Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Portables Cellphones Hardware

Lenovo Service Disables Laptops With a Text Message 257

narramissic writes "Lenovo plans to announce on Tuesday a service that allows users to remotely disable a PC by sending a text message. A user can send the command from a specified cell phone number — each ThinkPad can be paired with up to 10 cell phones — to kill a PC. The software will be available free from Lenovo's Web site. It will also be available on certain ThinkPad notebooks equipped with mobile broadband starting in the first half of 2009. 'You steal my PC and ... if I can deliver a signal to that PC that turns it off, hey, I'm good now,' said Stacy Cannady, product manager of security at Lenovo. 'The limitation here is that you have to have a WAN card in the PC and you must be paying a data plan for it,' Cannady added."
This discussion has been archived. No new comments can be posted.

Lenovo Service Disables Laptops With a Text Message

Comments Filter:
  • Frist psot? (Score:5, Funny)

    by h4x354x0r ( 1367733 ) on Tuesday November 25, 2008 @08:12AM (#25884773)
    From a stolen lapt
  • Interesting (Score:4, Funny)

    by Anonymous Coward on Tuesday November 25, 2008 @08:12AM (#25884775)
    Pretty interesting security feature but not if your buddies get a hold of your cell phone.
    • Re: (Score:3, Informative)

      by sgbett ( 739519 )

      I think you need to find different friends

    • Re:Interesting (Score:4, Informative)

      by chrb ( 1083577 ) on Tuesday November 25, 2008 @08:23AM (#25884913)

      Hardly. You can regain access to the laptop just by typing in a recovery password.

      • Or there's this "format the hard drive" thing and recover the data after a quick format (incredibly easy). Bios password locks are just as easy to bypass.

        Really, this does nothing but enable you to be screwed if someone figures out the number.

        I don't think the recovery is the issue here.

        • Re:Interesting (Score:4, Informative)

          by LandDolphin ( 1202876 ) on Tuesday November 25, 2008 @10:21AM (#25886299)
          IF the person who stole your laptop knows their way around a computer, sure. But the average person still is barely capable of navigating MySpace. If they press the power button, and it does not log on, it is going to be useless to them.
          • Agreed :)

          • Re: (Score:3, Interesting)

            by kill -9 $$ ( 131324 )

            And then like any good thief they'll go and throw out or use your laptop for target practice. I think laptop LoJack for Laptop would probably be a better service if they're going through the trouble of putting a WAN card in and what not.

            They must have something like that already, right?

      • Not if the sms actually tells the laptop to release the bottle of acid located on top of the hard drive :)
        • by SanityInAnarchy ( 655584 ) <ninja@slaphack.com> on Tuesday November 25, 2008 @10:31AM (#25886441) Journal

          Acid?

          Real Men use Thermite [hackaday.com].

          Bonus: If the thief is holding it in their lap at the time, they have been REMOVED from the gene pool.

          • Re: (Score:3, Interesting)

            I saw that when hackaday originally wrote it up and was curiously intrigued, let's put it that way. Their setup seems to be lit off by hand rather than remotely. (It just says they used sparklers to light it.) It'd be nice if it were A: automated, so it could be triggered by a remote alarm system, and B: pretty foolproof. Were I to do this, one thing I'd consider is using an external hard drive, or at least a bank of relays on the power to the system, that cut out when the thermite dumps, so you wouldn'

            • Re: (Score:3, Insightful)

              by feronti ( 413011 )

              An Estes igniter probably couldn't do it unless you dipped it in extra pyrogen. A Daveyfire electric match, on the other hand would probably be able to do it, though... they're used to ignite AP composite motors in high power rockets. Or, you could use the exhaust from a small (say a D or an E) AP motor... it has the benefit of lasting a lot longer than the match would, and doesn't need a LEP to get a hold of (Daveyfires are also used to ignite pyrotechnic displays, and other low-explosives, so IIRC, you ne

    • Re:Interesting (Score:4, Insightful)

      by theaveng ( 1243528 ) on Tuesday November 25, 2008 @08:37AM (#25885037)

      Even if they don't, this gives a false sense of security.

      "if I can deliver a signal to that PC that turns it off, hey, I'm good now." Um, no, you're not. The thief can remove the hard drive and connect it to another PC to read its content.

      • Re:Interesting (Score:5, Informative)

        by RMH101 ( 636144 ) on Tuesday November 25, 2008 @08:44AM (#25885099)
        Not if you're using the built-in hardware encryption, it can't.
        And IBM are not going to give anyone a recovery password without proof of ownership.
        • Re: (Score:3, Interesting)

          by efuzed ( 540985 )
          Not IBM; Lenovo, and will the Chinese government be able to now stop noisy bloggers better?
        • by neoform ( 551705 )

          If you're using hardware encryption.. you don't need useless features like this.

          • Re: (Score:2, Informative)

            it is precisely because you are using disk encryption that you need a feature like this to complement it. Disk encryption only works to lock people out when you need to boot. That means if a computer is on because you entered the password at boot time, disk encryption doesn't do anything to protect your data. By forcing it to shutdown using text message, you just made sure others cannot start it without knowing your pass phrase.

        • Re: (Score:3, Interesting)

          IBM are not going to give anyone a recovery password without proof of ownership.

          And even if they did, it wouldn't do the thief much good, as these laptops are sold and supported by Lenovo, not IBM.

      • Re: (Score:2, Troll)

        Comment removed based on user account deletion
        • phone theft has become almost non-existant here simply because you can lock out your phone an hour after it's stolen and you need some high end equipment to unlock them again.

        • Re: (Score:3, Insightful)

          by redxxx ( 1194349 )

          This is not about data protection. It is about making the device unusable. Just like you can block your phone when it is stolen.

          It will not stop thiefs of stealing your device. It will not protect your data. As far as I read it does not even claim to do that.

          So, all the talk about how this forces the drive encryption to activate by requiring a shutdown rather than a suspend/hibernate wasn't about protecting data?

          from TFA:

          Since hard disk drive encryption will not work properly if the PC is running or in hibernation mode, this disable feature ensures that the data is secure by shutting the machine down and allowing the hard disk drive encryption to work. If and when the ThinkPad laptop is recovered, the user can restore the notebook, its settings and the data contained on the PC by entering a password.

          So, there is nothing about protecting the data? Carry on.

  • Useless (Score:2, Insightful)

    by mentaldingo ( 967181 )

    Things a thief can still do:

    • Jammers
    • Reflash the BIOS
    • Remove the GSM chip
    • Or if they're after your data, open it up and take out the HDD

    Honestly, this is completely useless against even a moderately sophisticated thief.

    • Re: (Score:2, Insightful)

      by sgbett ( 739519 )

      Depends what you mean by useless.

      Having been in this position, the thing that bother me is not the material loss of the laptop (though It would be nice to know they stole junk) but the data contained on it. So long as your drive is encrypted, then this thing is a bonus

      • Re: (Score:3, Funny)

        Comment removed based on user account deletion
      • I realize I'm the most jaded guy on /. but do you honestly believe the average laptop thief cares about your data ?

        These aren't corporate spies, these are half-brained teenagers and/or urban trash who probably run home, hook it up to the internet and hit MySpace to tell all their peeps about their "new" laptop.

        Hanlon said it best: "Never attribute to malice that which can be adequately explained by stupidity."

    • Re:Useless (Score:5, Interesting)

      by chrb ( 1083577 ) on Tuesday November 25, 2008 @08:20AM (#25884883)

      The vast majority of thieves aren't even going to realise that this service is enabled. They certainly won't be deploying GPS jammers or reflashing the BIOS or opening the laptop up. And TFA article mentions that the whole point is to protect data by allowing users to shutdown access to an encrypted HDD that might still be open.

    • Re:Useless (Score:5, Insightful)

      by Lumpy ( 12016 ) on Tuesday November 25, 2008 @08:29AM (#25884953) Homepage

      Thieves typically dont have the IQ to do any of that. When I was robbed, we nailed the thief not only from the video cameras that he looked right at to give us a awesome face shot, but he stole my daughters cellphone. He left it on all the time reporting his position. The cops had his ass in less than 24 hours.

      Honestly thieves barely know how to use a screwdriver outside of prying a door or window with it. You seriously think one would do the delicate task of opening a laptop or flashing the bios? That's plain old funny.

      • Re:Useless (Score:5, Insightful)

        by Thelasko ( 1196535 ) on Tuesday November 25, 2008 @09:15AM (#25885443) Journal

        Thieves typically dont have the IQ to do any of that.

        Remember, there are two kinds of thieves. There are amateurs and there are pros.

        Amateurs are desperate people, usually because of an addiction of some sort, who steal whenever an opportunity presents itself. They see a car with an unlocked door, or an open window and they act. These people are the most common type of thieves, and will be caught with this technology.

        Professionals steal things for a living. They are very calculated and know all of the security measures people use, and how to avoid them. This technology will not stop a professional. In fact, nothing will stop a professional. Professionals are why you buy insurance.

        Fortunately, there aren't many professional thieves. When you think about it, it's very difficult to become a professional thief. This is because a pro cannot be desperate. They need to have time to study their target and come up with a plan of attack. This requires a person with a certain personality, that doesn't steal out of last resort, but steals for some other reason. There aren't many people like this in the world, and most of them are caught before they become very good at stealing.

        My favorite piece of information about stopping thieves can be found here. [hulu.com] (Warning, link contains flash video)

        • That video link doesn't work outside of the United States. Do you have another?

        • The main thing to remember is in most news stories about stolen laptops, they contain highly sensitive data, are left on trains/buses etc and are not encrypted at all .... this would not help

          For the security conscious who have already encrypted their harddrive, always lock their PC and do not leave it lying around, this is an extra layer of security if it gets stolen...

        • They need to have time to study their target and come up with a plan of attack.

          Time means living expenses. That means a job, unless you're independently wealthy.

          This means that to try once and fail, and then be able to try again, you have to:

          - not be identified in your first attempt; or
          - escape the force of law [including extradition laws]
          - do the jail time

          Escaping the force of law probably makes it untenable to have a job, so that one is only available to people who are independently wealthy. Doing the time means the rate of professional theft gets lowered by a huge bit.

          Not succeed

        • This technology will not stop a professional. In fact, nothing will stop a professional.

          Professional? Who pray tell defines a professional thief?

          Is there a guild? A union?

          Have you ever met one in person and he showed you his business card?

          And then... If such a person was so intelligent and so skilled, would he be so interested to go after your laptop for a few paltry hundred dollars? He's going after bulk shipments or valuables worth thousands. If he is smart, he is going after something that is worth his j

      • by Sinbios ( 852437 )
        You think thieves are stupid because only the stupid ones get caught.
        • Re:Useless (Score:5, Funny)

          by Kent Recal ( 714863 ) on Tuesday November 25, 2008 @09:44AM (#25885801)

          Exactly. Smart thieves perform a thorough risk/reward calculation and a lot of planning before they go for target. They are near impossible to catch.

          I, for one, regularly steal rolls of toilet paper from work.
          I'll never get caught because I put a lot of forethought into each coup and perfectionized my strategy over years. I only lift one roll at a time so it doesn't get noticed and so I can at any time pretend to be just carrying it around because I need to "clean my desk or something". Plus, I always drop the roll into my bag while sitting at my desk and without looking down. Eyes must be focussed on screen, innocent facial expression - nobody would ever notice from a distance that I'm performing a felony under the table in just that moment!

          Bare the occassional accident (when I miss the bag and have to crawl under the table to recover the loot) I think I can safely claim that the perfect crime is possible and I have mastered it.

    • Seems like it would be easier to just take out the mobile broadband card.
    • by elrous0 ( 869638 ) *
      Yeah, but the important thing is that the cell modem providers are making money, which was no doubt the intention of this whole security plan all along.
  • How exactly are they disabling the laptop? It can't be something superficial but with the amount of time a program has to work it probably has to be superficial to work. Will a program have enough time to do anything more then clear the cmos or erase the drive mbr? Even if it's a hardware disable the whole thing becomes parts worthy and the data on the hard drive essentially remains in it's entirety.

    • Re: (Score:3, Informative)

      by chrb ( 1083577 )

      The shutdown is supposed to be utilised with hard disk encryption - the whole point is that your data is better protected. The disabling is carried out by the BIOS; presumably it checks the disable bit before booting the OS and allows the legal user to enter a recovery password.

