what a thief can render ineffective in 10 minutes? Well done!
Thiefs, the moral of the story is do not connect to Internet until you change the hard drive after you steal laptops.
You're not missing anything. Setting a BIOS password means the that the thief can't pawn the laptop, so they just drop it in a dumpster ensuring you never get it back. Maybe a more entrepreneurial fence may disassemble it and sell it for parts, but either way, you're not getting it back.
Most people don't set BIOS passwords on laptops. Most people have their laptops wide open to hop onto any open network. Most people don't have a clue about security, so for many, this may well work.
Of course, recovery depends entirely on the attitude of the police. That's one thing Computrace touts as a feature, that they will work with the police to recover a laptop.
I have a pretty good OS X solution to the drive encryption / laptop recovery problem.
I have one non-admin account that I use for day-to-day stuff. This part of my HD is not encrypted. I then have a second non-admin user account for storing sensitive files. That part is encrypted.
With fast user switching, it works pretty seamlessly and well.
@Paul - Why would open source (vendor-less) software "disappear" if software vendors became liable for security flaws in their products?
If I get a PC of unknown origin (sometimes it happens where I live), the first thing I do is complete reinstall from liveCD. Namely, complete wipe of HDs and installing new OS afresh.
So, if this "protection" does not live in BIOS, it will end up in /dev/null.
Although, "never underestimate human stupidity". If thief will manage to log in and then will connect to internet, then you'll get some data.
BTW, similar software already exist for Windows Mobile phones. It writes itself into NVRAM and fire up when SIM card changes. Then it starts to send unattended SMSes to preconfigured phone number and do other nasty things like responding to command SMSes from that number - like rebooting, downloading phonebook, etc. I've heard that this kind of software has helped to salvage some phones.
But, this sheme isn't bulletproof - flashing new firmware will kill protection.
As far as I know, the passwords for encrypted homes in OS X remain cached when you use fast user switching (which is why OS X warns about it). So unless you really log out of the sensitive account, it is theoretically vulnerable. It's good enough in most scenarios though, and also provides much better protection whenever you have to provide some password or face significant hassle (i.e. customs).
So, what about the case of someone surreptitiously introducing Adeona onto your laptop, generating the original cryptographic seed, giving them access to it's location data retrieval. All the sudden They Know Where You Are. Sounds like it can be abused.
Of course the trivial case of loss of privacy is the employer tracking their laptops, akin to cell phone tracking. Then there's the Mata Hari copying that slip of paper the original cryptographic seed was stored on from one's wallet.
works only till the news break and the novelty-factor wears out. the bad guys read news, too. they'd swap the disk or sell the parts for scrap. maybe if it's code in the bios w/o hd access it may work, but still needs network access ... and swapping the wifi module is easy, too
BTW i remember seeing an interview with some high-level audi manager, he said they can make car-theft almost impossible (biometric,rfid,codes etc) but that would increase the # of carjackings (which wouldn't be good for the brand-image - who would then want an audi?)
same with X000 $ laptops - always the tradeoff human cost vs machine cost
besides an 'angry' thief may extract your address, and after some jailtime, may come for a visit ...
If I had Adeona installed and decided to sell my laptop, could I track a new owner ? Yes, I could. If the new owner was not a geek he or she would never realize that I can track what they do, what they connect etc. It is an open source product. If I change a few parts of the program, I can receive much more then just a few bits of information. What do you think about this ?
from Adeona faq: "...swipe your laptop from a coffee shop or your dorm room, and then wants to use it or perhaps sell it on online. Such thieves will often not be technologically savvy... "
Swipe your laptop from your dorm room? Probably a fellow student. Why would he (or she) not be savvy enough?
The producers of this product have to be totally naive. Nice CS project perhaps though.
If my laptop gets stolen a thief will notice he can parhaps use and sell bits of the hardware (HD, memory), but he won't even get to the BIOS because of a hardware lock, even in stand-by. He will thrash it. If everyone were using such a lock (and every laptop offering it), thieves would learn that stealing laptops is useless.
