Ultrabooks have Intel Anti-Theft tech, yawn

Don't bother bricking the device, the data's encrypted

Don't bother bricking the device, the data's encrypted

Consumer laptops built to Intel's new Ultrabook standard-cum-brand must include Intel Anti-Theft technology. Well, so what?

On the surface Intel AT sounds good. If a laptop is lost or stolen, the data partition on the hard drive can be disabled at the hardware level — essentially bricking it — by sending the laptop what Intel calls a "poison pill".

Or the laptop can be configured so the drive self-bricks if it fails to successfully poll the Intel AT server, indicating that it's been removed from its usual networks.

If the thieves try to install the hard drive into another computer, well, the data is encrypted with keys that are tied to the original laptop. They lose.

This technology was already available to enterprise customers as part of the Intel vPro specification. Now the Ultrabook spec brings it to consumer devices. And consumers are worried about losing their data, right?

OK, sure. But the existence of that encrypted hard drive means the thieves can't access the data on the stolen laptop anyway. Well, not unless they obtain the password.

Their real worry will be whether they had a backup — because the data is where the value lies these days, not in the hardware. That's where Intel AT misses the point.

Hardware does cost money, sure, though commoditisation mean it's becoming cheaper every day. But an anti-theft system needs to stop the hardware being stolen in the first place.

"[Intel AT] only works as a disincentive to theft if all laptops are like that and thieves just stop stealing full stop, or if there's a massive sticker on the front saying 'This is anti-theft enabled. Don't steal it. You won't get anything out of it.' And then they'll just steal it and smash it," said James Turner, information security advisor with IRBS.

"Providing their data is not being compromised by criminals, and they've got a backup of it, at that point they stop caring," he told CSO Online. "This is what insurance is for."

My own experience supporting consumer and SME end users tells me that Intel AT probably won't even get used. Or if it is, the password will be forgotten. Or set to the same password as every device and every account the user owns.

I'm wondering whether consumers will end up being scammed by fake Intel AT portals. The Intel AT servers could themselves become a target. Could hackers break in and send poison pills to thousands of devices at once?

"I think that's a good question, and we have security people who do this for a living, so we are pretty confident," said Rick Kapur, Intel AT's director of marketing, at Friday's Ultrabook launch in Sydney.

But Sony had "security people who do this for a living" too, and look what happened to them.


Join the CSO newsletter!

Error: Please check your email address.

Tags Intel ATencrypted hard drivehackersconsumer laptopsJames TurnerIBRSultrabookintelSony Handycam

More about IntelSony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stilgherrian

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts