Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Nowadays a lost or stolen laptop can often be recovered thanks to software that automatically transmits the location of the device back to a central server. However, some experts worry that, without additional security measures, this kind of tracking technology could inadvertently make users more vulnerable to spying.

“If you lose your laptop, a commercial service can tell you where it is right now,” says Tadayoshi Kohno, an assistant professor of computer science at the University of Washington, in Seattle. “The issue, from a privacy perspective, is that this also means that someone who might break into or have access to the commercial service’s database might be able to track you even before the laptop leaves your possession.”

To address this concern, Kohno and his colleagues at the University of Washington and the University of California, San Diego, have developed Adeona, a free piece of software that records location information in such a way that only a legitimate user should ever be able to gain access to it. Most commercial laptop-tracking services require software installed on a user’s machine to periodically update a database with data related to the laptop’s physical location, such as its current IP address and local network topology. If the machine is ever stolen, this information will be transmitted the next time it is connected to the Internet. The user can then take it to the police to help them locate the thief.

But Kohno and other security experts worry that, if this data is compromised, it will provide a simple way to monitor the movements of the laptop owner. In a corporate setting, this might enable corporate espionage, Kohno warns. And since this data may be transmitted and stored in unencrypted form, it is particularly vulnerable to interception and attacks on the database, he says. Adeona employs several cryptographic techniques to keep location information secure. A laptop running the software still sends location information to a central database–in this case, a completely open server–but the data is encrypted so that it cannot be read without a private cryptographic key.

Even if the laptop is stolen, other cryptographic tricks prevent the tracking information from falling into the wrong hands. When a user installs the software, a cryptographic key (known as a seed) is generated and stored separately–on a USB flash drive or a DVD, for example. The seed is used to generate a unique cipher each time an update is sent to the server. And to prevent a thief from figuring out the original seed by analyzing past messages, the software also generates a new seed by morphing the original one in a seemingly random way each time an update is sent.

0 comments about this story. Start the discussion »

Credit: Technology Review

Tagged: Computing, security, software, privacy, cryptography, tracking software, anti-fraud tool

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me
×

A Place of Inspiration

Understand the technologies that are changing business and driving the new global economy.

September 23-25, 2014
Register »