Thief does not need to erase whole disk - it's if enough if he won't connect computer to Internet. You don't need Net to investigate computers' content.
Today, open source developers put in work (without pay) and give this away to people for free. That's a lot to ask, but some people enjoy programming and others feel an obligation to pay back the community.
If there were liability, we would be asking open source developers to put in work (without pay) and open themselves up to being sued for millions of dollars, all for free. Those selling for a profit could, presumably, increase their price to cover the risk (or cost of insurance), but you can't exactly raise prices (or make up for it in volume) if your product is free!
Introducing a loophole that says those giving a product away for free don't incur liability MIGHT work, but the law would need to be crafted carefully, or commercial developers would split their code into 2 parts: the free part that incurs all the liability, and the very-expensive part that does nothing but allow the free part to work.
Would be convenient if the laptop had a builtin GSM chip that Adeona could dial - sort of a trusted path.
Ignoring all the issues of having a cellphone in your laptop might expose you to...
I installed Adeona on my Mac. I found a serious issue with it. The software takes photos of routinely throughout the day. All that is needed to access that image is the credentials file and a password. It is only a matter of time before this is abused somehwere for purposes other than theft recovery, cyber voyerism, stalking what have you.
so if i lost my laptop and i dont have any bios password (which can be removed in a couple of seconds), and the thief swipes the hard disk, can i trace it in any other way?
BIOS password provides no real protection. Your CMOS chip (the one that the BIOS resides on) requires power, so there is a small battery to provide that power even when the machine is turned on / unplugged. Taking that battery out for a few minutes will reset BIOS and your password will be lost.
If this software resides in BIOS it will remain there even if the BIOS is reset. The only way to get rid of it is to overwrite BIOS, which is way beyond what even power users could do.
The question is what happens if your laptop is reinstalled with Linux ? Would the tracking software run on it ? Most likely not.
Again most criminals will not think of that. They'll probably turn on the laptop and get on the Internet or at most wipe the drive clean, reinstall windows and then get on the net. In both cases the tracking software can locate the laptop.
well yeah it is easy to do tht i bought a laptop and i kotst tht it had tht traking in it all i did was 1 take the battery out to reset it and 2 flash the bios
Please,I want to render my stolen laptop useless.
What can I do?
i had a computer stolen from work, it is less than a year old, i have heard it can be traced, can it be traced to the person that took it or how does this work. thinking it is an fellow employee.
"i have heard it can be traced, can it be traced to the person that took it or how does this work"
Put simply a utility on the laptop does an "ET" and "Phones Home".
Therefor the first requirment is for the hardware to be able to "phone home" usually via a network connection.
The second condition is that the ET utility is installed and functioning on the system before it is stolen.
You apparent primary interest apears to be tracing the person who misappropriated the system.
Unfortunatly even if the system had an ET utility on it and it did "phone home" and the police etc recovered the system, unless there is a provable link between the person the police recovered the system from and an employee etc then the answer is no you can't.
The way to deal with "insider theft" is generaly by audit processess and controls supported by physical security mechanisms.
Many people know my dislike for laptops and aside from ergonomic issues my main objection is they are high value items that are just to easy to steal.
Adeona may look good, but I personally thing Prey looks better.
Computrace of absolute software corp is a root-kit like backdoor that nowadays lives in any BIOS (see their webpage).
It allows remote access to your machine during boot-up - the BIOS contains code ('persistence') to contact absolute and to ask for any additional software to be installed (on the windows partition or on any other partition/OS). The BIOS agent provides 'self-healing' capabilities in order to restore the corresponding windows service.
Thus, to put it frankly - you (especially notebook owners) implicitly grant access rights to your whole system to the people of absolute corp. You are fully dependent on these guys here concerning your data and/or control over your machine:
That might not be a big problem in the US (no one complained yet) but as European I find it unbelievable.
Information can be found on the net (computrace, ollydbg, eg.) and primarily in their published patents and patent applications.
Good luck !
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.