Updated:12:56 PM EDT Sep 19


this is ggmania.com subsite

NEWS
rss feed 
 
top 100
archive
submit news

FREE eBooks

REVIEWS
 
SOFTWARE
CD/DVD tools
Free Antivir
Security
Drivers
Utilities
 
FORUMS
comments
hardware
software
off-topic
 
LINKS
 
SPONSORS:

Forex Brokers Reviewed



TweakBox

Expert writing tips from professional writers.

Free essay writing tutorials for students.

Booty Bingo

New Look Bingo

Mummies Bingo

M Jackpots

(C) 2006-2017 TechAmok
All Rights Reserved.


CONTACT
 
Millions of PCs Affected by Mysterious Computrace Backdoor - TechAmok

Millions of PCs Affected by Mysterious Computrace Backdoor - [security]
02:12 PM EDT - Aug,12 2014 - post a comment

Nearly every PC has an anti-theft product called Computrace embedded in its BIOS PCI Optional ROM or its unified extensible firmware interface (UEFI). Computrace is a legitimate, trusted application developed by Absolute Software. However, it often runs without user-consent, persistently activates itself at system boot, and can be exploited to perform various attacks and to take complete control of an affected machine. Kaspersky Lab researchers Vitaly Kamluk and Sergey Belov along with Anibal Sacco of Cubica Labs earlier presented their research in a briefing titled "Absolute Computrace Revisited" six months ago at the Kaspersky Security Analyst Summit (SAS) in the Dominican Republic. They presented an updated version of that talk at Black Hat last week.

Computrace should not be enabled by default. Absolute Software's technical documentation says that Computrace should be enabled either by the user or by IT departments with admin control of work machines. In fact, to this point, Kamluk, Sacco and Belov can only guess at how Computrace is enabled by default on many out-of-the-box PCs. At present they believe the software is being unintentionally initiated by manufacturers. Furthermore, once Computrace is enabled, it is incredibly persistent and very difficult to remove or even turn off. One of the problems as was highlighted at SAS is that Computrace does not enforce encryption when it communicates and it does not verify the identity of the remote server from which it receives commands. This is particularly irksome given how Computrace works: first the persistence modules in BIOS/UEFI update a system's default autochk.exe. Then the new autochk.exe drops and registers a new system service called rpcnetp. Rpcnetp, in turn, talks to the Absolute server and is replaced by rcpnet, which is a core remote administration module that is restored if the user deletes it. In other words, the way Computrace interacts with Absolute could expose users to man-in-the-middle attacks. Back in February, Kamluk described Computrace's exploitability as follows:
The software is extremely flexible. It's a tiny piece of code which is a part of the BIOS. As far as it is a piece of the BIOS, it is not very easy to update the software as often. So they made it very extensible. It can do nearly anything. It can run every type of code. You can do to the system whatever you want. Considering that the software is running on these local system privileges, you have full access to the machine. You can wipe the machine, you can monitor it, you can look through the webcam, you can actually copy any files, you can start new processes. You can do absolutely anything.


Add your comment (free registrationrequired)

Short overview of recent news articles

Sep,19 2017 Top 20 Craziest Moments in Tennis History
Sep,19 2017 The Floppotron: Through the Fire and Flames
Sep,19 2017 Upgrade My PC Please! [S01E03] Core i5 Owners Needing Help!
Sep,18 2017 VR Sense Preview - Feel the Scent of the Girls
Sep,18 2017 The iPhone X Needs a $25 USB Type-C Cable to Fast Charge
Sep,17 2017 The best pics on the Internet #238
Sep,17 2017 Rocket Bicycle World Record ǀ 333 km/h (207 mph)
Sep,17 2017 Water-Powered Trike Goes From 0-60 In Half A Second
Sep,17 2017 Search Party (2017) Season 2 Trailer
Sep,16 2017 Intel May Launch Ice Lake 8 Core/16 Thread CPUs in Q2/2018
Sep,16 2017 Verizon Is Disconnecting 8,500 Leechers
Sep,16 2017 Bashware Security Software Bypass Attack
Sep,16 2017 Stupid Android app so you can turn your phone into an iPhone X
Sep,15 2017 Google Deletes Inactive Android Backups After 2 Months
Sep,15 2017 Downsizing (2017) - Official Trailer
Sep,15 2017 BlueBorne Attacks Impact Billions of Bluetooth Devices
Sep,14 2017 Bitcoin Crashes after Chinese Exchange Says It Will Halt Trading
Sep,13 2017 Exploit Available for Critical Apache Struts Vulnerability
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs