Forgot your password?
typodupeerror
Intel Security Hardware

Intel's Sandy Bridge Processor Has a Kill Switch 399

Posted by timothy
from the no-mr-chip-I-expect-you-to-die dept.
An anonymous reader writes "Intel's new Sandy Bridge processors have a new feature that the chip giant is calling Anti-Theft 3.0. The processor can be disabled even if the computer has no Internet connection or isn't even turned on, over a 3G network. With Intel anti-theft technology built into Sandy Bridge, David Allen, director of distribution sales at Intel North America, said that users have the option to set up their processor so that if their computer is lost or stolen, it can be shut down remotely."
This discussion has been archived. No new comments can be posted.

Intel's Sandy Bridge Processor Has a Kill Switch

Comments Filter:
  • by Serious Callers Only (1022605) on Saturday December 18, 2010 @06:55PM (#34602862)

    What could possibly go wrong.

  • something missing (Score:3, Insightful)

    by Anonymous Coward on Saturday December 18, 2010 @06:57PM (#34602876)

    is there an on switch?

    • Doubtful there would be an "on" switch. Nobody realistically expects to get a computer back, this just allows them to put a big sticker on the laptop saying, "if you steal it, it wont work". Thieves wont care.
      • Re:something missing (Score:5, Interesting)

        by tftp (111690) on Saturday December 18, 2010 @09:08PM (#34603752) Homepage

        this just allows them to put a big sticker on the laptop saying, "if you steal it, it wont work".

        I can achieve this very thing by starting the CPU at 1 MHz clock rate, and until a certain 64-bit response is written into a register (calculated from a 64-bit challenge) the CPU will stay at 1 MHz forever. This will allow you to start the BIOS and enter the necessary code. And once the code is in the CPU switches to a normal clock.

        You can have variations of this method too. For example, the computer powers up at its normal speed, but starts a timer, and if within 10 minutes (or something) the registers aren't programmed correctly then the CPU clock drops, making the computer useless.

        And you can have many ways to "unlock" the CPU. You can have a fingerprint reader or your Windows password doing it for you. You can have a USB device plugged in that has a time-dependent unlock key. You can have a network protocol that checks that the computer is pinging from an approved IP range and then issues the permission to unlock. In all these cases there will be no simple unlock code stored anywhere; Windows password is not readable (only resettable), and external devices can calculate the response based on the challenge. The OS may have the algorithm (which is well known) but lacking the key it would be unable to convert the challenge into the correct response.

        And, by the way, this invention cannot be patented now :-)

  • On-disk data (Score:5, Interesting)

    by grantek (979387) on Saturday December 18, 2010 @06:57PM (#34602880)

    Cue rampant predictions of abuse, but I wonder if it can be combined with an on-chip encryption key to make full-disk encryption more effective (if complete control is given to the user)

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Intel had this functionality, as part of AT-D. Here's the Intel Technology Journal article (from 2008) describing their "DAR" (Data at Rest) protection technologies, which are fundamentally whole disk encryption with hardware protected keying:

      http://www.intel.com/technology/itj/2008/v12i4/7-paper/6-support.htm

      I recently went to find a chipset which implemented it, but a colleague in Intel said that some of their major ISV's - and I'm going to guess here that their recent acquisition was the primary complai

  • That's good.... for hackers!
  • It's not paranoia! (Score:5, Insightful)

    by breakzoidbeg (1260428) on Saturday December 18, 2010 @06:58PM (#34602890)
    Knowing right out of the gate that some one else COULD have access to this kill feature is unnerving at best.
    • From Intel technical paper: "If you use only Fair and Balanced (tm) data sources and your condom never brake, there is nothing in this feature to worry about."
  • by mrsteveman1 (1010381) on Saturday December 18, 2010 @06:59PM (#34602900)

    Why does this have to be IN the processor? Intel needs to calm down with the paranoid shit and just make processors.

  • by Anonymous Coward

    An AMD proccesor.

    • by ceeam (39911)

      Too early. Both AMD and Intel are at the end of their cycles this Christmas. Which is sad, of course, as people would be buying soon-to-be-obsolete computers without realizing that.

      • Re: (Score:2, Informative)

        All computers are obsolete.

