Re: Remotely Nuking a device (was Re: becomeroot once again but with password)
If it were me I'd probably go for a more ruthless option. Handheld tries to download two files from an internet site I control, needn't be my home server. First file replaces the homepage of the browser so the new "owner" gets whatever message I've sent. The second file, if present, replaces the "time bomb". The "time bomb" is a script that gets run automatically if the handheld has been unable to call home for some pre-determined time. That way if someone nicks your handheld and doesn't let it talk to the internet it gets nuked anyway. ___ maemo-developers mailing list maemo-developers@maemo.org https://maemo.org/mailman/listinfo/maemo-developers
Re: Remotely Nuking a device (was Re: becomeroot once again but with password)
On 2/24/07, marc zonzon <[EMAIL PROTECTED]> wrote: On 2/22/07, Paul Klapperich <[EMAIL PROTECTED]> wrote: > You could setup pubkey authentication on your home ssh server. Then you > could add a script to the device such that when it connects it runs > something like: > ssh -n -R2022:localhost:22 > Good idea, as your ssh is an outbound connection the local firewall may accept it. But your command is incomplete, we must have something like: ssh -n -R2022:localhost:22 [EMAIL PROTECTED] sleep 3600 and you must be sure that the public key of the nokia user is accepted by [EMAIL PROTECTED] It would be helpful to replace sleep by a script that warn you, then sleep Yeah, I left it incomplete on purpose ;) I figured someone doing something like this should already know a bit about what they're doing, or read a little man page if not. ;) Then on your local computer you could "ssh [EMAIL PROTECTED] -p2022" to connect > into your device whenever it's on the internet, regardless of where it's > connected from. You could manually erase the data, something like: > for i in /home/user /media/mmc1 /media/mmc2; do > rm -rf $i > done We can do like that but it might be frustrating when you miss the connection, or when it is interrupted before you finish, ... I think this can only be an add-on to the second option. > Another trick I've used--actually to update computer labs--is to keep a > script on your server, then have the device use scp to copy that script from > the server and run it whenever it connects. In my case, the script was > simple. In your case the script would do nothing. To nuke your nokia, > replace it with one that erases stuff. This will get it the next time it > connects and wouldn't require you find know when the device connects. That's fine we use the same "download at boot and execute" to keep our clients up-to-date. We just need to find how the script can be triggered when the tablet connect to internet Since this is debian based, I would expect one could simply place an executable script in /etc/network/if-up.d/ My handheld got left at work this weekend, though, so I can't verify this right now... (must not be difficult, but I have not looked upon the tablet networking). Your emergency script can of course erase sensible data but also add a startup service in /etc/init.d that shutdown the tablet if some special action (say use some key) is not triggered. Making the use of the tablet impossible except for you without reflashing. Better than scp you can download the script from an httpd server using netcat, because outbound http connection on port 80 are always open on any access point your tablet may use. > Other options would include writing a lot file to your home machine with the > IP connecting from. This could be used to track your device so you might be > able help police recover it. Or you could delete important system files and > your personal data to make the device worthless without a reflash. Too complicated just mail a message when you connect "I'm connected from ip n° xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xxx", if you have traceroute you can even traceroute to a known point to help locate the device. but I suppose it's of no use, some people complain that the police is not even looking for their stolen child, what do you expect for your tablet! Good point. I like SSH and SCP because they're secure, but I suppose I don't really care if someone finds my nuke script on my webserver, or notices an e-mail bounce around like you described. I was thinking of something like this, and thus I'd prefer is someone who stole my tablet used it, but without my private data and with some sort of log to help track it down: http://hosted.ap.org/dynamic/stories/T/TECHBIT_ALIENS_LAPTOP?SITE=FLDAY&SECTION=HOME&TEMPLATE=DEFAULT ___ maemo-developers mailing list maemo-developers@maemo.org https://maemo.org/mailman/listinfo/maemo-developers
Re: Remotely Nuking a device (was Re: becomeroot once again but with password)
