Identi.ca
Christopher Allan Webber

Hijacking your laptop

Christopher Allan Webber at

In @John Sullivan's talk on free hardware at SeaGL, I was alarmed to hear him say that current thinkpads beyond the X60 are non-endorsable because of hardware called "Intel AMT" that allows for remote shutdown/hard drive wipe/etc of laptops, even when the device is merely plugged in and powered off. That seemed crazy... how had I not known about this? I knew about UEFI stuff, but heck... apparently it even has a webadmin available even when the computer is sleeping. The FSF covered this but I had been unaware.

I stepped into my BIOS to see if I could disable it... I found Intel Anti-Theft Technology in the BIOS, with the options (enabled, disabled, permanently disabled), as well as "computrace" (which said something about sending info to a third party) with the options (enabled, disabled, permanently disabled). Both of these were on.

The phrase "computrace", and there being a third party collecting it, had me particularly alarmed, so I did what I always do and put the term into Wikipedia, which automatically redirected for some reason to LoJack with a now non-existant for-laptops section. Interesting phrase there:

The LoJack Stolen Vehicle Recovery System is an aftermarket vehicle tracking system that allows vehicles to be tracked by police, with the aim of recovering them in case of theft.

Well, that's not alarming or anything, right?

Sure enough, Computrace and LoJack point to the same company.

I disabled both of these things in my BIOS, but is it really disabled? I feel like I can't trust that that's true.

Sure, like everything, you could say "this technology could be useful if it were in users' hands", and that's true. But the way that this is set up right now is not at all in user's hands, and it seems that the default is to set up laptops for remote tracking / rootability.

Feeling totally helpless, I dumped 25 bucks to the FSF because at least they are covering the issue.

Go check your BIOS. And hey, uh... are any of those X60 machines with Coreboot left?

Andrew Manning, Milan Zamazal, cmhobbs, Douglas Perkins and 8 others likes this.

Guichu, Alexandre Oliva, Douglas Perkins, johns and 8 others shared this.

Show all 10 replies

@Charles Stanhope That's a good idea, I don't know. I'm not really sure what kind of information is being sent across the wire.

It might be an interesting experiment for someone to do a network packet dump in their household where they have various devices off, or on but with no known network activity applications running, and seeing if any packets are running across the wire, what, and to where.

It might be most valuable to do that at a layer between the router and whatever modem is being used, as a dumb network dump.

I'd be very interested in the result of such an analsyis.

Christopher Allan Webber at 2014-11-10T23:07:57Z

Douglas Perkins likes this.

Chris, the stock at Gluglug seems to come and go but eBay and Craigslist and such are also options. Libreboot can be installed onto various devices regardless of where it was purchased.

Jason Self at 2014-11-10T23:22:07Z

X11R5, johns, Christopher Allan Webber likes this.

I like that installing Libreboot causes the machine to lose compatibility with Windows, since it doesn't provide the usual BIOS services that it needs to boot.

Jason Self at 2014-11-10T23:31:20Z

dvn, Luke, Elena ``of Valhalla'', cmhobbs and 4 others likes this.

>> Jason Self:

“I like that installing Libreboot causes the machine to lose compatibility with Windows”


Nice feature! =)

JanKusanagi @identi.ca at 2014-11-10T23:47:47Z

Matt Molyneaux, Luke likes this.