AU Government To Build "Unhackable" Netbooks 501
bennyboy64 writes "In what may be one of the largest roll-outs yet of Microsoft's new Windows 7 Operating System, Australia's Federal Government decided to give 240,000 Lenovo IdeaPad S10e netbooks to Year 9-12 students. Officials are calling them 'unhackable.' iTnews reports that the laptops come armed with an enterprise version of the Windows 7 OS, Microsoft Office, the Adobe CS4 creative suite, Apple iTunes, and content geared specifically to students. New South Wales Department of Education CIO Stephen Wilson said that schools were 'the most hostile environment you can roll computers into.' While the netbooks are loaded with many hundreds of dollars worth of software, 2GB of RAM, and a 6-hour battery, the cost to the NSW Department of Education is under $435 (US) a unit. Wilson praised Windows' new OS: 'There was no way we could do any of this on XP,' he said. 'Windows 7 nailed it for us.' At the physical layer, each netbook is password-protected and embedded with tracking software that is embedded at the BIOS level of the machine. If a netbook were to be stolen or sold, the Department of Education is able to remotely disable the device over the network. Each netbook is also fitted with a passive RFID chip which will enable the netbooks to be identified 'even if they were dropped in a bathtub.' The Department of Education also uses the AppLocker functionality within Windows 7 to dictate which applications can be installed."
Sure... (Score:5, Insightful)
I long for the day... (Score:5, Insightful)
...when Slashdot news beginning with "Australian Government" won't necessarily end with a rephrasing of "shows off its technological naivety".
MS must have given a great (Score:5, Insightful)
The PR reads like pure MS marketing slop with a cute upgrade hint.
Get me one of these and find out how long it lasts (Score:5, Insightful)
"Tracking software embedded at the BIOS level"? Last I checked, those "tracking schemes" just force-fed Windows some driver/app at the BIOS level. Install any other OS and it becomes useless (not to mention that BIOSes these days aren't even hard to hack). As for the RFID, I don't see how disassembling it and taking it out is rocket science. Nevermind that the students themselves are going to be owning any kind of app installation protection in the blink of an eye.
Sorry, using software to secure a platform against its physical holder has never worked for long, but even just trying to do it on an insecure platform like an x86 PC is beyond useless. None of this is has even a remote chance of working without the heaviest-handed TPM-on-CPU-die functionality and signing of each and every piece of software, but that has no chance of working because no one would want such a platform, it would be painful and expensive to develop, and it could never exist given the buggy and insecure nature of PC software in general.
Video game consoles with strong hardware security and tightly controlled software environments with little interoperability requirements get cracked all the time to run homebrew and/or pirate games, what makes these people think their little netbook won't be?
For what it's worth, Linux vs. Windows here makes little difference. The entire scheme is doomed to fail from the start due to the nature of a PC solution like this. Sounds like Microsoft just sold these guys a bunch of nonexistent security.
Unhackable like the Australian Porn Filter? (Score:5, Insightful)
Re:Someone is gonna open it. (Score:3, Insightful)
Comment removed (Score:5, Insightful)
Re:I dont understand ... (Score:5, Insightful)
I dont understand why this would be considered unhackable. Exploits have already been released for windowed 7.
It is quite simple: Microsoft said that it was unhackable, so as far as the idiot politicians were concerned it must be true.
What grates with me is that the Australian Federal Government is spending money training kids to use MS s/ware - something that will stay with them for the rest of their lives. The MS marketing department must be overjoyed.
What education should be about is understanding, if you just train someone in one version of s/ware many just adopt a point and click approach with little understanding of what they are doing. You need different sorts of s/ware to make them think. Schools should use a mixture of: MS, Mac & Linux PCs.
so let me get this straight (Score:5, Insightful)
While the netbooks are loaded with many hundreds of dollars worth of software, 2GB of RAM, and a 6-hour battery, the cost to the NSW Department of Education is under $435 (US) a unit.
The netbooks have hundreds of dollars of software loaded and still only cost $435 a unit. So the cost of the unit is being subsidized and the department is hailing this as some big leap forward in cost of ownership? And some of the big changes are related to the BIOS.
