Intel's Sandy Bridge Processor Has a Kill Switch 399
An anonymous reader writes "Intel's new Sandy Bridge processors have a new feature that the chip giant is calling Anti-Theft 3.0. The processor can be disabled even if the computer has no Internet connection or isn't even turned on, over a 3G network. With Intel anti-theft technology built into Sandy Bridge, David Allen, director of distribution sales at Intel North America, said that users have the option to set up their processor so that if their computer is lost or stolen, it can be shut down remotely."
On-disk data (Score:5, Interesting)
Cue rampant predictions of abuse, but I wonder if it can be combined with an on-chip encryption key to make full-disk encryption more effective (if complete control is given to the user)
Re:A global remote kill switch in our computers (Score:5, Interesting)
I'm sure the virus writers are rubbing their hands with glee waiting to get their hands on one of these chips.
Actually, Kill-switch based malware is much less valuable in reality than other types of hacks. If this were a server processor, I could see the value in an enhanced remote server-kill. Because these are basic home-use processors though, remote kill viruses probably won't get much farther than proof-of-concept.
Botnets are much more lucrative in the malware world - processor uptime is much more valuable than processor downtime.
Re:A global remote kill switch in our computers (Score:5, Interesting)
I don't know what Intel is putting into those chips, but I am highly doubtful it is the way the article states it.
Chip real estate is expensive. So Intel is going to put a complete 3G module on the CPU and use it only for this feature? And to top it off, it has some kinda of separate battery, cause you know, it works when the chip is off? Nonsense.
This is probably some feature that gets build into the AMT support of some chipsets, maybe on Laptops that have a 3G connection already.But the way they are describing this? I call BS on that.
Intel new 3 step buisness plan (Score:4, Interesting)
1. Sell CPU.
2. Break it remotely.
3. Goto step 1.
Re:What? No conspiracy theories? (Score:5, Interesting)
Yes, because only MS is evil enough to consider such a thing. Actually, it sounds like something more up Apple's alley. Regardless, that idea is absurd - any established company would be a stationary target for class action suites over something like this. They certainly aren't that stupid.
No, people should be far, far more concerned about viruses and malware. Especially considering how Anonymous and their ilk now think they have some sort of political agenda. The US government has done something Anonymous doesn't like? Let's brick every machine with a US IP address. Now that is something to be afraid of. Or those Chinese "patriotic hackers" that hacked their way into Google. Yeah, I'd be a bit concerned about that sort of thing.
Re:On-disk data (Score:2, Interesting)
Intel had this functionality, as part of AT-D. Here's the Intel Technology Journal article (from 2008) describing their "DAR" (Data at Rest) protection technologies, which are fundamentally whole disk encryption with hardware protected keying:
http://www.intel.com/technology/itj/2008/v12i4/7-paper/6-support.htm
I recently went to find a chipset which implemented it, but a colleague in Intel said that some of their major ISV's - and I'm going to guess here that their recent acquisition was the primary complainant - protested loudly to Intel. So my contact said that they quietly dropped it.
The current technologies which sit under the AT-D branding are here:
http://www.intel.com/technology/anti-theft/
Like most things Intel, the grand claims are never matched by the actual detail of their implementation.
Re:What? No conspiracy theories? (Score:4, Interesting)
Re:something missing (Score:5, Interesting)
this just allows them to put a big sticker on the laptop saying, "if you steal it, it wont work".
I can achieve this very thing by starting the CPU at 1 MHz clock rate, and until a certain 64-bit response is written into a register (calculated from a 64-bit challenge) the CPU will stay at 1 MHz forever. This will allow you to start the BIOS and enter the necessary code. And once the code is in the CPU switches to a normal clock.
You can have variations of this method too. For example, the computer powers up at its normal speed, but starts a timer, and if within 10 minutes (or something) the registers aren't programmed correctly then the CPU clock drops, making the computer useless.
And you can have many ways to "unlock" the CPU. You can have a fingerprint reader or your Windows password doing it for you. You can have a USB device plugged in that has a time-dependent unlock key. You can have a network protocol that checks that the computer is pinging from an approved IP range and then issues the permission to unlock. In all these cases there will be no simple unlock code stored anywhere; Windows password is not readable (only resettable), and external devices can calculate the response based on the challenge. The OS may have the algorithm (which is well known) but lacking the key it would be unable to convert the challenge into the correct response.
And, by the way, this invention cannot be patented now :-)
Re:A global remote kill switch in our computers (Score:5, Interesting)
Architecturally, I'm assuming that this builds on Intel's "Active Management" integrated service processor, which has been featured in mostly corporate models, with gradually increasing capabilities, for some years now.