OLPC Has Kill-Switch Theft Deterrent 138
Sid writes "Ars Technica reports that the One Laptop Per Child (OLPC) XO has an anti-theft daemon in the OS that can be used to remotely disable machines, much like WGA. The Project added the kill switch at the behest of a few countries concerned about laptop theft. From the report, 'OLPC has responded to such concerns by developing an anti-theft daemon that the project claims cannot be disabled, even by a user with root access. Participating countries can then provide identifying information such as a serial number to a given country's OLPC program oversight entity, which can then disable the devices in certain scenarios.'"
That's too abusable (Score:3, Interesting)
De-activating the laptops prevents people from stealing and using them, but it also means that if some hostile person has access to your shutdown keys, they can take your laptop but not your data.
Re:IMO: Not possible (Score:4, Interesting)
Unless they alread thought about this and are using the same provisions that lets GPLv3 code work with a GPLv2 kernel and call it an agregate. Then the point of the GPLv3 restrictions are usless if the lock only stops the GPLv2 code from working.
And to all those thay want to say But the GPLv3 says this, The GPLv2 says "no further restrictions can be applied". And restrictions in a GPLv3 license whatever the final release is, has to honor this unless it is actualy incompatible and can no longer be used with GPLv2 code. You can have the cake, eat the cake but you need to assemble the ingredients to make the cake before any of that happens.
Re:Limited Deterrent (Score:2, Interesting)
This is not to say that OLPC's thing is bunk- it probably isn't, but as far as some of the car things go, it's only apparent security, not actual.
Thieves steal low value stuff (Score:2, Interesting)
And school thieves steal things with zero street value, including keyboards, cables, and AC power cords. Heck, someone stole three VGA monitors over winter break, saving us $30 in dump fees.
Or a social engineer (Score:2, Interesting)
"Certainly."
"Thanks!"
Monique Malicious chuckles, then walks away, her handiwork complete, her rival's laptop disabled.
I certainly hope they've prepared to prevent such scenarios. Granted, you need to know the serial number, but if it's printed on the back of the thing...
Re:It will get cracked very quickly..... (Score:4, Interesting)
From the Bitfrost specification (which this killswitch is part of):
http://dev.laptop.org/git.do?p=security;a=blob;hb
Re:So a hacker could disable OLPCs? (Score:4, Interesting)
RSA? That old dog has still got some life in it yet. Their specific implementation of RSA and how it interfaces with the mechanism for actually throwing the kill switch? Maybe. Depends on whether the crypto validation happens in software or in hardware; in the latter case, they could actually do the crypto in hardware (low-performance RSA hardware implementations are dirt cheap) and not provide any other mechanism to trigger the kill switch -- thus, in this situation there would exist no possibility for the software to be hacked to bypass that check.
This isn't like software-based DRM, where the decrypted bits need to be fed back into a fully programmable mechanism somewhere. This is a security device built into a dedicated hardware system; if done right, it need not have any of the vulnerabilities 'yall around here are accustomed to.
Hacking the HQ is easy to avoid -- just like with any important key, you don't keep the system online; when you need to do work on it, you move your data on and off via static media (my employer uses a USB key for moving CSRs onto and certificates off of our fully disconnected CA). The HQ being ransacked is a slightly different matter, but given that it's located in a 1st-world country with an effective police force, that kind of thing doesn't happen so often.
Laptop lockdown, real motives (Score:1, Interesting)