LogMeIn can control some PCs, even when off
How can you be sure your data is safe when off doesn't mean inaccessible? A remote-control technology that is part of Intel's VPro architecture raises some security questions.
During a recent talk with LogMeIn CEO Michael Simon, I learned about the company's new LogMeIn Central dashboard for IT managers, designed to help them keep tabs on thousands of computers at a time.
I also heard about the new version of virtual network service Hamachi, which makes it a competitor to standard (and expensive) virtual private-networking products in the enterprise.
We chuckled a bit about the version of LogMeIn that's embedded in the dashboard of some Ford F150 pickup trucks, so their owners can remotely control their office PCs. And I heard about a LogMeIn technology, just now reaching the market, that enables not just remote diagnostics of computers but also access to data on the hard drives of PCs that are turned completely off. Gulp.
That last technology, part of Intel's VPro system architecture, has just started to ship in a few new PCs. It's designed for corporate networks so that support personnel can get into a machine--to run a backup, for example--regardless of whether it's running Windows, has crashed into a blue screen, or has been shut down. As long as the PC is plugged into the wall and to an Ethernet connection, the computer, even though in an off state, will continue to draw a small amount of power (about 4 watts) while it monitors the network for control packets.
The technology is getting built into motherboards using the Q45 support chipset. Only a few corporate desktops use this technology, in particular HP's DC 7900 and Lenovo's ThinkCentre M58 lines.
Simon told me that the technology does not provide a wide-open backdoor. There are security protocols. The user has to agree to use the technology, and like all LogMeIn remote-control products, remote access isn't possible unless the computer's owner agrees to it. And in many ways, it is similar to current remote-access products that rely on "Wake-on-LAN" packets to power up a PC so it can then be controlled remotely. The difference here is of degree.
And I don't worry about this in the enterprise. If you're using a computer provided to you by your company, it is owned by your company, not you. If your employer want to get your data or mess with your work, it does not need a tool like this to do so. This technology just gives IT pros more capabilities, and it sounds like a very useful tool.
Even for home users, in most cases, this won't be a problem, mostly because VPro PCs aren't marketed to home users. But assuming that they were, the VPro protocols still specify that the user must consent to remote access each time someone wants to use it.
So let's say Dell sells me a computer, and it crashes. I am happy to have Dell customer support see what's going on during a phone call. It might save everyone the annoyance and expense of a repair visit or the need to ship the computer back to Dell for examination.
What I am concerned about are VPro home computers for which remote control is preconfigured by a seller. A machine sold by an unscrupulous builder. A used computer sold via eBay or Craigslist by someone bent on identity theft. The opportunities for crime here are just too great to ignore.
And it's LogMeIn's exceptionally robust connection technology that makes it all the more so. Unlike Wake-on-LAN technologies and other remote-control products, LogMeIn is very good at connecting to a computer, no matter how far away it is on the Internet or how deep behind firewalls it is. It's robust--and secure in the hands of its users--but it's a scary tool, if the wrong people get into it.
Simon did say that perhaps this technology needs a protocol that specifies that whenever it's used, whether it's been configured for unattended access or not, it "drops a receipt on the desktop" so the computer's owner can see it when he or she turns the machine on.
That's a start. I'd recommend disabling this feature entirely. And to be fair, computers with this capability come with remote access turned off in the BIOS by default. But chances are that crimes over VPro, if any are committed, will be against people who simply don't know that this kind of access is possible.
Other LogMeIn representatives also took pains to remind me that this capability can be used to fight crime as well: a computer that had been stolen could be remotely wiped of data, for example, even if it's powered down. Also, there are no consumer desktops yet with this BIOS-level support for remote access.
I have been a big fan of LogMeIn's free remote-control product for years, and I have never heard of any security breaches due to a technical issue with the company's products. Furthermore, I congratulate Simon for landing this deal with Intel. Nice move. But I think that my relationship with this capable maker of remote-access and network utility services just got more complicated. I am going to try very hard to avoid VPro products, if they start to proliferate in the consumer market.
Alternatives include switching to AMD-powered computers or unplugging a VPro PC when not using it, which would be a ridiculous hassle. I know it seems crazy and paranoid, but if "off" doesn't really mean "off" anymore, we do have to be more careful.