Thread: Any interest in a lojack-like app for Maemo?
View Single Post
kernelpanic is offline kernelpanic
2008-06-02 , 19:31
Posts: 179 | Thanked: 90 times | Joined on Dec 2007
#27
Originally Posted by Benson View Post
kernelpanic...

Great plan; I think you're dead on about the user signing with private-key and the tablet having public-key; but I'm not sure why the server needs to authenticate? If the server is pushing messages signed with the right private-key (and hence, valid messages from the owner), isn't that good enough? Not that it hurts; just wondering why...
2 reasons-
1. web of trust- The user public keys can be signed by the server. Adding another barrier to unauthorized remote code execution.
2. Encryption- Data sent to the server can be encrypted (in case on wanted to retrieve important documents prior to wiping them remotely.
I'd be inclined to have arbitrary execution (as user user) through the daemon; that leaves you with the ability to wipe files, etc. at your own discretion. Also, you can then make the tablet (if you pre-equipped it with the right tools...) ssh out to your desktop, giving you a shell into your tablet when it's connected. The ability to manually fiddle around, diagnosing his network, firing up GPS and/or camera when desired (because intelligence >> heuristics), and so on, is highly valuable, imho. Streaming video and selecting which snapshot to take (and send through to the official server, for evidence purposes), you get the idea. (I won't even mention cracking all the machines on his home network, finding one with an old PCI modem still installed, and dialing out to your cell so you can get his phone number, or anything else like that.)
Some kind of port-knocking handshake to set-up ssh into the stolen tablet would be great. I really like the feature ideas everyone is coming up with. Most of them would be trivial to add to a working app. I've actually started coding the daemon. But first I'm trying to ensure that any implementation I come up with is secure. (There's too many insecure implementations of secure algorithms out there already esp. on Debian)

BTW does anyone know if osso-gnupg includes gpgme?

I can't be the first one who thought, upon reading "It should also try to connect aggressively to any unencrypted Internet connection it can to phone home and ignore normal WLAN connection settings also on a schedule
You obviously can't put that in an official release.
I think I can actually. Is this any different than the 'Automatically Connect to non-preferred Networks' setting in windows XP? That setting causes XP to automatically connect to any unencrypted WLAN it finds. the sauce that suits the goose...

The Computer Fraud and Abuse Act states that it's illegal to access protected (i.e. encrypted) networks/systems. There ARE States with more restrictive laws including(but certainly not limited to)- Texas, Michigan, Florida, Illinois, Washington, and Alaska.

For example in Texas it's illegal to access ANY network without permission.

I'll likely do exactly as Bill Gates and put in the option in but leave it 'off' by default. I'll also add a popup that warns the user to check the applicable laws in their Country/State/Whatever... (Note- Windows doesn't do that even though one could get into lot's of hot water unintentionally in the States listed above. And Microsoft is based in one of those states!!?)
But if the owner can run arbitrary code, that's their decision to add whatever level of zeal to their autoconfig they are willing to risk.

But if the daemon's open-source, people will add such functionality anyway, so it seems like it should be included.
Putting SSH access in seems like enough to me. Then the owner can do whatever they want. But THEY have to do it. Having the app automatically do questionable or illegal things is not my goal.

Also, open-sourcing is to allow scrutiny of the security model to prevent abuse. I'll likely also have some kind of signature on the binary that users actually install on-tablet. So that way, at least if someone subverts the daemon, they can't then use the main server for their nastiness... (In Fact- Make that reason #3 for the server to have a key also.)

cheers,
kernelpanic
Last edited by kernelpanic; 2008-06-02 at 19:34. Reason: spelling