        • The word everyone is looking for would be obsolescent. Just because a newer processor comes out, it doesn't mean that the old ones stop working en masse.

          The statement isn't even true, however. Not as long as the older gear is still useful and the inconvenience of replacement outweighs the advantages.

  • As if...! (Score:5, Insightful)

    by Burnhard (1031106) on Saturday December 18, 2010 @07:01PM (#34602908)
    Is it me or is this one of the dumbest ideas ever to come out of Intel?
    • by Mysteray (713473)

      It's not you.

    • by gukin (14148)

      No, the dumbest idea coming out of Intel was to give exclusive licensing to Rambus for all future processors, no wait, it was the P-4, no, wait it was . . .

      Never mind, you're right.

      • by JamesP (688957)

        you kids...

        The dumbest idea EVER from Intel was segmented memory space for 8086

        THAT set computing back in the PC world YEARS
        THAT is why G3/G4 (ok, the G4) processors run circles around the PC
        THAT's why we were stuck with Windows blue screens until the 2000's

        AND Intel processors still don't calculate sines/cosines properly.

  • by edfardos (863920) on Saturday December 18, 2010 @07:01PM (#34602910)
    Killing the cpu just means they have to transfer the drive to a new laptop in order to steal all your information? That's one whole extra step! That's innovation. --edfardos
  • by LWolenczak (10527) <julia@evilcow.org> on Saturday December 18, 2010 @07:02PM (#34602922) Homepage Journal

    Anyone else getting the vibe that since this thing will have a 3g connection on the backend, that it can be misused by others(governments) to track and remotely control/access your device. Geeeeeeeeee. This does not sound like a good idea... Well unless your the TSA.

    • Re: (Score:2, Informative)

      by HungryHobo (1314109)

      pretty much every phone has similar systems.
      phones can be turned on remotely, have components turned on and even place a call at the behest of whoever has the right keys.

      unless you physically take out the battery your phone could be transmitting everything you say already.
      http://news.cnet.com/2100-1029_3-6140191.html [cnet.com]

      of course it will be misused eventually but such tech isn't new, it's been around for years.

      • by dabadab (126782) on Saturday December 18, 2010 @08:39PM (#34603542)

        Please stop repeating this stupid myth - I mean, you could have at least read the article you have linked. While it was clearly written by technically uneducated journalist, you should have realized that the article discusses two, entirely different techniques:
        1. The roving bug thing: in this case the cell phone's electronics is not used at all (with the probable exception of the battery): a conventional bug is simply hidden in the phone's housing.
        2. The remotely activated microphone: it requires some application that runs in the background unnoticed (and, of course, it functions only if the phone is switched on), so it requires a smartphone or perhaps some wicked CMDA feature.

        • This is public knowledge since 2006:

          The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations.

          The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him.

          Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia.

          http://news.com.com/FBI+taps+cell+phone+mic+as+eavesdropping+tool/2100-1029_3-6140191.html [com.com]

          Cellular carriers will remotely update the firmware of a smartphone by government request in order to turn your apparently inactive phone into an active microphone.

  • by Guysdrinkingbeer (207045) on Saturday December 18, 2010 @07:03PM (#34602924)

    I was looking forward to this CPU. Now, I am really going to research this. This may flip me back to AMD. I didn't like when Intel did the tracking on the PIII and the sound of this makes me just as uncomfortable.

  • by russotto (537200) on Saturday December 18, 2010 @07:04PM (#34602938) Journal

    Want to shut down the opposition's operations? Just disable their computers.

    Do. Not. Want.

  • Viruses will be written to detect anti-virus code coming in and trip the kill switch as punishment for trying to remove the virus.

    • by imroy (755)
      Or... a botnet could register the CPU code(s) with a database somewhere and disable the CPU(s) if that node hasn't been seen for a few days. Have a few cases gain public attention, soon the selfish and stupid hoards will be reluctant to get their misbehaving computer seen to by a repair person.
  • by RichMan (8097) on Saturday December 18, 2010 @07:15PM (#34603030)

    This to me says it will push foreign governments to non-intel machines. Can't risk the US government getting control of something like this.
    Or any other power for that matter. No government or military would really want this on their systems. They might think they want it to "stop theft" but the consequences of someone else getting control are way to much.

