Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Virus Guy
August 13, 2014, 12:39 am
rate this thread
"Absolute Computrace allows organizations to persistently track
and secure all of their endpoints within a single cloud-based
console. Computers and ultra-portable devices such as netbooks,
tablets, and smart phones can be remotely managed and secured
to ensureand most importantly provethat endpoint IT compliance
processes are properly implemented and enforced."
Computrace back door could make millions of PCs vulnerable
Almost all recent PCs have Absolute Computrace embedded in their BIOS.
It's a product designed to allow companies to track and secure all of
their PCs from a single cloud-based console.
But researchers at Kaspersky lab have revealed that it often runs
without user-consent, persistently activates itself at system boot, and
can be exploited to perform various attacks and to take complete control
of an affected machine.
Kaspersky Lab researchers Vitaly Kamluk and Sergey Belov along with
Annibal Sacco of Core Security demonstrated the flaw in a presentation
at the Black Hat 2014 conference.
Kamluk first described Comutrace's vulnerability at a Kaspersky Security
Analyst Summit in February, "The software is extremely flexible. It's a
tiny piece of code which is a part of the BIOS. As far as it is a piece
of the BIOS, it is not very easy to update the software as often. So
they made it very extensible. It can do nearly anything. It can run
every type of code. You can do to the system whatever you want.
Considering that the software is running on these local system
privileges, you have full access to the machine. You can wipe the
machine, you can monitor it, you can look through the webcam, you can
actually copy any files, you can start new processes. You can do
Six months on Computrace is still exploitable and once it has been
activated it's very persistent and difficult to turn off. It also
doesnt enforce encryption when it communicates and doesn't verify the
identity of servers from which it receives commands, so could expose
users to attacks.
The mystery is, who or what is activating Computrace? The researchers
believe it may be down to manufacturers' testing of new machines to
check for Computrace compatibility. Because it's a legitimate piece of
code it's white listed by many antivirus programs.
They conclude that whilst there's no reason to believe Absolute Software
or PC manufacturers are deliberately activating Computrace in secret,
they do need to notify users of its presence and issue instructions on
how to turn it off if users don't want Absolute's services.
- » How effective is security software at blocking exploits? (turns out, not very)
- — Next thread in » Anti-Virus Software
- » Registry-infecting reboot-resisting malware has NO FILES
- — Previous thread in » Anti-Virus Software