Paul/Marc, well this is the kind of feature that Nokia, should put into the base product along with a data/file encryption option (kind of like the Encrypting File System aka EFS feature in Windows 200/XP Pro/Vista). With EFS selected files are automatically encrypted/decrypted by the filesystem using keys that are specific to the logged in user. Maybe the solution is to have a suite of security apps that can be optionally enabled to allow the corporate user and his/her sysadmin to achieve a higher level of security for the data on these devices. I could foresee the following: 1. Stateful in/out firewall (already discussed on this list) 2. Remote device disable/wipe 3. File Encryption 4. SSL VPN client compatibility. With respect to item 4 I can even think of one particular supplier's SSL VPN concentrator product family to consider here for integration/compatibility, the Nokia 50/60/100/500 s: http://europe.nokia.com/A4153103 In fact the data sheet even mentions "mobile devices" access. "Since deploying laptops to the bulk of employees could be cost-prohibitive especially in a small business environment, Nokia SSL VPN offers support for a wide range of remote devices from company issued laptops to personal PCs *and handheld devices*." http://europe.nokia.com/NOKIA_BUSINESS_26/Europe/Products/Security_Products/Nokia_SSL_VPN/Nokia_50s/nokia_sslvpn_50s_datasheet_emea.pdf Best Regards, John Holmblad marc zonzon wrote: On 2/22/07, Paul Klapperich <[EMAIL PROTECTED]> wrote: You could setup pubkey authentication on your home ssh server. Then you could add a script to the device such that when it connects it runs something like: ssh -n -R2022:localhost:22 Good idea, as your ssh is an outbound connection the local firewall may accept it. But your command is incomplete, we must have something like: ssh -n -R2022:localhost:22 [EMAIL PROTECTED] sleep 3600 and you must be sure that the public key of the nokia user is accepted by [EMAIL PROTECTED] It would be helpful to replace sleep by a script that warn you, then sleep Then on your local computer you could "ssh [EMAIL PROTECTED] -p2022" to connect into your device whenever it's on the internet, regardless of where it's connected from. You could manually erase the data, something like: for i in /home/user /media/mmc1 /media/mmc2; do rm -rf $i done We can do like that but it might be frustrating when you miss the connection, or when it is interrupted before you finish, ... I think this can only be an add-on to the second option. Another trick I've used--actually to update computer labs--is to keep a script on your server, then have the device use scp to copy that script from the server and run it whenever it connects. In my case, the script was simple. In your case the script would do nothing. To nuke your nokia, replace it with one that erases stuff. This will get it the next time it connects and wouldn't require you find know when the device connects. That's fine we use the same "download at boot and execute" to keep our clients up-to-date. We just need to find how the script can be triggered when the tablet connect to internet (must not be difficult, but I have not looked upon the tablet networking). Your emergency script can of course erase sensible data but also add a startup service in /etc/init.d that shutdown the tablet if some special action (say use some key) is not triggered. Making the use of the tablet impossible except for you without reflashing. Better than scp you can download the script from an httpd server using netcat, because outbound http connection on port 80 are always open on any access point your tablet may use. Other options would include writing a lot file to your home machine with the IP connecting from. This could be used to track your device so you might be able help police recover it. Or you could delete important system files and your personal data to make the device worthless without a reflash. Too complicated just mail a message when you connect "I'm connected from ip n° xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xxx", if you have traceroute you can even traceroute to a known point to help locate the device. but I suppose it's of no use, some people complain that the police is not even looking for their stolen child, what do you expect for your tablet! At this point I'm wondering if it is not an otion to put on our tablet (at least when we are on the go), this "shut down if not authenticated" service. Of course the tablet policy forbid to authenticate as user before loging in, because the second part of the boot process is done as user. But why not put a simple query that the user must answer during the first 5mn of connection? A startup script may popup a window and shutdown the device if not answered. If you keep a ssh access to user or root you have some emergency solution if ever you forget the password. Marc __
Re: Remotely Nuking a device (was Re: becomeroot once again but with password)
