A privacy enabled phone-home for laptops

Topic: 

There are a variety of tools out there to help recover stolen technological devices. They make the devices "phone home" to the security company, and if stolen, this can be used to find the laptop (based on IP traceroutes etc.) and get it back. Some of these tools work hard to hide on the machine, even claiming they will survive low level disk formats. Some reportedly get installed into the BIOS to survive a disk swap.

This has always been interesting to me, but it seems like something that could be used to track you against your will. I don't know how all the different products work inside -- they are deliberately obtuse about some parts of it -- but here's a design for one that you could perhaps trust with your privacy.

  • When setting it up, you would create a passphrase. Write it down somewhere else, as you need it for recovery.
  • Every so often, it will make a DNS request of a magic DNS server. In the request will be embedded a random number, and an encryption of the random number based on the passphrase.
  • Without the passphrase, these requests mean nothing to the tracking company. They don't know who made the request
  • When your device is stolen, you give the tracking company your passphrase
  • When a request comes in, the tracking company checks it using the passphrases of the devices that are currently reported stolen. If it matches, bingo.
  • In a match, return a DNS answer that says, "You're stolen. Do the stuff you should do." That answer is of course also encrypted with the passphrase.
  • At that point, the device can do complex traceroutes, take photos with its built in camera, record audio, you name it.

If there are a lot of stolen laptops in the database, the search could be sped up one of two ways:

  • The random number isn't random, it's the date. The site can then pre-compute all the codes it is likely to get from stolen laptops that day. Changing the date on the computer won't help, as that just means a little more CPU on that particular request.
  • Include an 8 or 9 bit hash of the passphrase + date. That can reduce by a factor of 256 or 512 how many phrases you must try. This identifies you a bit but if the company has lots of customers you are fine.

Note that DNS requests tend to get through just about any firewall other than a firewall deliberately tuned to block sneaky DNS requests.

This system could be integrated into a BIOS or right into an ethernet card. However, since it is the high level OS that does DHCP etc. you need a bit of network layer cheating to do this right. I presume they already do that.

You can also run the DNS server yourself, if you are so inclined. It's not that hard. But this system lets you trust a 3rd party as they learn nothing about you as long as they have lots of customers.

Comments

Hi Brad, the NYT had an article on this not long ago:

http://www.nytimes.com/2008/05/10/nyregion/10laptop.html?_r=1&oref=slogin

"Stolen Laptop Helps Turn Tables on Suspects"

If the link doesn't work for you, let me know and I'll send you the article.

Apparently some of this is built into Mac?

walt

There are a wide variety of systems, as described in this article, for recovery. What I wanted to write about was whether they were designed well so they could not be used to track the legitimate owner, as some of them can be.

Sounds a lot like http://adeona.cs.washington.edu/ in concept, though all such systems (unless buried deeply into the hardware like a mobile phone's IMEI) may be circumvented by a knowledgeable thief.

Yes, this sounds interesting, especially the use of the DHT. The hard part is making sure that it is not possible to track the legitimate owner even through traffic analysis. For example, normally the computer in the legitimate owner's hands will be sending from a normal IP address or two with a bit of roaming. If you can ever connect those, you can start seeing the patterns of the owner's life -- when they are at home, when at work etc. -- even without decrypting any packets.

While I have not fully studied adeona, it seems that if one could get control of the DHT computers, one could notice that packets had come from the user's standard home network, and thus learn they are at home today.

I was torn between two options here. One is the use of DNS requests, because they get through just about any firewall, including the thief's. On the other hand a more secure protocol is a UDP request without a source address in the cleartext. The return address would be in the crypttext and thus the server could only reply if it had the passphrase. However, the downside is that random UDP packets with no source address often won't get through firewalls, and it's very difficult to get requests back through them.

It seems like something that could be used to track you against your will. I don’t know how all the different products work inside

Add new comment