  • it would NEVER make sense to part out their new brick into say a cheap display, harddisk, dvd drive, ram, cpu, etc. on ebay.
    • Re: (Score:2, Insightful)

      by crimperman ( 225941 )

      what makes you think they wouldn't just put the dead laptop itself on eBay? They claim it is "recently untested but worked a while ago" and some sucker buys it. I mean we're not talking about honest people here are we?

  • I've got a pretty good idea what that message would likely be. Or at least the general sentiments expressed (hopefully on the screen) right before its tiny heart goes pfft.

  • Hmmm (Score:4, Insightful)

    by TheSpoom ( 715771 ) * <slashdot@ubermAA ... inus threevowels> on Tuesday November 25, 2008 @08:15AM (#25884815) Homepage Journal

    My normal Slashdot cynicism wants to find a problem with this technology, but I can't so far, other than that a smart thief would just make sure to remove the WAN card and flash the BIOS (possibly with a new serial number or the remote disable, uh, disabled).

    You win this time, Lenovo. *shakes fist*

  • Re: (Score:2, Interesting)

    Comment removed based on user account deletion
    • Re:Implementation? (Score:5, Informative)

      by chrb ( 1083577 ) on Tuesday November 25, 2008 @08:29AM (#25884957)

      It looks like the disable is handled in the BIOS, so either the GPS hardware is capable of receiving SMS texts while the laptop is hibernating, or the text is received when the BIOS boots up. Either way, you just have to send one text - your cell network provider will store and forward it to the receiver, it's just a regular text.

      • by duguk ( 589689 )
        Good point, though most text messages expire after two weeks (configurable on most phones), and there is Delivery Reports* if the message failed to be sent.

        Presumably though, the message is sent through Lenovo and they deal with this sort of delaying problem.

        * (If your operator supports them, if not try *0# at the beginning of your message, no space required. This works on UK O2 at least)
  • Meh... (Score:5, Funny)

    by Lurker2288 ( 995635 ) on Tuesday November 25, 2008 @08:17AM (#25884853)
    This would excite me more if I could send a remote command that would detonate a small brick of C4 in the laptop. Why disable the computer when you can disable the thief?
    • Re: (Score:2, Insightful)

      by mentaldingo ( 967181 )
      You could always mod your laptop to generate a spark when the kill signal is received. Then all you need to do is pack it with C4.
      • Re:Meh... (Score:5, Funny)

        by couchslug ( 175151 ) on Tuesday November 25, 2008 @09:14AM (#25885435)

        "You could always mod your laptop to generate a spark when the kill signal is received. Then all you need to do is pack it with C4."

        So much for being allowed to carry lappies on airliners, thank you very much! :)

    • by Kjella ( 173770 )

      I think someone has thought of the same basic concept before [bash.org]. Personally I wouldn't want to have a bomb ready to go off at any time on my lap, the C4 is relatively stable but the detonator really isn't and would have to be in place. A spark, a battery on fire and boom goes you. The collateral damage could be pretty nasty too, even if the charge is small. If you want the James Bond solution, I'd go with poisonous darts on the front, open it up and you get a nasty surprise. That way you can carry an antidote

  • by overshoot ( 39700 ) on Tuesday November 25, 2008 @08:19AM (#25884877)
    that the thief doesn't reimage the thing first off.

    It's like the "LoJack for Laptops" that they'll sell you -- strictly part of the installed Microsoft setup.

  • Hmm (Score:3, Insightful)

    by saintm ( 142527 ) on Tuesday November 25, 2008 @08:23AM (#25884909)

    'You steal my PC and ... if I can deliver a signal to that PC that turns it off, hey, I'm good now,'

    Apart from not having a laptop or your data anymore.

    I'm not sure that can be described as being 'good'.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      "I'm not sure that can be described as being 'good'."

      No, you're right, instead of shutting down the laptop, Lenovo should have put in telescopic legs with wheels on the bottom so that it could make its way home to its rightful owner.

      • (The phone rings.)
        Frink: Lab.
        Homer's Message: Greetings, friend. Do you wish to look as happy as me?...
        Frink: Why it's the AT-5000 Auto-Dialer! My very first patent. Aw, would you listen to the gibberish they've got you saying, it's sad and alarming. You were designed to alert schoolchildren about snow days and such! Well, let's get you home to Frinky. Hope your wheels still work, bw-hey.
        (Frink dials a code into the phone, and the AT-5000 grows legs with wheels and attempts to escape.)
        Homer: Oh no, you don

  • I would pay for the version that explodes with maximum anti-personnel affect.

