Forgot your password?
typodupeerror
Portables Hardware Technology

OLPC Has Kill-Switch Theft Deterrent 138

Posted by ScuttleMonkey
from the paperweight-maker dept.
Sid writes "Ars Technica reports that the One Laptop Per Child (OLPC) XO has an anti-theft daemon in the OS that can be used to remotely disable machines, much like WGA. The Project added the kill switch at the behest of a few countries concerned about laptop theft. From the report, 'OLPC has responded to such concerns by developing an anti-theft daemon that the project claims cannot be disabled, even by a user with root access. Participating countries can then provide identifying information such as a serial number to a given country's OLPC program oversight entity, which can then disable the devices in certain scenarios.'"
This discussion has been archived. No new comments can be posted.

OLPC Has Kill-Switch Theft Deterrent

Comments Filter:
  • That's too abusable (Score:3, Interesting)

    by paladinwannabe2 (889776) on Monday February 19, 2007 @12:29PM (#18068886)
    That makes it too tempting to give the laptops to people you want monitored- For instance, I could give it to random kids, and then figure out their schedules, where they live, and when they are alone in the house. And that's just scratching the surface- give me some time and I can think of worse abuses you could do with some sort of monitor on the computers.

    De-activating the laptops prevents people from stealing and using them, but it also means that if some hostile person has access to your shutdown keys, they can take your laptop but not your data.
  • Re:IMO: Not possible (Score:4, Interesting)

    by sumdumass (711423) on Monday February 19, 2007 @12:50PM (#18069186) Journal
    Not if the lock is in firmware on a chip somewhere simular to Tivo's DRM. But then It cannot run GPLv3 code after this. Such a pitty.

    Unless they alread thought about this and are using the same provisions that lets GPLv3 code work with a GPLv2 kernel and call it an agregate. Then the point of the GPLv3 restrictions are usless if the lock only stops the GPLv2 code from working.

    And to all those thay want to say But the GPLv3 says this, The GPLv2 says "no further restrictions can be applied". And restrictions in a GPLv3 license whatever the final release is, has to honor this unless it is actualy incompatible and can no longer be used with GPLv2 code. You can have the cake, eat the cake but you need to assemble the ingredients to make the cake before any of that happens.
  • Re:Limited Deterrent (Score:2, Interesting)

    by Loconut1389 (455297) on Monday February 19, 2007 @12:55PM (#18069262)
    Maybe off-topic, but my in-car DVD player has a removeable face that supposedly is coded and all of that and only replaceable by Phillips, yatta yatta yatta, but if you push in the lever on the front, the thing fires up and works like a charm. I did have a Kenwood MD/CD player that was definitely coded, but I didn't have access to another front panel to test that for sure, but it most definitely didn't work by pressing the contact switch, it just beeped a warning beep.

    This is not to say that OLPC's thing is bunk- it probably isn't, but as far as some of the car things go, it's only apparent security, not actual.
  • by Anonymous Coward on Monday February 19, 2007 @12:56PM (#18069290)
    OK, I teach in a public school. My computers often are shut down for 21 days or more ... like over vacations. And with intermittent internet connectivity is often down for two months. That's here in a California public school!

    And school thieves steal things with zero street value, including keyboards, cables, and AC power cords. Heck, someone stole three VGA monitors over winter break, saving us $30 in dump fees.
  • Or a social engineer (Score:2, Interesting)

    by Razed By TV (730353) on Monday February 19, 2007 @01:17PM (#18069618)
    "Hi, my name is Valerie Victim. Somebody stole my laptop. It's serial number is 123-456-789. Can you disable it?"
    "Certainly."
    "Thanks!"
    Monique Malicious chuckles, then walks away, her handiwork complete, her rival's laptop disabled.

    I certainly hope they've prepared to prevent such scenarios. Granted, you need to know the serial number, but if it's printed on the back of the thing...
  • by SirTalon42 (751509) on Monday February 19, 2007 @01:24PM (#18069716)
    "Face it, ANYTHING can be cracked if you try hard enough."

    From the Bitfrost specification (which this killswitch is part of):

    "But pushing the envelope on both security and usability is a tall order, and as we state in the concluding chapter of this document, we have neither tried to create, nor do we believe we have created, a "perfectly secure" system. Notions of perfect security are foolish, and we distance ourselves up front from any such claims."

    http://dev.laptop.org/git.do?p=security;a=blob;hb= HEAD;f=bitfrost.txt [laptop.org]
  • by cduffy (652) <charles+slashdot@dyfis.net> on Monday February 19, 2007 @01:26PM (#18069748)
    Until what is hacked?

    RSA? That old dog has still got some life in it yet. Their specific implementation of RSA and how it interfaces with the mechanism for actually throwing the kill switch? Maybe. Depends on whether the crypto validation happens in software or in hardware; in the latter case, they could actually do the crypto in hardware (low-performance RSA hardware implementations are dirt cheap) and not provide any other mechanism to trigger the kill switch -- thus, in this situation there would exist no possibility for the software to be hacked to bypass that check.

    This isn't like software-based DRM, where the decrypted bits need to be fed back into a fully programmable mechanism somewhere. This is a security device built into a dedicated hardware system; if done right, it need not have any of the vulnerabilities 'yall around here are accustomed to.

    Hacking the HQ is easy to avoid -- just like with any important key, you don't keep the system online; when you need to do work on it, you move your data on and off via static media (my employer uses a USB key for moving CSRs onto and certificates off of our fully disconnected CA). The HQ being ransacked is a slightly different matter, but given that it's located in a 1st-world country with an effective police force, that kind of thing doesn't happen so often.
  • by evolutionary (933064) on Monday February 19, 2007 @01:59PM (#18070266)
    Call me a sceptic but I don't think that theft has anything to do with the motivations for this "value add" here. Afer all, you could always take out the hard drive if the data is what you wanted (assuming unencrypted). You can reformat the hard drive and reinstall puppy linux if you just wanted the hardware. Data could be encrypted to keep people from stealing data. So what does "disabling" the laptop OS do to deter "theft"? With a techie, (or even a smart high school student) absolutely NOTHING. It won't stop anyone from stealing a laptop which in some countries are worth a lot even for the parts alone. This is really about "big brother". Pure and simple. Governments want to keep tabs on what people do on the Internet and possibly track where people are, just like in China and a few other countries. If the governent doesn't like what someone is doing, they disable the laptop to stop any "anti-government" e-mail, blogs, chat..word documents, whatever. By "stamping" the laptops in this way, its easier to get a positive ID on the last person the government "allowed" to have it. This is nothing to do with theft deterence. This is about controlling the activities of the population. Wait till China starts this in Red Flag, the Chinese made Linux distro. (Come to think of it, its likely they've built that in already and kept it "hush hush").

Programmers do it bit by bit.

Working...