[OLPC Security] Grey Markets: differentiation of legitimately purchased laptops
Mike C. Fletcher
mcfletch at vrplumber.com
Mon Oct 15 21:09:54 EDT 2007
Carl-Daniel Hailfinger wrote:
> [side note: I did not receive the messages from C. Scott Ananian or
> Ka-Ping Yee via the list. Any change someone can bounce them to the list?
> Mike: Your Reply-To header may have had undesired effects on some of the
> people replying to you.]
Seems standard, not sure what I would change to make it more
desirable... please advise off-list...
> Besides that, if someone is willing to invest about one hour of work,
> first boot activation probably can be circumvented.
I gather this would be accomplished by opening the machine and using a
chip programmer to flash the EEPROM? It's been suggested as a vector of
attack. I would tend to agree that it's doable, not likely a threat
from disorganised attackers, but could become one with organised attacks
AFAICS. All by itself the barrier probably isn't enough to dissuade a
determined group, but with other effects it should at least introduce a
bit of a deterrent.
>> The potential existence of signed images which allow for unlocking any
>> laptop (proposed for the country-level repair centres) means that with a
>> simple leak of those images, any stolen laptop becomes entirely
>> untraceable and thus valuable. With that leak, a simple insertion of a
>> USB key makes any laptop resalable. Even without those images, the leak
>> of a country's signing key would have the same effect. Organised crime
>> could, without much difficulty, acquire country-level keys, if doing so
>> would open up millions of dollars in salable goods.
> Back in fall 2006, someone (Ivan?) said this will not happen.
> I do agree with you, however.
It's possible that there is some mechanism I'm not aware of which
perfectly prevents all such leakage, but I'd be suspicious that any
organised group with sufficient motive couldn't subvert someone with
access to the key(s). As you mention, chip reprogramming could also be
done to get around that particular defense.
If you mean there will be no "signature removal" image available, that's
quite possible (and likely desirable). I seem to recall the idea being
brought up on one of the lists in the last few days, but being countered
with the idea of signed images that could accomplish one particular
thing needed in the repair depots.
> I looked at pricing for reasonably large hologram stickers with unique
> serial numbers and they are in the cent range, so I don't see big
> problems putting them on donor laptops.
Hologram stickers are produced en-masse by organised pirates throughout
the world. The idea of having the colours on the lid be the
differentiator means that the pirates have to sand down the plastic and
replace it with similar plastic without damaging the plastic itself.
Effort there is close to producing a new case (which would also be
doable for a determined pirating effort, but would likely only be
reasonable if the theft was far more widespread than seems likely). As
mentioned, making the "accent colour" (green) a different colour is
probably the best approach, but we're almost certainly too far along to
have that happen.
Merely painting over the plastic would tend to make it noticeably
"altered", though I suppose there may be paints which could simulate the
gloss of the plastic properly, which might suggest that using "white"
would be a good colour (to make such painting harder to hide due to
colour "shining through").
Mike C. Fletcher
Designer, VR Plumber, Coder
More information about the Security