- #ABSOLUTE LOJACK FOR LAPTOPS PREMIUM EDITION REVIEW FULL#
- #ABSOLUTE LOJACK FOR LAPTOPS PREMIUM EDITION REVIEW SOFTWARE#
- #ABSOLUTE LOJACK FOR LAPTOPS PREMIUM EDITION REVIEW CODE#
- #ABSOLUTE LOJACK FOR LAPTOPS PREMIUM EDITION REVIEW PROFESSIONAL#
- #ABSOLUTE LOJACK FOR LAPTOPS PREMIUM EDITION REVIEW WINDOWS#
This module is embedded into BIOS PCI Option ROM or UEFI firmware.
#ABSOLUTE LOJACK FOR LAPTOPS PREMIUM EDITION REVIEW CODE#
The Small Agent is a piece of code that is of minimal possible size and maximum extensibility.
#ABSOLUTE LOJACK FOR LAPTOPS PREMIUM EDITION REVIEW WINDOWS#
Computrace Agent Normal OperationĬomputrace Agent is a Windows application that has two variants: a small agent and a full-size agent. However, the post didn’t have enough proof to back up the claim, so we decided to embark on our own extended analysis. The blog mentions a vulnerability in the authentication system of LoJack (Computrace) software. In addition, we found a blogpost authored by Bradley Susser created in August 2012. Alfredo Ortega and Anibal Sacco demonstrated a tool that can be used to change encrypted registry settings of the Absolute Computrace Agent so that it redirects to another control server. It demonstrated that these modules are vulnerable to local attacks, such as those requiring physical access or the ability to run code at local system.
#ABSOLUTE LOJACK FOR LAPTOPS PREMIUM EDITION REVIEW SOFTWARE#
Prior research has shown a significant risk coming from anti-theft software embedded in BIOS ROMs or firmware. In their whitepaper “Deactivate the Rootkit: Attacks on BIOS anti-theft technologies” they described the general mechanisms behind anti-theft products such as Absolute Computrace.
One of the most significant contributions previously made on this subject is authored by Alfredo Ortega and Anibal Sacco of Core Security Technologies. From a minor hindrance the situation quickly turned in to a major incident, and we decided to carry out an in-depth analysis. This single incident could have been dismissed if it wasn’t for the fact that we discovered more personal computers belonging to our researchers, as well as some enterprise computers, with the same signs of Computrace working on them without authorization.
#ABSOLUTE LOJACK FOR LAPTOPS PREMIUM EDITION REVIEW FULL#
Unless you have a private IT service or your PC vendor took care of you, someone else has full access and control over your computer.
It could be assumed that the software was pre-installed by an OEM manufacturer or reseller company, but according to an Absolute Software whitepaper this should be done by users or their IT service. While Absolute Software is a legitimate company and information about Computrace product is available on the company’s official website, the owner of the system claimed he had never installed Absolute Computrace and didn’t even know the software was present on his computer. A quick analysis of the file information revealed that these modules were created by Absolute Software and are part of the Absolute Computrace software. The failure was related to instability in modules named identprv.dll and wceprv.dll that were loaded in the address space of one of the system service host processes (svchost.exe). A quick check then led to a full research cycle which eventually resulted in this report. The crash generated an event log record and a memory dump that was immediately analyzed. He observed repeated system process crashes on one of his personal laptops. Our research started with a real-life incident involving one of our colleagues. We believe that companies producing anti-theft technologies must consider the security of their products extremely seriously. While the general idea behind anti-theft technology is good, improper implementation can render it useless as well as harmful, or even extremely dangerous. One such type of software is anti-theft technologies that are widely used on modern laptops, i.e., Absolute Computrace.
#ABSOLUTE LOJACK FOR LAPTOPS PREMIUM EDITION REVIEW PROFESSIONAL#
While most of these products can be permanently removed or disabled by the user or an IT administrator, some types of product are designed to remain on the system even after professional system cleanup or total disk drive replacement. It might be difficult for an ordinary user to understand all the risks of such “extra-packages” existing on the system.
Modern computer systems that are widely used by individual consumers as well as large corporations have a number of pre-installed software that is shipped by an OEM manufacturer or a regional reseller to promote certain services and products. Our intention was to evaluate how secure Computrace Agent communications are and to see if it is possible to hijack control remotely. While physical security and a lack of proper code validation have already been shown in prior research by Core Labs, in our research we have focused on the network security aspect of such solutions. In particular, we have analyzed a number of standalone firmware files and personal computers. This report is a return to the problem of security mechanisms implemented in modern anti-theft technologies that reside in firmware and PC BIOS of commonly used laptops and some desktop computers.
0 kommentar(er)
