You can do to the system whatever you want.
#Absolute lojack compatibility update
As far as it is a piece of the BIOS, it is not very easy to update the software as often.
#Absolute lojack compatibility code
It’s a tiny piece of code which is a part of the BIOS. Back in February, Kamluk described Computrace’s exploitability as follows: In other words, the way Computrace interacts with Absolute could expose users to man-in-the-middle attacks. Rpcnetp, in turn, talks to the Absolute server and is replaced by rcpnet, which is a core remote administration module that is restored if the user deletes it. Then the new autochk.exe drops and registers a new system service called rpcnetp. This is particularly irksome given how Computrace works: first the persistence modules in BIOS/UEFI update a system’s default autochk.exe. One of the problems – as was highlighted at SAS – is that Computrace does not enforce encryption when it communicates and it does not verify the identity of the remote server from which it receives commands. We don’t think this bug was introduced on purpose.” “It could be a bug in this tool or a human error.
“We believe that persistence was erroneously activated,” Kamluk and Saccco said. At present they believe the software is being unintentionally initiated by manufacturers.įurthermore, once Computrace is enabled, it is incredibly persistent and very difficult to remove or even turn off. In fact, to this point, Kamluk, Sacco and Belov can only guess at how Computrace is enabled by default on many out-of-the-box PCs. Absolute Software’s technical documentation says that Computrace should be enabled either by the user or by IT departments with admin control of work machines. They presented an updated version of that talk at Black Hat last week.Ĭomputrace should not be enabled by default. Kaspersky Lab researchers Vitaly Kamluk and Sergey Belov along with Anibal Sacco of Cubica Labs earlier presented their research in a briefing titled “Absolute Computrace Revisited” six months ago at the Kaspersky Security Analyst Summit (SAS) in the Dominican Republic. However, it often runs without user-consent, persistently activates itself at system boot, and can be exploited to perform various attacks and to take complete control of an affected machine.
Computrace is a legitimate, trusted application developed by Absolute Software. LAS VEGAS – Nearly every PC has an anti-theft product called Computrace embedded in its BIOS PCI Optional ROM or its unified extensible firmware interface (UEFI). Sacco left Core Security last year to start Cubica Labs. UPDATE: A previous version of this story incorrectly stated that Anibal Sacco works for Core Security.
0 kommentar(er)