Already, the department has noted the loss or damage of just six netbooks out of the 20,000 rolled out since August - and have tracked one teacher using their device on a field trip in New Zealand.
Yeah, really cool that the school can track and potentially monitor everyone using one of these devices, even if the machine is not physically turned on via the RFID tags. Now there's a big win.
DET also uses the AppLocker functionality within Windows 7 to dictate which applications can be installed on the device.
Even better. Add McAfee filtering to control content and MSFT's own antivirus technology...add up what all that would cost in a real world enterprise. Just the software costs alone would dwarf the cost of the device.
I look at the cost of the device, the software and all the centralized control and think, "Or just install Linux and get 95% of that functionality right out of gate." And the 5% you don't get is the spying and monitoring part. What lesson is the school teaching here?
This is certainly a win for someone, but I'm not sure it's the students and teachers.
Why? (Score:5, Insightful)
Re:Sure, some will be hacked, (Score:3, Insightful)
From Lenovo? (Score:5, Insightful)
If I recall, China's People's Liberation Army is part-owner of Lenovo.
Exactly why do the Aussies thing there won't be back doors built into the hardware or BIOS?
Re:I dont understand ... (Score:5, Insightful)
What education should be about is understanding, if you just train someone in one version of s/ware many just adopt a point and click approach with little understanding of what they are doing. You need different sorts of s/ware to make them think. Schools should use a mixture of: MS, Mac & Linux PCs.
You seem to have severely misunderstood the purpose of these machines.
Re:Why? (Score:4, Insightful)
Re:Unhackable Windows (Score:3, Insightful)
To run a live CD of Linux... wouldn't the BIOS have to be set to boot from CD-ROM? The locked BIOS?
So, now you're cracking the case open, and disconnecting the (possibly soldered) battery and hoping the BIOS resets to factory defaults that haven't been set to include the lockouts.
Or, pull out the hard drive, plug it into another machine and do what you will - which might not do a lot of good if they've got the processor set to run signed code only.
I'd try pulling the hard drive and cloning it then playing with the copy until I found out the limits of what I could do.
Comment removed (Score:5, Insightful)
Comment removed (Score:3, Insightful)
Re:I dont understand ... (Score:3, Insightful)
What education should be about is understanding, if you just train someone in one version of s/ware many just adopt a point and click approach with little understanding of what they are doing. You need different sorts of s/ware to make them think. Schools should use a mixture of: MS, Mac & Linux PCs.
I think it's a little more subtle than that. 90% of the kids using these things will go on to be standard users in life, treating computers as one tool among many. Have you seen how regular users treat computers? Most of them are uncomfortable using a new app without formal training -- even today's twentysomethings. Even on a Mac (yes, I'm a Mac guy).
What concerns me more are the other 10%, who will become power users, sysadmins, and developers. If all they know is MS and their pitifully low standards for stability, security, and usability, I am scared of the outcome for the next generation of software; not for the 0.1% of brilliant developers whom you can't keep down, but for the rest who grind out code in obscurity producing internal-use-only enterprise apps and vertical markets apps.
I think of a kid in my son's Boy Scout troop who had no idea that "SQL" had a broader meaning than a Microsoft product named "SQL Server". He's a brilliant kid and will go far, but he needed to have his horizons broadened quite a bit. I don't fault him -- rather, I fault those who mentored him and didn't show him the alternatives.
--Paul
Titanic Syndrome (Score:5, Insightful)
It's analogous to the Streisand Effect. And when the machines get hacked, the id10t who declared them "unsinkable" will experience Titanic Syndrome.
Re:So stupid (Score:4, Insightful)
Exactly. The purpose of any lock is to provide a speed bump. Hopefully a big enough bump that you'll decide the effort isn't worth the payoff. This asshat increased the payoff 1000 fold in notoriety, and social recognition.
Comment removed (Score:4, Insightful)
Re:So stupid (Score:3, Insightful)
Perhaps. But then again, this is Australia we're talking about. You know, the country who's government is desperate to implement their own version of the Great Firewalls of China and Finland for whatever reason. Now, if some cyber terrorist just happened to disable to porn filters in laptops of kids who are at the height of puberty, and thus bound to use their laptops to download tons of it... Well, that would prove that just measures have to be passed, since it's the only way to keep children safe from criminal porn-peddling hackers, now wouldn't it?