    • ...about protecting the consumer from computer theft, they would target the HD and RAM (where data is held). "Security RAM" that instantly self-erases when it is disturbed could be a beneficial feature for some.

      Instead, the only significant thing Intel's new feature does is give the US government a channel for denying powerful CPUs to its enemies during a conflict.

  • This seems likely to support leased computers--miss a payment, your processor gets switched off.

    Just like buy-here/pay-here car "dealers", with a remote vehicle disabler. ...and as others have said, DO NOT WANT.

  • HD != CPU (Score:4, Informative)

    by Twinbee (767046) on Saturday December 18, 2010 @07:18PM (#34603058) Homepage
    What a pity all the important information is stored on the HD, not the CPU.
    • by LuxMaker (996734)
      Yes but through the CPU given the proper commands it may be theoretically possible to access the HD over a 3G connection.
    • by Oriumpor (446718)

      Yeah, not like you can read the information off the registers or anything.... or snoop L1/L2 cache if it's that tightly integrated....

  • by reemul (1554) on Saturday December 18, 2010 @07:19PM (#34603064)

    Wow. More than 30 comments already and no-one has brought up Microsoft killing the cpu if it thinks your copy of the OS is pirated. Must be a slow day. ;)

    • by Dan East (318230) on Saturday December 18, 2010 @07:29PM (#34603142) Homepage Journal

      Yes, because only MS is evil enough to consider such a thing. Actually, it sounds like something more up Apple's alley. Regardless, that idea is absurd - any established company would be a stationary target for class action suites over something like this. They certainly aren't that stupid.

      No, people should be far, far more concerned about viruses and malware. Especially considering how Anonymous and their ilk now think they have some sort of political agenda. The US government has done something Anonymous doesn't like? Let's brick every machine with a US IP address. Now that is something to be afraid of. Or those Chinese "patriotic hackers" that hacked their way into Google. Yeah, I'd be a bit concerned about that sort of thing.

      • by vakuona (788200) on Saturday December 18, 2010 @08:54PM (#34603656)
        When has Apple _ever_ disabled hardware that it sold to customers. Ever. The Apple that won't even ask for a registration code when installing software on its machines. Apple might do many things, but one of them isn't putting or using hardware kill switches on its machines. Apple wants you to buy their hardware. They don't really care if you don't use their software once you have done that, but you will have made them their money.
      • Yes, because only MS is evil enough to consider such a thing. Actually, it sounds like something more up Apple's alley.

        Except Microsoft already has tried things like this. Do people forget these things so easily? Try changing the hardware in your computer, and you may need to call Microsoft to get your OS re-enabled.

        As far as I can tell this is just a GPIO line that tells the processor to become disabled. Its existence doesn't matter at all; what matters is how the OEMs wire it.

      • Yes, because only MS is evil enough to consider such a thing. Actually, it sounds like something more up Apple's alley.

        So, I'm not really a fanboy either way, but just to point out a fact:

        Windows 7 requires that you enter a 20 digit alphanumeric key, then runs you through the whole WGA thing, which has in the past had false positives which (to give them credit) don't actually make your computer unusable, but do reduce the functionality.

        To contrast, do you know what you have to do to validate an install of OS X (or before that, Finder)? Not a damn thing. Install it and go.

  • by FunPika (1551249) on Saturday December 18, 2010 @07:20PM (#34603070) Journal
    ...Until some hacker finds a security flaw in the system used to send the kill signals, and goes on a rampage disabling as many computers as they can (which fate will ensure will be the vast majority that have been sold with these processors at the least, and after thousands/millions of them have been sold and are in average users' desktops/laptops). Que a shitload of inconvenienced customers and tech support guys wanting to blow their brains out from all the calls they will be getting.
  • I don't work for Intel, so I don't know exactly how they do this. But I don't think this is all the processor (it won't work without a 3G radio for one, so at least some of this capability rests in the mainboard), and how much is the firmware.

    My guess is when you boot the machine, the processor runs the BIOS/EFI, and when initializing the 3G radio it sees if there is a flag. If so, the system shuts down. If it does this before even looking for an OS or starting up the display, you'd never know it even tr

  • Next up: anyone, inside of government or not, who accesses or downloads anything from WikiLeaks will have their computer remotely fried. Who needs a warrant to search and seize when ya got 3G?

  • So you can brick the processor? So I can replace the processor.
  • How about GPS so we could, y'know, get the computer back?

  • by bug1 (96678) on Saturday December 18, 2010 @07:24PM (#34603114)

    1. Sell CPU.
    2. Break it remotely.
    3. Goto step 1.

  • Looks like it's time to buy stock in AMD (actually, that time was May of 2008....)

    I don't want to pay for "features" like this.

  • Serious question, who else will have access to the datacenter that issues these kill commands?

    I think we all know, everything else aside, some hacker out there would LOVE to claim credit for disabling thousands of computers, costing intel a fortune in replacement fees.

    • by Mysteray (713473)

      Right. So is Intel now in the business of deciding who gets shut off, like Amazon and DynDns? Or will they hand out kill switch codes to the top 250 computer manufacturers? Will they have a legal team on call 24/7 to ensure that kill switch requests meet even the minimum legal criteria? Will they argue on your behalf, or will they just go with whoever pays the most money? Will there be any prior notice and will you be able to appeal a kill switch order on your CPU? Will Intel do any better than YouTube at

  • What is needed is a remote means of wiping or at least making unusable data stored on hard drive or mass storage media. In the case of SDD, the technology should be obviously transferable. In the case of hard drives, perhaps an encryption key can be stored in a non-volatile RAM area and then erased on remote command to disable the data on the drive.

    Disabling the processor will only hurt crack-heads. On the other hand, disabling or erasing data remotely will give businesses and government a chance to prev

  • There's no security benefit to the consumer, and the types of customers who'd really be interested in security features are business buyers - meaning the purchaser is going to be at least a marginally-IT-aware person who'll grok this (since business purchases aren't generally handled by the end user).

    • I'd hope that this was a spring board to more positive benefits for consumers of Intel products, especially businesses with big data centers.

      It would be a good way to get past the financial crunch times, a derivative of the kill switch is a license switch. IE phoning to power up a few more processors in my grid, then phoning again power them down them in a few weeks.
      Would really be easier to do the licensing than now. I'd have a bill for it and could make cases justify the IT costs.

      A second case that is be

  • Tin-Foil Laptop Sleeves are down Aisle 7.
  • by msauve (701917) on Saturday December 18, 2010 @07:35PM (#34603184)
    since it doesn't explain how this works [intel.com], or what's it's really all about.

    It doesn't permanently disable the processor, you can revive it if you know the password. To do a kill over 3G, you send an encrypted SMS, and the laptop obviously needs 3G capability and the OS needs to be running.
    • So what you're saying is that there's not actually a remote kill switch that disables the processor, that it's a business feature that helps companies lock down stolen hardware, and that TFA and TFS got it completely and utterly wrong?

      Yep. It's a normal day at Slashdot.

  • There was another article today about a "honeypot new release" too see how foolishly the news media would react to a story linking cell towers to fertility. Now there is a idiotic story about CPU that can be shut down by a G3 cell network even though it isn't connected to the Internet. Why would supposedly technical people believe that a CPU could be made to self destruct even though it has no cell phone, let alone believe that Intel would do it. How do you think that magic signal is going to get inside a c

  • In other news, AMD is now hiring thousands of hackers with 3G cellular experience. For what purpose, nobody knows.

  • Works without an internet connection, even while the device is turned off.

    Spooky action at a distance? [wikipedia.org]
  • TFA sort of implies this "feature" will be optional and users will be able to "set it up" if they want to. I surely hope so, because otherwise this could be a huge deal-breaker for me.
  • MCF

    or, Mail and Catch Fire. on smtp magic matches, the cpu will execute the HCF [wikipedia.org] instruction at elevated priority.

  • by Dutchmaan (442553) on Saturday December 18, 2010 @11:45PM (#34604604) Homepage
    I don't believe this anti-theft crap for one second. You know what this is.. it's a kill switch for the **AA's to hold over your head. Mark my words this is not for YOUR security, it's security for your corporation/government.

In order to dial out, it is necessary to broaden one's dimension.

Working...