Location-Based Encryption

davidwr writes "Eweek reports Apple co-founder Steve Wozniak has a new way to prevent theft of company secrets on stolen laptops: 'Wozniak offered a peek into his vision for the company on Ziff Davis Media's Security Virtual Tradeshow, where he introduced "wOz Location-Based Encryption," an application that uses GPS tracking within a wireless hub to encrypt and decrypt sensitive data for large businesses.' Today's encryption is good enough but I do like the tracking capability. Imagine your laptop screaming 'I'm being stolen! I'm being stolen!' and paging security as the janitor walks out the door with it."

Not totally secure?

[nmg196]

All GPS devices I've come across simply stream out NMEA data from a serial port (or over a bluetooth connection). What would stop someone that really desperate to get the data from hacking the GPS module or the dongle so they can stream in their own forged (or recorded) NMEA data which reports the laptops current position to be where they stole it from (after all, they should remember)? Usually anything these days that requires a GPS uses a standard GPS module, and at some stage, the position data from it ends up in an interceptable form on the edge interface of some module. Hardly bulletproof security?

Do you keep your laptop solely in the office?

[mpathetiq]

It seems like the real risk would be when you are on-site, traveling, etc. As a consultant, my laptop never leaves my side. I'd hate to have to "check out" every time I left the building. Also, I don't think I would like my employer having the possibility of tracking my every movement. Sure, you could turn off the tracking, but then you've lost the security as well.

Shut Down?

[ZZeta]

Ok, may be I'm missing something, but wouldn't a simple shut down get rid of this 'feature'?

And before you tell me how you can't shut it down without the apropriate password: Unplug / get rid of the battery. If you're stealing the notebook, why would you mind turning it off? After all, there'll be plenty of time back home to retrive the data.

For a laptop?

[31415926535897]

I was always under the impression that laptops were supposed to be mobile (but maybe that's just me)...

It seems like this would be more useful for company systems that have highly proprietary, sensitive data on them that you wouldn't want moving around. I could see a very nice, dual G5 screaming "I'm being stolen" as the janitor carts it out with his supplies (though how it does that without a power source is beyond me, I guess you would need a secondary power source just for this system).

Also, and I'm really not trying to start a flame war here, but first, what's wrong with a janitor having a laptop, and why assume that it's a janitor stealing the laptop? I would guess that it's a disgruntled employee or just-fired employee (that's not properly escorted out) that would pull a stunt like that. And I would think that laptops are stolen from public places like libraries and parks rather and work places where I think a system like this might not be as useful.

Quote from article

[ender1598]

"Throughout the entire process, Wozniak said the encryption key is controlled in a central location through a secure transmission. Because the wOz Platform and the wOzNet network are proprietary, he said it is not open to Wi-Fi spoofing or password sniffing."

proprietary != secure from sniffing

I wonder if it's based on the current wireless encryption or if it's something completely new.

Why must it always be "the janitor"??

[gambit3]

A few years ago, a securtity head-honcho at my company gave a presentation about keeping confidential documents off our desks, because "you never know when the janitors can come in and just swipe it out with them. I know they don't speak Englis, but it doesn't take a lot to swipe stuff off a desk..."

I've had my fair share of stuff stolen, and it's never been a janitor.

Re:Shut Down?

[KiloByte]

Simple. Just have your server ping the laptop every second and launch an alarm if the connection goes down.

Unless you knowingly turn the watchdog off, I can't see a way to work around this that doesn't involve meddling with the server or alarm -- if you use some secure ping like choosing a random number and running some private key cryptographic tool on both ends.

Reliable GPS *INDOORS*???

[rwyoder]

I've been playing with a high-end GPS device recently, and the first thing I learned was that you can forget about getting a reading indoors. So how will this device work when there is no GPS reading in the office???

GPS and Signal.

[jellomizer]

With my experience with GPS. They tend not to get a signal unless you are outside and have a clear view of the sky. When Driving in tunnals, or a road with a thick covarage of trees I tend to loose signal. And I have never got it to work while I was inside my apartment. Most people tend to use Laptops inside buildings and a lot of them are not nessarly near windows or have the window shades open (the heat of an afternoon sun in summer is pritty bad). So for most cases this will not work because they cannot get a GPS signal.

Re:Why must it always be "the janitor"??

[nels_tomlinson]

I've had my fair share of stuff stolen, and it's never been a janitor.

I don't think I've ever had anything stolen at the office. I've been a janitor, too.

If the janitors think they have a soft job with high pay, they aren't going to jeapordize it by stealing a laptop or a paper off your desk.

If they figure that they wouldn't get screwed any worse elsewhere, I guess the situation would be different.

The point here is that the janitors are just like you: if they're feeling screwed, they are a lot more likely to compromise their personal standards when tempted. Bear in mind that your excellent employer may contract janitorial services from a contractor who screws his employees.

GPS does not work indoors

[Anonymous Coward]

Unless you have a veiw of the sky.