[maemo-developers] Remotely Nuking a device (was Re: becomeroot once again but with password)

From: Acadia Secure Networks acadiasecurenets at aol.com
Date: Sat Feb 24 18:43:02 EET 2007 
Paul/Marc,

well this is the kind of feature  that Nokia, should put into the base 
product along with a data/file encryption option (kind of like the 
Encrypting File System aka EFS feature in Windows 200/XP Pro/Vista). 
With EFS selected files are automatically encrypted/decrypted by the 
filesystem using keys that are specific to the logged in user.

Maybe the solution is to have a suite of security apps that can be 
optionally enabled to allow the corporate user and his/her sysadmin to 
achieve a higher level of security for the data on these devices. I 
could foresee the following:

       1. Stateful in/out firewall (already discussed on this list)
       2. Remote device disable/wipe
       3. File Encryption
       4. SSL VPN client compatibility.

With respect to item 4 I can even think of one particular supplier's SSL 
VPN concentrator product family to consider here for 
integration/compatibility, the Nokia 50/60/100/500 s:


    http://europe.nokia.com/A4153103

In fact the data sheet even mentions "mobile devices" access.

    "Since deploying laptops to the bulk of
    employees could be cost-prohibitive
    especially in a small business environment,
    Nokia SSL VPN offers support for a wide
    range of remote devices from company
    issued laptops to personal PCs *and
    handheld devices*."


    http://europe.nokia.com/NOKIA_BUSINESS_26/Europe/Products/Security_Products/Nokia_SSL_VPN/Nokia_50s/nokia_sslvpn_50s_datasheet_emea.pdf


Best Regards,

 

John Holmblad

 


marc zonzon wrote:
> On 2/22/07, Paul Klapperich <maemo.org at bobpaul.org> wrote:
>
>> You could setup pubkey authentication on your home ssh server. Then you
>> could add a script to the device such that when it connects it runs
>> something like:
>> ssh -n -R2022:localhost:22
>>
> Good idea, as your ssh is an outbound connection the local firewall
> may accept it. But your command is incomplete, we must have something
> like:
> ssh -n -R2022:localhost:22 myusername at myserver.com sleep 3600
> and you must be sure that the public key of the nokia user is accepted by
> myusername at myserver.com
> It would be helpful to replace sleep by a script that  warn you, then 
> sleep
>
>> Then on your local computer you could "ssh user at localhost -p2022" to 
>> connect
>> into your device whenever it's on the internet, regardless of where it's
>> connected from. You could manually erase the data, something like:
>> for i in /home/user /media/mmc1 /media/mmc2; do
>>   rm -rf $i
>> done
>
> We can do like that but it might be frustrating when you miss the
> connection, or when it is interrupted before you finish, ...
> I think this can only be an add-on to the second option.
>
>> Another trick I've used--actually to update computer labs--is to keep a
>> script on your server, then have the device use scp to copy that 
>> script from
>> the server and run it whenever it connects. In my case, the script was
>> simple. In your case the script would do nothing. To nuke your nokia,
>> replace it with one that erases stuff. This will get it the next time it
>> connects and wouldn't require you find know when the device connects.
>
> That's fine we use the same "download at boot and execute" to keep our
> clients up-to-date. We just need to find how the script can be
> triggered when the tablet connect to internet (must not be difficult,
> but I have not looked upon the tablet networking). Your emergency
> script can of course erase sensible data but also add a startup
> service in /etc/init.d that shutdown the tablet if some special action
> (say use some key) is not triggered. Making the use of the tablet
> impossible except for you  without reflashing.
>
> Better than scp you can download the script from an httpd server using
> netcat, because outbound http connection on port 80 are always open on
> any
> access point your tablet may use.
>
>> Other options would include writing a lot file to your home machine 
>> with the
>> IP connecting from. This could be used to track your device so you 
>> might be
>> able help police recover it. Or you could delete important system 
>> files and
>> your personal data to make the device worthless without a reflash.
>
> Too complicated just mail a message when you connect "I'm connected
> from ip n° xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xxx", if you have
> traceroute you can even traceroute to a known point to help locate the
> device. but I suppose it's of no use, some people complain that the
> police is not even looking for their stolen child, what do you expect
> for your tablet!
>
>
> At this point I'm wondering if it is not an otion to put on our tablet
> (at least when we are on the go), this "shut down if not
> authenticated" service.
> Of course the tablet policy forbid to authenticate as user before
> loging in, because the second part of the boot process is done as
> user. But why not put a simple query that the user must answer during
> the first 5mn of connection? A startup script may popup a window and
> shutdown the device if not answered. If you keep a ssh access to user
> or root you have some emergency solution if ever you forget the
> password.
>
> Marc
> _______________________________________________
> maemo-developers mailing list
> maemo-developers at maemo.org
> https://maemo.org/mailman/listinfo/maemo-developers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.maemo.org/pipermail/maemo-developers/attachments/20070224/e53c577f/attachment.htm
More information about the maemo-developers mailing list