 NetFixerFreedom is NOT freePremium
join:2004-06-24
Murfreesboro, TN
 ·Vonage
 ·Cingular Wireless
 ·Comcast
 ·AT&T Southeast
2 edits | Anti-theft software could create security hole »www.msnbc.msn.com/id/32228651/ns···ecurity/
LAS VEGAS - A piece of anti-theft software built into many laptops at the factory opens a serious security hole, according to research presented Thursday.
The "Computrace" software, made by Vancouver-based Absolute Software Corp., is part of a subscription service that's used to find lost or stolen computers. Many people don't know it's on their machines, but it's included in computers from the biggest PC makers.
The software is built into computers at the factory because that embeds it so deeply that even the extreme act of uninstalling the operating software won't delete it. The software is included in a part of the computer known as the BIOS, which refers to programs used to boot the computer.
The service Absolute sells can be valuable because sensitive data can be purged remotely from a stolen machine. The computer is still able to reach out to a specially designated Web site for instructions even if a criminal is tampering with the machine.
But research by Alfredo Ortega and Anibal Sacco with Boston-based Core Security Technologies, and presented Thursday at the Black Hat security conference here, shows it can cut two ways.
If a criminal has infected a computer that has the Computrace technology, he can take deep control of a machine.
That's because he's able to modify the computer's settings to maintain a connection with that machine even if the operating software is uninstalled then reinstalled — an extreme way, but sometimes the only way, to make sure a computer is cleaned of viruses.
"You have something that's pre-installed, and considered non-malicious, that you can manipulate and turn into a malicious program — that's pretty unique," said Ivan Arce, Core Security's chief technology officer...
It would appear that this is not a remote take over exploit in that (so far) it requires the exploit to be downloaded and installed using conventional malware methods. The next generation exploit however just might be more stealth (and history says that there will likely be new generations of this exploit). Another example of "good" idea gone bad. The really bad thing is that not all notebook manufacturers advertise that this module is installed in the bios, so there could be a large number of people who are vulnerable and don't know it.
Here is a link that can be used to find out if your notebook is vulnerable: »www.absolute.com/partners/bios-compatibility
My HP notebook is on that list even though none of the documentation from HP indicates that it is there. I guess that I now need to contact HP and/or Absolute Software to find out if there is a way to really absolutely permanently disable* it, but I suspect the answer is going to be along the lines of "I am sorry Dave, but...." 
* HP says that it is disabled by default and requires software activation. That is not really disabled since a malware exploit could just emulate the official activation software. 
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. |
| I am writing to you on behalf of Absolute Software to respond to your recent article regarding the claims made by Alfredo Ortega and Anibal Sacco of Core Security at the BlackHat Security conference earlier this week. They alleged certain vulnerabilities in Absolute® Software Corporation’s Computrace® system that purportedly could be exploited to allow control of a device by unauthorized persons. These claims are without merit.
• The Computrace BIOS module does not allow a special undetected path into the operating system. It is not a rootkit.
• In order for the Computrace BIOS module to work, it is activated by the end-user customer, not the computer manufacturer, upon receipt of the computer and activation of Absolute Software’s products.
• The Computrace BIOS code alleged in the article to have this vulnerability is old code that was not officially released and, to Absolute’s knowledge, has never be active in the BIOS of any computer.
• If a malicious attacker were able to alter the BIOS code, any popular anti-virus software would alert the customer.
• The Computrace BIOS module currently on the market is not susceptible to the risks claimed in the article and therefore none of our customers are at risk for this specific type of attack
Absolute has issued a statement to the public, refuting these claims and explaining their position at length »www.absolute.com/company/pressro···es_claim
If you have any additional questions or would like further clarification, please feel free to contact Sandra Fathi at 201-406-6150 directly or Absolute Software support.
|