    Bizarre that Lenovo is considering this instead of an el-cheapo GPS phone-home device.
  • Wait, What? (Score:5, Insightful)

    by meist3r ( 1061628 ) on Tuesday November 25, 2008 @08:37AM (#25885033)
    So you're telling me there will be a GSM module in the laptop that is constantly connecting to my network to wait for such a kill signal? Like say, a tracing bug? I know it'll be a pain for the thief but what about me? What a craptacular idea. Having my laptop become my personal GSM tracking device. Where have I been? Wait lets ask my "anti theft"-device.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      So you're telling me there will be a GSM module in the laptop that is constantly connecting to my network to wait for such a kill signal? Like say, a tracing bug?

      Better put on your tinfoil hat - here's something you don't know: the cellular network knows where devices on the cellular network are and which cellular towers the devices are talking to. That is how the cellular network knows to send your phone calls to your phone.

      Also, it's not your network - it's the cellphone company's network.

      Having my laptop

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      I am sure that if the government wanted to track you, they would use your cell phone which is on GSM/CDMA network nearly-100% of the time, or iPhone which has the added flexibility of GPS. If you are the type of person to care about you being tracked here or there, than don't purchase a Lenovo laptop with this feature.

      However what all the tin-foil crowd seems to forget is one fact: No one cares about 99.999% of you to date you, much less follow your every movement. Especially a Chinese laptop manufacturer

    • So you're telling me there will be a GSM module in the laptop that is constantly connecting to my network to wait for such a kill signal? Like say, a tracing bug? I know it'll be a pain for the thief but what about me? What a craptacular idea.

      Yes, because this kind of enterprise-level hardware management feature is targeted at you, the loner Slashdot basement dweller...

    • by Anonymous Coward

      You say... like a cellphone?

  • Seems to be some kind of revenge system.
    "hey you stole my laptop, so now I've made it useless"
    This doesn't prevent theft and because it's not likely to be the default behaviour of the laptop it doesn't even discourage theft.

    • by Aladrin ( 926209 )

      Exactly. For it to be effective, it would have to be foolproof, and the crook would have to -know- it would happen before he considered stealing it.

      The first is impossible. Since the first is impossible, the second would tell the thief exactly what he needed to do to steal the laptop successfully.

      Ugh.

    • Re: (Score:3, Informative)

      by schnikies79 ( 788746 )

      It's not meant to discourage theft, it's meant to protect your data.

      If the HDD is encrypted, you can lock the thief out.

    • Re: (Score:2, Interesting)

      by Aphoxema ( 1088507 ) *

      Yeah, malice towards the 'thief' really pisses me off. I can understand businesses wanting to protect their private information (which they can accomplish with encryption), but this idea of "If I can't have it then no one can" is just ridiculous.

      I've had things stolen from me, nice expensive things, but my reaction was never once anger, never feeling I need to chase down the thief and kick their asses. It was, "Oh well, tough shit, life goes on and I hope they do something meaningful with what they took."

      A

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        I have to disagree with you on this point. Nothing, I repeat, nothing, pisses me off more than a thief. 90% of the time they no have no interest in what they stole, they just want money for it.

        If I can catch you, I will beat your ass. You have a duty to protect your property.

        • 90% of the time? And how exactly do you collect these statistics?

          Just because that thing gets ripped off and sold to someone else, someone somewhere might make good use of it. It might just be someone's child they wanted to get a decent present for their birthday and for all they knew that the person they bought it from had never stolen it.

          It's a waste, trying to catch the thief is one thing, destroying it so it's no good for anyone is just plain selfish and it proves who the real monster is.

      • So I guess you have a large amount of disposable income? Other people are angry when their stuff is stolen because they aren't running charities for people committing crimes against them.
  • The network card is not the only thing that is wrong with this, the fact that you now turned off the machine, states the machine will not turn back on...to give you a location of where it is.
    Someone will open it up...change the network card with another...or just add a usb one...and there you go...problem solved.