On 2/22/07, Paul Klapperich <[EMAIL PROTECTED]> wrote: You could setup pubkey authentication on your home ssh server. Then you could add a script to the device such that when it connects it runs something like: ssh -n -R2022:localhost:22 Good idea, as your ssh is an outbound connection the local firewall may accept it. But your command is incomplete, we must have something like: ssh -n -R2022:localhost:22 [EMAIL PROTECTED] sleep 3600 and you must be sure that the public key of the nokia user is accepted by [EMAIL PROTECTED] It would be helpful to replace sleep by a script that warn you, then sleep Then on your local computer you could "ssh [EMAIL PROTECTED] -p2022" to connect into your device whenever it's on the internet, regardless of where it's connected from. You could manually erase the data, something like: for i in /home/user /media/mmc1 /media/mmc2; do rm -rf $i done We can do like that but it might be frustrating when you miss the connection, or when it is interrupted before you finish, ... I think this can only be an add-on to the second option. Another trick I've used--actually to update computer labs--is to keep a script on your server, then have the device use scp to copy that script from the server and run it whenever it connects. In my case, the script was simple. In your case the script would do nothing. To nuke your nokia, replace it with one that erases stuff. This will get it the next time it connects and wouldn't require you find know when the device connects. That's fine we use the same "download at boot and execute" to keep our clients up-to-date. We just need to find how the script can be triggered when the tablet connect to internet (must not be difficult, but I have not looked upon the tablet networking). Your emergency script can of course erase sensible data but also add a startup service in /etc/init.d that shutdown the tablet if some special action (say use some key) is not triggered. Making the use of the tablet impossible except for you without reflashing. Better than scp you can download the script from an httpd server using netcat, because outbound http connection on port 80 are always open on any access point your tablet may use. Other options would include writing a lot file to your home machine with the IP connecting from. This could be used to track your device so you might be able help police recover it. Or you could delete important system files and your personal data to make the device worthless without a reflash. Too complicated just mail a message when you connect "I'm connected from ip n° xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xxx", if you have traceroute you can even traceroute to a known point to help locate the device. but I suppose it's of no use, some people complain that the police is not even looking for their stolen child, what do you expect for your tablet! At this point I'm wondering if it is not an otion to put on our tablet (at least when we are on the go), this "shut down if not authenticated" service. Of course the tablet policy forbid to authenticate as user before loging in, because the second part of the boot process is done as user. But why not put a simple query that the user must answer during the first 5mn of connection? A startup script may popup a window and shutdown the device if not answered. If you keep a ssh access to user or root you have some emergency solution if ever you forget the password. Marc ___ maemo-developers mailing list maemo-developers@maemo.org https://maemo.org/mailman/listinfo/maemo-developers
Remotely Nuking a device (was Re: becomeroot once again but with password)
On 2/22/07, James Grimwood <[EMAIL PROTECTED]> wrote: A remote-wipe program could be useful. Something that runs on the tablet, connects using some secure method to your computer at home, and then sees if you've logged your device as stolen. If so, it self destructs (either totally messing up the flash, or just enough that it fails to boot and requires reflashing). To avoid accidental destruction you would have to run and authorise the PC side of the system, and do it only when your tablet gets stolen. You could setup pubkey authentication on your home ssh server. Then you could add a script to the device such that when it connects it runs something like: ssh -n -R2022:localhost:22 Then on your local computer you could "ssh [EMAIL PROTECTED] -p2022" to connect into your device whenever it's on the internet, regardless of where it's connected from. You could manually erase the data, something like: for i in /home/user /media/mmc1 /media/mmc2; do rm -rf $i done Another trick I've used--actually to update computer labs--is to keep a script on your server, then have the device use scp to copy that script from the server and run it whenever it connects. In my case, the script was simple. In your case the script would do nothing. To nuke your nokia, replace it with one that erases stuff. This will get it the next time it connects and wouldn't require you find know when the device connects. Other options would include writing a lot file to your home machine with the IP connecting from. This could be used to track your device so you might be able help police recover it. Or you could delete important system files and your personal data to make the device worthless without a reflash. --Paul ___ maemo-developers mailing list maemo-developers@maemo.org https://maemo.org/mailman/listinfo/maemo-developers