Never forget that your leaders are the people who came on top in a brutal fight for power. They might seem imbeciles, but they aren't. They are ruthless, treacherous bastards, both the economic and political ones. Never attribute any deed of theirs to stupidity if it can be adequately explained by calculating malice.
Re:Absolutely (Score:4, Insightful)
All security, no matter what type it is or how it is implemented, is basically designed to slow down anybody who might try to break it.
I think you're confusing real security with poor security. Granted, often real security is difficult or impossible...
It is possible to create a system which is actually impossible to crack, short of social engineering or unprecedented changes in technology. Example: SSH keypairs. The last major vulnerability in this was due to a stupid, stupid flaw in the implementation. You can argue that such flaws are inevitable, but I'd argue that this is an argument about human fallibility, not about the theoretical limitations of a software system. Depending how much you're willing to invest, it's possible to write a program in such a way that you can mathematically prove it to be correct.
The only other way SSH keypairs are likely to be defeated is when quantum computers become feasible.
That said, I think it's unlikely they've created a truly invincible system with all the software they mentioned. There's likely to be a bug somewhere in Win7, CS4, Office, or Tunes.
Re:Sure... (Score:4, Insightful)
Famous last words.
Re:Someone has to be the idiot at the party. (Score:3, Insightful)
Even in the community of nations, someone has to have the least competent government on earth.
I guess the USA lost that title in the last election...
Re:From Lenovo? (Score:5, Insightful)
If I recall, China's People's Liberation Army is part-owner of America.
Fixed that for ya.
Roku is a perfect example of 'Meh' (Score:5, Insightful)
The Roku vidio player is an excellent example of security through "meh". It's almost an ideal box for a Boxee or MythTv frontend, but it is pretty much unhackable (cryptographically signed u-boot, kernel, and ramdisk). They've released their sources (but not their crypto key) months ago, yet not one single crack is available for it.
Why? Because (a) they don't make a big deal of the security features to the public, b) it's stupid cheap ($99 USD), and (c) It Just Works.
The combination of all three make 'meh'. Due to (a) there is no implicit challenge to the security community, (b) trumped the TiVo problem of trying to get 'more value for your money' out of an expensive piece of kit, and (c) prevents your Average Joe hacker from wanting to break a working (and useful to him) device.
Good counterexamples are TiVo, Linksys routers, and the Wii.
For TiVo, it was expensive enough that people wanted to get more value for their money, and felt it was time well spent to hack it.
With Linksys routers, It just Doesn't Work caused people to spend a lot of time finding a way to make some perfectly good equipment work at all for them.
The Wii advertised to the community that it was unhackable, which promptly cause all manner of security professionals to take up arms and figure out how to hack it.
Re:From Lenovo? (Score:3, Insightful)
If Lenovo would build in back doors, and is found out, then at best they go bankrupt. I think that is enough of a reason for any company NOT to build in that kind of back doors. And they will be found: non-standard chips present in the hardware are a prime target for further investigation, and BIOSes can be flashed (or, presumably, the original software checked against known-good implementations or at the very least decompiled for investigation).
So even if the PLA is part-owner of Lenovo, why would you think there ARE back doors built in? Because that is exactly what you are now suggesting. And on the same line, why would laptops from US companies NOT have back doors? E.g. Microsoft, being let off the hook for anti-trust suits all the time, would have a case of secretly cooperating with the US government to build in back doors as compensation for being allowed to live.
The only thing that can more or less guarantee no back doors is to develop it all from scratch by yourself. Then you have control over back doors present or not.
And by the way what is it with you Americans that everything linked to China is automatically considered evil these days?
Re:Same Govt. (Score:2, Insightful)
No, it's not actually. This is the New South Wales government, whereas the "child abuse" case (I don't believe he was actually accused of distributing child porn) was the Queensland government.
Wrong case, he is referring to this one from NSW.