  • I can see the funny hacks on this where some numbnut starts sending the disable code to everyone's laptop in the room. Sounds cute but ain't practical. Track it? Practical. Disable it? Limited use.
  • by hellion0 ( 1414989 ) on Tuesday November 25, 2008 @08:49AM (#25885163)

    This feature doesn't seem to be aimed at stopping blackhats or organized criminals, two of the more "intelligent" varieties. No, this thing is meant to royally screw Joe Crackhead.

    The feature doesn't appear as if it's ever going to stop a sophisticated high-tech criminal, naturally. Nor does this seem the intent. Identity thieves and data miners don't even need possession of the laptop, so no good there. Even then, the new feature is easily defeated. Organized criminals tend to know what they're doing as well, and any safety measure can be defeated by competence and planning. Still, they're both rare enough.

    No, this sounds perfect for the two-bit junkie, the most common of criminals. Brick the laptop, especially remotely, and suddenly it's worthless for him to offload for his fix.

  • Perfect. (Score:5, Funny)

    by GWLlosa ( 800011 ) on Tuesday November 25, 2008 @09:01AM (#25885291)
    This is exactly what we need in terms of laptop security. To you nay-sayers out there spinning doom and gloom scenarios about friends pranking your laptop with text messages, I can only assume that there is some secret passcode that you must send as part of the text-message to disable the machine. In fact, it should be convoluted, and hard to remember. Fortunately, as the proud owner of a brand-new Lenovo laptop, you can keep information like that stored right on the laptop, which you take everywhere.
    • Re: (Score:2, Insightful)

      This is a decent idea in theory as a simple theft deterrent, but it makes me ask two questions:

      • Does this allow my laptop tracked in any way? Probably if you know what you're doing.
      • Can this connection do anything besides receiving a kill command? I'm skeptical.

      Another question you have to ask is how fast and how completely word will spread about this feature on Lenovo laptops. That's what its success depends on. If a potential thief doesn't know about the feature and steals your laptop, he's not going t

  • DIY (Score:5, Interesting)

    by wytcld ( 179112 ) on Tuesday November 25, 2008 @09:13AM (#25885413) Homepage

    How about setting up a simple script that periodically polls a remote site - say a web page under your control? If it can't reach it, or it reaches it and gets a default response, no action's taken. If on the other hand the page returns an innocuous looking kill code, a small program is run that disables the BIOS? On the server side, you'd be mailed the IP your stolen laptop connected from, which might give you some location info.

  • I hope they are not using caller-id to "pair" the devices... Actually, that might be kinda fun :)
  • Even better (Score:5, Funny)

    by horza ( 87255 ) on Tuesday November 25, 2008 @09:16AM (#25885449) Homepage

    Why not install Windows Vista, iTunes and the game Spore. That way you don't even need to send an SMS, just wait until code is activated progressively making the computer useless.

    Phillip.

  • Devils advocate. (Score:3, Insightful)

    by cemaco ( 665884 ) on Tuesday November 25, 2008 @09:52AM (#25885919)

    Any time you provide a tool like this, it has the potentiall to be used against the owner as well, especially if someone else with access to the equipment understands the tool better than the owner does.

    I can see several scenarios, some more plausible than others where another party might be inclined to use it to lock the owner out of access to his own data.

    Yes if the other party has access to the machine, they can always cripple it by other means but the beauty of this is that it can be used even after that party apparently no longer has access.

  • That SMS text messages are completely unforgeable and also ultra ultra reliable in delivery. I am sure that the thief will also be so kind as to send a reply back to let you know it was received correctly so you will know it was not garbled or dropped in transit. And nobody would ever dream of hacking or moding a cell phone for spoofing, or even think of installing software on your phone would they? That kind of thing just could never happen these days. </sarcasm>

    Seriously, perhaps next time you get

  • by SMS_Design ( 879582 ) on Tuesday November 25, 2008 @01:13PM (#25888909)
    Sprint offers a similar service with some of their WAN cards. The difference is that the Sprint card acts as a key to full-drive crypto. No card, no data. If the card is remotely disabled, no data. Really seems like a great way to lock down your laptops containing sensitive info.

If I want your opinion, I'll ask you to fill out the necessary form.

Working...