Anti-theft software could create security hole

Jul 31, 2009 By JORDAN ROBERTSON , AP Technology Writer
laptop

(AP) -- A piece of anti-theft software built into many laptops at the factory opens a serious security hole, according to research presented Thursday.

The "Computrace" software, made by Vancouver-based Absolute Software Corp., is part of a subscription service that's used to find lost or stolen computers. Many people don't know it's on their machines, but it's included in computers from the biggest PC makers.

The software is built into computers at the factory because that embeds it so deeply that even the extreme act of uninstalling the operating software won't delete it. The software is included in a part of the computer known as the BIOS, which refers to programs used to boot the computer.

The service Absolute sells can be valuable because sensitive data can be purged remotely from a stolen machine. The computer is still able to reach out to a specially designated Web site for instructions even if a criminal is tampering with the machine.

But research by Alfredo Ortega and Anibal Sacco with Boston-based Core Security Technologies, and presented Thursday at the Black Hat security conference here, shows it can cut two ways.

If a criminal has infected a computer that has the Computrace technology, he can take deep control of a machine.

That's because he's able to modify the computer's settings to maintain a connection with that machine even if the is uninstalled then reinstalled - an extreme way, but sometimes the only way, to make sure a computer is cleaned of viruses.

"You have something that's pre-installed, and considered non-malicious, that you can manipulate and turn into a - that's pretty unique," said Ivan Arce, Core Security's chief technology officer.

Arce said Absolute can fix the problem with an update to the software that is then pushed out to affected computers. He added that users can disable the software's ability to be a problem on their own, too. It takes some technical know-how, though.

"It's not hard to block once you know what to look for," Arce said.

Absolute spokesman Craig Clark said the company would comment after Core's presentation Thursday, but then did not make anyone available. He said Absolute's technical team "needs to understand the concerns Core has raised before they can speak to it accurately."

Roel Schouwenberg, a senior antivirus researcher with Kaspersky Lab, said the vulnerabilities Core Security found could be a "pretty big challenge for the security community" if they're exploited. But he added that the special access a hacker can get is undermined somewhat by the fact malicious programs they try to download still have to come into the the same way they always do, and can be protected against.

Any files that download "will not be stealth, they will not be hiding, they will be visible on the system," Schouwenberg said. "Anti-malware () will be able to scan them. It could have been a whole lot worse."

---

On the Net:

View Core Security's research paper at:

http://www.coresecurity.com/content/Deactivate-the-Rootkit

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: Microsoft CEO is driving data-culture mindset

add to favorites email to friend print save as pdf

Related Stories

Grisoft Offers Free Rootkit Removal

Apr 11, 2007

Grisoft, makers of the popular AVG Antivirus, today released a free tool specifically aimed at eliminating malicious software that hides itself using rootkit techniques.

Glitch in antivirus software troubles PC users

Jul 10, 2009

(AP) -- Antivirus software cuts two ways. It's great at blocking known viruses, but it can sometimes misfire, mistakenly flagging clean files as malicious. That sends a computer into a tailspin trying to clean up stuff that's ...

$100 Laptop May Be at Security Forefront

Oct 09, 2006

(AP) -- The $100 laptops planned for children around the world might turn out to be as revolutionary for their security measures as for their low-cost economics.

Recommended for you

Microsoft CEO is driving data-culture mindset

7 hours ago

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

Enabling dynamic prioritization of data in the cloud

Apr 14, 2014

IBM inventors have patented a cloud computing invention that can improve quality of service for clients by enabling data to be dynamically modified, prioritized and shared across a cloud environment.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

AshleyFromAbsolute
not rated yet Aug 02, 2009
I work for Absolute Software. The claims that there's a vulnerability in Computrace are without merit and systems are secure:

- The Computrace BIOS module does not allow a special undetected path into the operating system.
- In order for the Computrace BIOS module to work, it is activated by the end-user customer, not the computer manufacturer, upon receipt of the computer and activation of Absolute Software's products.

- The Computrace BIOS code alleged in the article to have this vulnerability is old code that was not officially released into a BIOS and, to Absolute's knowledge, has never been active in the BIOS of any computer.

- If a malicious attacker were able to alter the BIOS code, any popular anti-virus software would alert the customer.

- The Computrace BIOS module currently on the market is not susceptible to the risks claimed in the article and therefore none of our customers are at risk for this specific type of attack

For more detailed info: http://ow.ly/iQdj

More news stories

Microsoft CEO is driving data-culture mindset

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

Floating nuclear plants could ride out tsunamis

When an earthquake and tsunami struck the Fukushima Daiichi nuclear plant complex in 2011, neither the quake nor the inundation caused the ensuing contamination. Rather, it was the aftereffects—specifically, ...

Patent talk: Google sharpens contact lens vision

(Phys.org) —A report from Patent Bolt brings us one step closer to what Google may have in mind in developing smart contact lenses. According to the discussion Google is interested in the concept of contact ...

Quantenna promises 10-gigabit Wi-Fi by next year

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...