Updated:07:56 AM EST Jan 19


this is ggmania.com subsite Millions of PCs Affected by Mysterious Computrace Backdoor - TechAmok

TOP STORIES

HEADLINES

2018 Was the Year of VR Headsets - Except it Wasn't :-)
20 Things Proving That Japan Lives In 3018
10 funny moments in Granny The Horror Game
The best pics on the Internet #263
Emira Kowalska aka EmiraFoods Huge Booty & More Spicy Pics
23 BRILLIANT PHONE HACKS
Ashtanga Yoga - core strength for back bends
Beautiful Taekwondo Girls
FASTEST WORKERS 2018 - God Level Experts
The Prodigy - Baby's Got A Temper (Hit Me Remix 2k19)
3 Awesome Life Hacks
Ambushed - New Chinese Action Film - Best Kungfu Martial
Emily Ratajkowski's Body Perfection
GeForce RTX 2080 Ti Now De-listed on NVIDIA's Online Store
Researchers Discover Seven New Meltdown and Spectre Attacks
This Guy Seems To Have Broken The Matrix
How A Hacker Obtained Motorola Source Code with a Few Phone Calls
Eiza Gonzalez Is An Amazing Talent!

30 MONEY-SAVING LIFE HACKS FOR GIRLS
25 BEST HACKS FOR YOUR SMARTPHONE
Best Sport Vines 2019 - January
Windows 10 Mobile Is Officially Dead
Ford Is Developing a Powerful All-Electric F-Series Truck
John Wick: Chapter 3 - Parabellum (2019 Movie) Official Trailer
Project Stream Official Gameplay Capture
Next RAZR Might be a $1,500 Foldable Smartphone
Alexis Ren Could Be The Next Queen Of Instagram
How Well Do FreeSync Monitors Work with NVIDIA GPUs?
Game of Thrones - Season 8 - Official Tease
HoloLens news incoming
YouTube Bans Dangerous Challenges and Pranks Videos
New Bluetooth Sticker Tags Powered by Ambient Radio Waves
AMD's Initial Production Run of Radeon VII Just 5,000 Pieces?
Spider-Man: Far From Home - Teaser Trailer
Apple Allegedly Replaced 11 Million Batteries
NVIDIA Releases GeForce 417.71 WHQL Drivers

Millions of PCs Affected by Mysterious Computrace Backdoor - [security]
02:12 PM EDT - Aug,12 2014 - post a comment

Nearly every PC has an anti-theft product called Computrace embedded in its BIOS PCI Optional ROM or its unified extensible firmware interface (UEFI). Computrace is a legitimate, trusted application developed by Absolute Software. However, it often runs without user-consent, persistently activates itself at system boot, and can be exploited to perform various attacks and to take complete control of an affected machine. Kaspersky Lab researchers Vitaly Kamluk and Sergey Belov along with Anibal Sacco of Cubica Labs earlier presented their research in a briefing titled "Absolute Computrace Revisited" six months ago at the Kaspersky Security Analyst Summit (SAS) in the Dominican Republic. They presented an updated version of that talk at Black Hat last week.

Computrace should not be enabled by default. Absolute Software's technical documentation says that Computrace should be enabled either by the user or by IT departments with admin control of work machines. In fact, to this point, Kamluk, Sacco and Belov can only guess at how Computrace is enabled by default on many out-of-the-box PCs. At present they believe the software is being unintentionally initiated by manufacturers. Furthermore, once Computrace is enabled, it is incredibly persistent and very difficult to remove or even turn off. One of the problems as was highlighted at SAS is that Computrace does not enforce encryption when it communicates and it does not verify the identity of the remote server from which it receives commands. This is particularly irksome given how Computrace works: first the persistence modules in BIOS/UEFI update a system's default autochk.exe. Then the new autochk.exe drops and registers a new system service called rpcnetp. Rpcnetp, in turn, talks to the Absolute server and is replaced by rcpnet, which is a core remote administration module that is restored if the user deletes it. In other words, the way Computrace interacts with Absolute could expose users to man-in-the-middle attacks. Back in February, Kamluk described Computrace's exploitability as follows:
The software is extremely flexible. It's a tiny piece of code which is a part of the BIOS. As far as it is a piece of the BIOS, it is not very easy to update the software as often. So they made it very extensible. It can do nearly anything. It can run every type of code. You can do to the system whatever you want. Considering that the software is running on these local system privileges, you have full access to the machine. You can wipe the machine, you can monitor it, you can look through the webcam, you can actually copy any files, you can start new processes. You can do absolutely anything.


Add your comment (free registrationrequired)

Short overview of recent news articles

Jan,19 2019 30 MONEY-SAVING LIFE HACKS FOR GIRLS
Jan,19 2019 25 BEST HACKS FOR YOUR SMARTPHONE
Jan,19 2019 Best Sport Vines 2019 - January
Jan,19 2019 Windows 10 Mobile Is Officially Dead
Jan,19 2019 Ford Is Developing a Powerful All-Electric F-Series Truck
Jan,18 2019 John Wick: Chapter 3 - Parabellum (2019 Movie) Official Trailer
Jan,18 2019 Project Stream Official Gameplay Capture
Jan,17 2019 Next RAZR Might be a $1,500 Foldable Smartphone
Jan,17 2019 Alexis Ren Could Be The Next Queen Of Instagram
Jan,17 2019 How Well Do FreeSync Monitors Work with NVIDIA GPUs?
Jan,16 2019 Game of Thrones - Season 8 - Official Tease
Jan,16 2019 HoloLens news incoming
Jan,16 2019 YouTube Bans Dangerous Challenges and Pranks Videos
Jan,16 2019 New Bluetooth Sticker Tags Powered by Ambient Radio Waves
Jan,16 2019 AMD's Initial Production Run of Radeon VII Just 5,000 Pieces?
Jan,15 2019 Spider-Man: Far From Home - Teaser Trailer
Jan,15 2019 Apple Allegedly Replaced 11 Million Batteries
Jan,15 2019 NVIDIA Releases GeForce 417.71 WHQL Drivers
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs