Forgot your password?
typodupeerror
Portables Hardware Technology

OLPC Has Kill-Switch Theft Deterrent 138

Posted by ScuttleMonkey
from the paperweight-maker dept.
Sid writes "Ars Technica reports that the One Laptop Per Child (OLPC) XO has an anti-theft daemon in the OS that can be used to remotely disable machines, much like WGA. The Project added the kill switch at the behest of a few countries concerned about laptop theft. From the report, 'OLPC has responded to such concerns by developing an anti-theft daemon that the project claims cannot be disabled, even by a user with root access. Participating countries can then provide identifying information such as a serial number to a given country's OLPC program oversight entity, which can then disable the devices in certain scenarios.'"
This discussion has been archived. No new comments can be posted.

OLPC Has Kill-Switch Theft Deterrent

Comments Filter:
  • by Joe The Dragon (967727) on Monday February 19, 2007 @01:15PM (#18068624)
    Wait vista can do this.
  • by Hymer (856453) on Monday February 19, 2007 @01:39PM (#18069020)
    That's the same functionality as in GSM and UMTS phones: You call, tells that device is stolen and wich IMEI-no. it has and it is then globally disabled.
  • by silentounce (1004459) on Monday February 19, 2007 @01:44PM (#18069116) Homepage
    US$100 may not be much here, but it is more than the majority of people [gapminder.org] make in a month.
  • This isn't news... (Score:5, Informative)

    by SocialWorm (316263) on Monday February 19, 2007 @01:59PM (#18069334) Homepage

    Several people, myself included, specifically pointed this out during the last story on OLPC's BitFrost system. [slashdot.org].

    And can we please remember that it's One Laptop Per Child, and not One Laptop Per Slashdot-reading Guerilla Geek? Any abuse regarding deactivation of the laptops is more likely to be carried out by confiscation of the laptop by school personal.

    Also, the feature can be disabled with a Developer Key from OLPC:

    1018 The anti-theft system cannot be bypassed as long as P_SF_CORE is enabled (and
    1019 disabling it requires a developer key). This, in effect, means that a child is
    1020 free to do any modification to her machine's userspace (by disabling P_SF_RUN
    1021 without a developer key), but cannot change the running kernel without
    1022 requesting the key. The key-issuing process incorporates a 14-day delay to
    1023 allow for a slow theft report to percolate up through the system, and is only
    1024 issued if the machine is not reported stolen at the end of that period of time.
    - http://dev.laptop.org/git.do?p=security;a=blob;hb= HEAD;f=bitfrost.txt [laptop.org]
  • by SirTalon42 (751509) on Monday February 19, 2007 @02:09PM (#18069490)
    The monitor only lets the OLPC authority shutdown the machine IF the anti-theft server says the machine has been stolen, OR the laptop is kept from accessing the server for more than x days (21 I think). And the daemon CAN be disabled, if the child requests the developer key from the OLPC authority (theres a 7 day wait to make sure the laptop wasn't stolen between the request and giving the key). The laptop uses code signing to prevent the operating system from being permanently modified (if you have the master key(s), or the developer key, you can modify it as much as you want, if you don't you can modify most of it but only in a copy of the system files, its a very nice way to allow most of the system to be modifiable by the kids, but if they bork it, you can just reset to using the original system files (assuming you didn't modify the original using the master/developer keys).

    Now if the thief steals the developer key with the laptop, then the daemon is useless (unless they're too slow), and in the BitFrost document they acknowledge that theres is no way they can guarantee no laptops will be stolen, just try and discourage the thiefs.
  • RTF Spec (Score:4, Informative)

    by fang2415 (987165) on Monday February 19, 2007 @02:11PM (#18069510) Journal

    When this (old [slashdot.org]) news [wired.com] first came out, I posted this gloom and doom [slashdot.org] comment, but after reading the spec, I realized that the picture was more complicated than my comment, or the summary above, indicates.

    FTF Spec [laptop.org]:

    The anti-theft system cannot be bypassed as long as P_SF_CORE is enabled (and disabling it requires a developer key). This, in effect, means that a child is free to do any modification to her machine's userspace (by disabling P_SF_RUN without a developer key), but cannot change the running kernel without requesting the key. The key-issuing process incorporates a 14-day delay to allow for a slow theft report to percolate up through the system, and is only issued if the machine is not reported stolen at the end of that period of time.

    My earlier concerns were that this funcitonality was the same type of call-home spying and TPM kill-switch control that MSFT in its most evil moments would love to have over all of its users and that OLPC had totally screwed the pooch.

    The spec makes it seem a bit more like a maximally secure default setting, whose override is difficult but still accessible. They are simply storing the lock (the laptop) and the key (the developer key) in different places. The keys won't be given out if the lock has been reported stolen, but if not, they are available to the machine's owner.

    Something about this still worries me, though. The developer key makes this system radically different from something like the WGA's phone-home spyware "feature" in that it can be disabled by the machine's owner, but given that the default setting is so hard to override, is the effect really all that different? Is this going to screw over less techical users who make a mistake and somehow manage not to "renew their lease" frequently enough? Worst of all, if something goes wrong with the centrally-managed key distribution system, millions of kids will be left with fully locked down, unhackable, TPM machines that will brick in an instant if they wait too long to phone home to the server of a government that may be more interested in censoring them than empowering them.

    I'd be curious to hear what Stallman has to say about this project, especially this aspect of the security system. I think everything else about this project would suit even his lofty standards to a tee, but I think OLPC is walking a fine line with this anti-theft system.

  • by AHumbleOpinion (546848) on Monday February 19, 2007 @02:15PM (#18069566) Homepage
    In most cases the value to the thief is not in the object itself but in its resale value. If they know that the laptops will be bricked before they can shift them, it might deter some people from swiping them.

    It will deter few. I recall looking at computer equipment in a pawn shop. I was excited as I saw some IBM Model M keyboards. Upon inspection I found that the keyboards had not been unplugged, the cables had been cut. I expect many thieves will have difficulty telling OLPC systems from normal systems at the time of the robbery. I also expect that highly organized thieves will not shy away from stealing a large shipment of these laptops, and stripping the RAM and HD for salvage.

    Also, "resale value" may be misleading. It is rarely sale to an end user, rather a middleman, as in pawned, laundered, fenced, etc.
  • There is no HDD. There's like 128 MB of RAM, and 512 MB of Flash (expandable). You couldn't sell a 128 MB stick of RAM for any sort of large profit (most retail sticks start at 256 MB or 512 MB), and a removing the flash and consolidating it into something useable to any other product would exceed the costs of bulk flash in the first place. The displays probably need a custom driver. The only thing really useful is the battery, and even that's low-end.

    The fact remains that when you take into account the costs of stripping the OLPCs for parts and selling the parts on the black market, you quickly exceed the possible resale value of the parts.
  • Re:IMO: Not possible (Score:3, Informative)

    by SirTalon42 (751509) on Monday February 19, 2007 @02:36PM (#18069896)
    The mechanism the laptop will use IS like the Tivo DRM (in fact there was a discussion on lwn whether Bitfrost is drm or not, and whether it would violate the GPLv3 or not). I believe Bitfrost WILL be GPLv3 compliant because the owner of the machine can request a developer key which will allow them to modify anything on the system (even remove the daemon). To prevent the thief from just requesting the developer key theres a 7 day waiting period (to confirm that the laptop hasn't been stolen) and then the key is issued. If the child already has the developer key, and then the key and the laptop are stolen, then the thief can disable the daemon themselves and get around the security. Also the developer keys are machine specific so stealing 1 key won't let you bypass the security on all machines.

    This SHOULD make it very hard to defeat the anti-theft daemon (it doesn't reside in dhcpd btw, also removing internet access for 21 days will brick the machine anyways).

    Bitfrost is much more than just the kill switch and is actually quite interesting, and at least in theory sounds like it would be quite effective.
  • by Coryoth (254751) on Monday February 19, 2007 @02:57PM (#18070230) Homepage Journal
    I think the important point is that the OLPC project "allows countries to optionally establish a license period". I agree that it is hardly ideal, but it is being offered as an option because some countries demanded a feature of this kind. Other countries aren't quite so silly and won't enable the option. I think realistically one of the greatest theft deterrents for the XO machines is that they are seriously targetted towards young children. Sure there are geeks on Slashdot who would love to get their hands on one anyway - it is a linux machine after all, and anyone with sufficient nouse could make it do some fun and interesting stuff. That makes for a fairly small market however. It's not like you can grab one of these things and install Windows on it to have a laptop. If you steal one of these things you'll either have a machine with an unfamiliar interface designed for children and very little software that is particularly useful outside of an educational setting. You'll have to know what you're doing to get anything more out of it than that... and if you know what you're doing then you're more than likely in a position to cheaply and much more easily get and set up a laptop for your needs.

    I think you'll find that the XO machines prove to not be terribly attractive targets for theives because they are so target specific - I don't think many people other than kids (and shameless geeks such as hang out here) are going to be able to do much useful with them, and if it isn't going to be very useful, why steal it?
  • Assuming the connectors and the voltages and stuff match up (which I doubt), the handcrank doesn't produce a lot of power. Sure, it's a decent amount in relation to the ultra-low-power OLPC, but it's not gonna do much compared to a Merom or Turion with 1-2 GB of RAM and a HDD with a full color display. I mean, I bet the crank-time-to-powered-time ratio would be essentially reversed at best (you'd spend twice the time cranking that you'd get in battery time).

A method of solution is perfect if we can forsee from the start, and even prove, that following that method we shall attain our aim. -- Leibnitz

Working...