Lenovo Service Disables Laptops With a Text Message

narramissic writes "Lenovo plans to announce on Tuesday a service that allows users to remotely disable a PC by sending a text message. A user can send the command from a specified cell phone number — each ThinkPad can be paired with up to 10 cell phones — to kill a PC. The software will be available free from Lenovo's Web site. It will also be available on certain ThinkPad notebooks equipped with mobile broadband starting in the first half of 2009. 'You steal my PC and ... if I can deliver a signal to that PC that turns it off, hey, I'm good now,' said Stacy Cannady, product manager of security at Lenovo. 'The limitation here is that you have to have a WAN card in the PC and you must be paying a data plan for it,' Cannady added."

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Useless

[chrb]

The vast majority of thieves aren't even going to realise that this service is enabled. They certainly won't be deploying GPS jammers or reflashing the BIOS or opening the laptop up. And TFA article mentions that the whole point is to protect data by allowing users to shutdown access to an encrypted HDD that might still be open.

Don't disable it, track it!

[Anonymous Coward]

This is stupid, disabling the device will only cause either physical attempts to remove the protections (bad for the hardware if done improperly) or disposing of the laptop in the first dumpster. The owner gets nothing.

I think the best idea is to start tracking the laptop. Send out GPS coordinates, send out IP addresses, send out _fingerprints_, take screen shots, etc.

Re:Interesting

[efuzed]

Not IBM; Lenovo, and will the Chinese government be able to now stop noisy bloggers better?

Nice DoS attack vector

[Anonymous Coward]

So, as long as I know your cellphone number, I can remotely disable your laptop. Nice!

(n.b. it's easy to send a text message with a forged number as the sender, it's part of the message, comparable to the 'from' header in an email)

Re:Wait, What?

[Anonymous Coward]

So you're telling me there will be a GSM module in the laptop that is constantly connecting to my network to wait for such a kill signal? Like say, a tracing bug?

Better put on your tinfoil hat - here's something you don't know: the cellular network knows where devices on the cellular network are and which cellular towers the devices are talking to. That is how the cellular network knows to send your phone calls to your phone.

Also, it's not your network - it's the cellphone company's network.

Having my laptop become my personal GSM tracking device. Where have I been? Wait lets ask my "anti theft"-device.

There is a big difference between a GSM device and a GPS device. The laptop doesn't know where it is, the cellular network knows where the laptop is.

And most people already have a tracking device - it's called a cell phone. Many cell phone companies already offer a tracking service for parents/employers to see where the phones are.

DIY

[wytcld]

How about setting up a simple script that periodically polls a remote site - say a web page under your control? If it can't reach it, or it reaches it and gets a default response, no action's taken. If on the other hand the page returns an innocuous looking kill code, a small program is run that disables the BIOS? On the server side, you'd be mailed the IP your stolen laptop connected from, which might give you some location info.

Use the Accelerometer

[Anonymous Coward]

While of course this won't stop everyone stealing laptops out there, it might help in conjunction with the other antitheft devices like Kensington locks (but they are easily broken), and the alarm software that uses the accelerometer (http://www.musatcha.com/software/LaptopTheftPrevention/)

Re:some kind of revenge system.

[Aphoxema]

Yeah, malice towards the 'thief' really pisses me off. I can understand businesses wanting to protect their private information (which they can accomplish with encryption), but this idea of "If I can't have it then no one can" is just ridiculous.

I've had things stolen from me, nice expensive things, but my reaction was never once anger, never feeling I need to chase down the thief and kick their asses. It was, "Oh well, tough shit, life goes on and I hope they do something meaningful with what they took."

A waste of any resource is a crime against humanity.

Re:some kind of revenge system.

[Anonymous Coward]

I have to disagree with you on this point. Nothing, I repeat, nothing, pisses me off more than a thief. 90% of the time they no have no interest in what they stole, they just want money for it.

If I can catch you, I will beat your ass. You have a duty to protect your property.

Re:Don't disable it, track it!

[zymurgyboy]

I think the best idea is to start tracking the laptop. Send out GPS coordinates, send out IP addresses, send out _fingerprints_, take screen shots, etc.

If it has a webcam, add mugshot. Compare the image on a local mugshot database, get some likely culprits and their last known address. Then maybe automate the search warrant, police report, and insurance claims process and you've got a real solution. Of course, the search warrant part is now optional, I believe.

Re:Interesting

[poot_rootbeer]

IBM are not going to give anyone a recovery password without proof of ownership.

And even if they did, it wouldn't do the thief much good, as these laptops are sold and supported by Lenovo, not IBM.

Computrace?

[Anonymous Coward]

so it's just a really elaborate, DIY version of computrace?

What's the benefit? I work for a university in the IT department, and we've been able to recover several stolen laptops using computrace, including one that some dumbass stole from the ROTC.

Re:Interesting

[smellsofbikes]

I saw that when hackaday originally wrote it up and was curiously intrigued, let's put it that way. Their setup seems to be lit off by hand rather than remotely. (It just says they used sparklers to light it.) It'd be nice if it were A: automated, so it could be triggered by a remote alarm system, and B: pretty foolproof. Were I to do this, one thing I'd consider is using an external hard drive, or at least a bank of relays on the power to the system, that cut out when the thermite dumps, so you wouldn't have live power in the midst of a metal-based fire.

I wonder if an electrical igniter for model rocket engines could start a sparkler on fire... Hm. Tomorrow's a holiday and I have some time to experiment.

Sprints doing something similar.

[SMS_Design]

Sprint offers a similar service with some of their WAN cards. The difference is that the Sprint card acts as a key to full-drive crypto. No card, no data. If the card is remotely disabled, no data. Really seems like a great way to lock down your laptops containing sensitive info.

Re:Interesting

[kill -9 $$]

And then like any good thief they'll go and throw out or use your laptop for target practice. I think laptop LoJack for Laptop would probably be a better service if they're going through the trouble of putting a WAN card in and what not.

They must have something like that already, right?

Re:Interesting

[Mozk]

But the average person still is barely capable of navigating MySpace.

Is anybody capable of navigating MySpace? I have never seen such a crudely designed website in my life. Perhaps it has gotten slightly easier to use over the past year, but only by adding a metric fuckton (approx. 4481.099526 avoirdupois lb) of unnecessary JavaScript. Honestly, I'm not trying to troll here. The code looks like a bunch of people decided "Hey, your team develop half the site in Dreamweaver, and we'll do half in FrontPage" and threw the result together.