:)
http://www.theaustralian.news.com.au/story/0,25197,24771973-16947,00.html [news.com.au]
The case you are probably thinking of was dropped. http://www.brisbanetimes.com.au/technology/technology-news/babyswinging-video-charges-dropped-20090909-fh33.html [brisbanetimes.com.au]
From a helpful Queenslander.
Re:Will they ever learn? (Score:3, Insightful)
When the communities say I told you so, I wanna see Bill Gates cry.
The problem is that won't happen.
This was issued with great fanfare, press releases all around. What happens next week when it gets broken?
Nothing. Nobody will hear about it. The government isn't gonna issue a press release saying "oops, we were wrong", and the hackers that pull it off either won't have the resources to buy a feed in PR Newswire, or if they do, nobody will publish it, out of fear of offending their advertisers (ie. MS.)
It will be published on Ars and BoingBoing, and the people who make these sorts of decisions will never know, and continue to think this is what *they* have to do to make their environments "secure".
Re:Absolutely (Score:5, Insightful)
By opening up, you can get a bunch of people working on your security to strengthen it, to help offset the few people who might be interested in breaking it.
But that only works for software you can fix, or you can get the vendor to fix. I highly doubt that's the case here.
Nobody is out to burn my house down, because nobody cares. But if I go out and shout, "My House is UNBURNABLE....MUAHHAHAHA!", there's a chance that some asshat will put a torch to it just to prove me wrong.
Security through obscurity doesn't work. Security through provoking asshats into action really doesn't work, unless you have the power to fix what they break.
Re:Physical access (Score:3, Insightful)
physical access >> root access
Way I look at it is, if they only have remote access, it's possible to make it unhackable. If they have physical access, it's always going to be possible to hack into it. Maybe very very difficult, and possibly very expensive, but never impossible.
Satellite TV boxes have been exploring this truth for many years now, they're probably the experts in the field. Right now what it takes is an expensive microscope and a lab. If they can't keep hackers out, what on earth is this netbook group thinking??
Re:The Slashdot editor degraded the story. (Score:3, Insightful)
Re:Same Govt. (Score:4, Insightful)
And, of course, since we're already into "thought crime" territory here, how long until they make it illegal to even talk about what happened (since you obviously must be thinking about the video in some way to comment on it, you sick pervert!) At some point soon, this will have to be stopped.
Hackable yes, but has a kill switch. (Score:3, Insightful)
It may be hackable yes,
They appear to have some kind of kill switch at the BIOS level, which sounds pretty potent and difficult to circumvent to me. I would presume when the stolen machine connects ot the internet, it calls home, if it's been nuked, it then bricks itself and refuses to boot of anything.
Doesn't mean you couldn't strip the laptops for parts if stolen. That is if you didn't go the trouble of replacing bios chip (if not flashable)
Despite that, they do seem to have to gone to significant lengths to thwart theft more than anything. However whatever IT outfit told them that the product would be 'unhackable' is guilty of telling lies, that kind of statement smacks of marketing department (not engineers) of some company telling it's ignorant client what it wants to hear (yet can't reasonably expect to get) just to get paid.
So it will be hacked, of course and the blame will fall everywhere (ie students) except the marketing people who made the claims.
Re:I long for the day... (Score:1, Insightful)
"shows off its technological naivety"
At least they exhibit no signs of the orthographic naivete which you so prominently display.
These machines will be as unhackable as... (Score:3, Insightful)
These machines will be as unhackable as the Titanic was unsinkable.
All the Government are doing is putting out a challenge and ultimately proving that a committee of "IT Experts" will be no match for a determined teenage schoolboy who wants to look at porn.
Re:Haha.. no (Score:3, Insightful)
"Really, the true protection the laptop gets is that every student receives one for free, but a replacement laptop has to be paid for out of their parent's pockets. Students will learn to be careful with them or face punishment from their parents."
A couple of thoughts on that. The first is that my daughter went through six cellphones one year (not paid for by me). Children have no idea how much things cost because generally they don't have to work for them. The second is that the loss of your laptop (which eventually will be part of school curriculum, if it isn't already) will penalise low income families with no technical knowledge who now have to fork out for a replacement. The third is.....what a way to bully kids! Just smash their laptop and refuse to admit you did it.