A basic covenant of working with computers over the past 20-40 years is that, upon formatting the storage in its entirety, and wiping out NVRAM with a provided jumper, shorting appropriate pins, or depriving battery backup power for a specified period sufficient to drain the NVRAM's settings, that a motherboard could be restored to its 'factory' state in its entirety. Ready to receive new programming.
This concept has come under increasing attack. Many laptops, for example, have serial numbers which are stored to permanent memory, and cannot be over-written with user available tools. There are even techniques which claim to be able to permanently "brick" a computer and inhibit its re-use remotely.
Is this starting to become a problem? Yes, I know, the hardware vendors would love for people to be forced to throw out their devices after they're done using them, instead of wiping them and recycling them. There are certainly legitimate reasons why data on a portable device must be protected and scrambled for permanent irretrievability by an unauthorized physical possessor of the hardware.
But is the industry going too far? By rendering devices completely non-factory-resettable? By denying an honest possessor of a "found" device the ability to re-use or re-purpose the device for their own personal use if they can't manage to return it to its owner?
And what about all the problems in "IT" this might cause in the present/future? If machines can be "bricked" remotely, what's to stop a disgruntled sysadmin from planting a script to do this upon his termination, causing untold damage far worse than just damaging data (which the attacker will almost certainly do as well)?
Kind of interested in your experiences. Because I was reading someone's rant about Ultrabooks this evening and their vPro/AMT features being highly vulnerable to attack. I don't know if the technical details are true, but the author claimed that an attacker could theoretically "permanently" take over a device to such an extent that nothing short of throwing it away would resolve.
This concept has come under increasing attack. Many laptops, for example, have serial numbers which are stored to permanent memory, and cannot be over-written with user available tools. There are even techniques which claim to be able to permanently "brick" a computer and inhibit its re-use remotely.
Is this starting to become a problem? Yes, I know, the hardware vendors would love for people to be forced to throw out their devices after they're done using them, instead of wiping them and recycling them. There are certainly legitimate reasons why data on a portable device must be protected and scrambled for permanent irretrievability by an unauthorized physical possessor of the hardware.
But is the industry going too far? By rendering devices completely non-factory-resettable? By denying an honest possessor of a "found" device the ability to re-use or re-purpose the device for their own personal use if they can't manage to return it to its owner?
And what about all the problems in "IT" this might cause in the present/future? If machines can be "bricked" remotely, what's to stop a disgruntled sysadmin from planting a script to do this upon his termination, causing untold damage far worse than just damaging data (which the attacker will almost certainly do as well)?
Kind of interested in your experiences. Because I was reading someone's rant about Ultrabooks this evening and their vPro/AMT features being highly vulnerable to attack. I don't know if the technical details are true, but the author claimed that an attacker could theoretically "permanently" take over a device to such an extent that nothing short of throwing it away would resolve.
Facebook
Twitter