On February 13, 2014, Kaspersky Lab issued a statement entitled "How a" good "software can become" bad ", in which it describes the implementation of Computrace, the anti-theft software of Absolute Software, as insufficient. This inadequate implementation "could turn a useful defense tool into a powerful tool in the hands of digital intruders," warns its top analyst.
The relevant report entitled "Absolute Computrace Revisited”Is published in securelist.com
The Computrace may be in the BIOS of the firmware or ROM of modern laptop systems and dekstop. In essence, this is a tool of a service that, in order to be activated and act as an anti-theft, the stolen eg. laptop to be identified, it must have been purchased by Absolute. If the owner informs the company of theft, then the Control Center will "order" the computer to report every 15 minute to gather specific details about its location, who uses it and what it does with it.
An occasion for her research Kaspersky Lab it was the fact that her own researchers found that Computrace "ran" unknowingly without their permission: Some claimed they had not installed or activated the software themselves on their machines.
The mystery of Kaspersky's recognized experts is described by the queries of Kaspersky Lab's chief security researcher Vitaly Kamluk, Global Research and Analysis: "Our estimate is that millions of computers run Absolute Computrace software and that a large number of users may be unaware that the software is enabled and running. Who had reason to turn Computrace on all these computers? Does an unknown player watch them? This is a mystery to be solved. "
The statistics that Kaspersky gives from hers Kaspersky Security Network, the Computrace "runs" on the devices of approximately 150.000 users. The estimated total number of users with Computrace enabled may exceed 2 million. It is not clear how many of these users are aware that Computrace is "running" on their systems. Also, it is reported that the majority of these computers located in the United States and Russia.
This map shows the geographical distribution of the systems running Computrace Agent (Greece is in the category with fewer than 1-670 but is not zero).
The security loopholes found by her engineers Kaspersky refer to the network protocol it uses Computrace Small Agent το οποίο παρέχει βασικά στοιχεία για την απομακρυσμένη implementation του κώδικα: Το πρωτόκολλο δεν απαιτεί τη χρήση οποιουδήποτε μηχανισμού κρυπτογράφησης ή ταυτοποίησης του απομακρυσμένου server, πράγμα που δημιουργεί πολλές ευκαιρίες για απομακρυσμένες επιθέσεις, εξηγούν.
On the other hand, it is specified that "There is no evidence that this Absolute Computrace used as a platform for attacks. However, experts of various companies distinguish possibilities attacks. Some disturbing and unexplained events involving unauthorized activations of Computrace make the above scenario increasingly realistic,” they write.
What answers Absolute Software to Kaspersky Lab
The company's representative, Jenny Sneyd, answers us with surprise, that this issue had arisen and was addressed five years ago. He notes that Computrace has been recognized as a safe and legal way to improve end-to-end security by all major anti-malware developers (and therefore the company is a "white list vendor" - which, after all, we must add, that, very carefully, notes Kaspersky Lab.
Absolute also says that Computrace is built into computing, netbook, tablet and smartphone firmware from international manufacturers including Acer, ASUS, Dell, Fujitsu, HP, Lenovo, Motion, Panasonic, Samsung, and Toshiba. Still the company has resale agreements with these OEM manufacturers and others, including Apple.
On the Absolute website we found a published list of Computrace embedded systems.
Absolute points out that the "Absolute persistence module" remains dormant until the software (the Computrace software client) is installed and activated. However, the company in its response to tech.in.gr, does not explicitly refer to the installation and activation exclusively by the end user.
The report of Kaspersky Lab in the 2009 report
Referring to concerns raised five years ago, Kaspersky states that “In 2009, researchers from Core Security Technologies presented their findings regarding Absolute Computrace. Researchers have warned of the dangers of this technologyand how an attacker could modify the system registry to attack Computrace's callbacks. Computrace Agent's aggressive behavior was the reason why it was detected as malware in the past. According to some studies, Computrace was labeled by Microsoft as “VirTool: Win32/BeeInject”. However, later Microsoft and some anti-malware solution providers abandoned this designation. Computrace executables are now approved whitelists of most anti-malware companies.''
However, Kaspersky insists that "Such a powerful tool, like Absolute Computrace, should use the authentication and encryption mechanisms to continue serving the" good ". Clearly, if there are many computers running Computrace agents, it is the responsibility of the manufacturer (in this case Absolute Software) to inform users and explain how the software can be turned off and blocked, "said Mr. Kamluk. "Otherwise, these" orphan "agents will continue to" run "unobserved, offering remote exploitation capabilities," concludes the Kaspersky official.
As Kaspersky Lab points out and as confirmed by Absolute, Computrace "survives" even if the user is reinstalling the operating system, changing hard disk or formatting over and over again (this happens when it comes preloaded to the firmware and is in the BIOS ). Permission Agent enable / disable feature, says Absolute is not removed even with flash (deletion) of the BIOS.
As we read on the Absolute website, contacting customer support is required to uninstall the software (for Greece users are referred to + 44 118 902 2004).
