Forgot your password?
typodupeerror
Intel Security Hardware

Intel's Sandy Bridge Processor Has a Kill Switch 399

Posted by timothy
from the no-mr-chip-I-expect-you-to-die dept.
An anonymous reader writes "Intel's new Sandy Bridge processors have a new feature that the chip giant is calling Anti-Theft 3.0. The processor can be disabled even if the computer has no Internet connection or isn't even turned on, over a 3G network. With Intel anti-theft technology built into Sandy Bridge, David Allen, director of distribution sales at Intel North America, said that users have the option to set up their processor so that if their computer is lost or stolen, it can be shut down remotely."
This discussion has been archived. No new comments can be posted.

Intel's Sandy Bridge Processor Has a Kill Switch

Comments Filter:
  • On-disk data (Score:5, Interesting)

    by grantek (979387) on Saturday December 18, 2010 @05:57PM (#34602880)

    Cue rampant predictions of abuse, but I wonder if it can be combined with an on-chip encryption key to make full-disk encryption more effective (if complete control is given to the user)

  • by CaptainPatent (1087643) on Saturday December 18, 2010 @06:17PM (#34603044) Journal

    I'm sure the virus writers are rubbing their hands with glee waiting to get their hands on one of these chips.

    Actually, Kill-switch based malware is much less valuable in reality than other types of hacks. If this were a server processor, I could see the value in an enhanced remote server-kill. Because these are basic home-use processors though, remote kill viruses probably won't get much farther than proof-of-concept.

    Botnets are much more lucrative in the malware world - processor uptime is much more valuable than processor downtime.

  • by Snowblindeye (1085701) on Saturday December 18, 2010 @06:24PM (#34603110)

    I don't know what Intel is putting into those chips, but I am highly doubtful it is the way the article states it.

    Chip real estate is expensive. So Intel is going to put a complete 3G module on the CPU and use it only for this feature? And to top it off, it has some kinda of separate battery, cause you know, it works when the chip is off? Nonsense.

    This is probably some feature that gets build into the AMT support of some chipsets, maybe on Laptops that have a 3G connection already.But the way they are describing this? I call BS on that.

  • by bug1 (96678) on Saturday December 18, 2010 @06:24PM (#34603114)

    1. Sell CPU.
    2. Break it remotely.
    3. Goto step 1.

  • by Dan East (318230) on Saturday December 18, 2010 @06:29PM (#34603142) Homepage Journal

    Yes, because only MS is evil enough to consider such a thing. Actually, it sounds like something more up Apple's alley. Regardless, that idea is absurd - any established company would be a stationary target for class action suites over something like this. They certainly aren't that stupid.

    No, people should be far, far more concerned about viruses and malware. Especially considering how Anonymous and their ilk now think they have some sort of political agenda. The US government has done something Anonymous doesn't like? Let's brick every machine with a US IP address. Now that is something to be afraid of. Or those Chinese "patriotic hackers" that hacked their way into Google. Yeah, I'd be a bit concerned about that sort of thing.

  • Re:On-disk data (Score:2, Interesting)

    by Anonymous Coward on Saturday December 18, 2010 @06:52PM (#34603258)

    Intel had this functionality, as part of AT-D. Here's the Intel Technology Journal article (from 2008) describing their "DAR" (Data at Rest) protection technologies, which are fundamentally whole disk encryption with hardware protected keying:

    http://www.intel.com/technology/itj/2008/v12i4/7-paper/6-support.htm

    I recently went to find a chipset which implemented it, but a colleague in Intel said that some of their major ISV's - and I'm going to guess here that their recent acquisition was the primary complainant - protested loudly to Intel. So my contact said that they quietly dropped it.

    The current technologies which sit under the AT-D branding are here:

    http://www.intel.com/technology/anti-theft/

    Like most things Intel, the grand claims are never matched by the actual detail of their implementation.

  • by vakuona (788200) on Saturday December 18, 2010 @07:54PM (#34603656)
    When has Apple _ever_ disabled hardware that it sold to customers. Ever. The Apple that won't even ask for a registration code when installing software on its machines. Apple might do many things, but one of them isn't putting or using hardware kill switches on its machines. Apple wants you to buy their hardware. They don't really care if you don't use their software once you have done that, but you will have made them their money.
  • Re:something missing (Score:5, Interesting)

    by tftp (111690) on Saturday December 18, 2010 @08:08PM (#34603752) Homepage

    this just allows them to put a big sticker on the laptop saying, "if you steal it, it wont work".

    I can achieve this very thing by starting the CPU at 1 MHz clock rate, and until a certain 64-bit response is written into a register (calculated from a 64-bit challenge) the CPU will stay at 1 MHz forever. This will allow you to start the BIOS and enter the necessary code. And once the code is in the CPU switches to a normal clock.

    You can have variations of this method too. For example, the computer powers up at its normal speed, but starts a timer, and if within 10 minutes (or something) the registers aren't programmed correctly then the CPU clock drops, making the computer useless.

    And you can have many ways to "unlock" the CPU. You can have a fingerprint reader or your Windows password doing it for you. You can have a USB device plugged in that has a time-dependent unlock key. You can have a network protocol that checks that the computer is pinging from an approved IP range and then issues the permission to unlock. In all these cases there will be no simple unlock code stored anywhere; Windows password is not readable (only resettable), and external devices can calculate the response based on the challenge. The OS may have the algorithm (which is well known) but lacking the key it would be unable to convert the challenge into the correct response.

    And, by the way, this invention cannot be patented now :-)

  • by fuzzyfuzzyfungus (1223518) on Saturday December 18, 2010 @09:45PM (#34604348) Journal
    They may well have added some 3G-related silicon; but the CPU is very much inside the "shielded to keep the FCC off our backs" compartment of basically all systems. I assume that they simply baked the necessary hooks into their CPU/chipset for the system to interact with the cell modem, even if turned "off" and brick itself if so ordered.

    Architecturally, I'm assuming that this builds on Intel's "Active Management" integrated service processor, which has been featured in mostly corporate models, with gradually increasing capabilities, for some years now.

When you make your mark in the world, watch out for guys with erasers. -- The Wall Street Journal

Working...