Laptop Lojack Vulnerability Exposed, Affects 60% Of New Notebooks
A pair of computer security researchers have discovered a BIOS vulnerability caused by the Computrace Laptop Lojack software, serving as a rootkit to potentially let malware nest and thrive in an estimated 60% of newish laptops.
The research team of Alfredo Ortega and Anibal Sacco say that when malware infects a system BIOS, it is able to survive multiple attempts to reflash the core software, and extremely difficult to get rid of. Even worse, because Lojack is white listed by virus and malware scanners, any attacks exploiting this vulnerability on a computer will largely go undetected. And for Laptop Lojack to be effective, it must operate like a stealthy rootkit. Unfortunately, it’s installed in the majority of new notebooks from HP, Asus, Dell, Lenovo and Toshiba.
Moral of the story: find a new way to get your stolen laptop back. [ZDnet via Slashdot]
- Next Post: FCC’s Now Investigating Apple For Google Voice Shenanigans »
- « Previous Post: Homemade Asus Eee Keyboard Has No Screen, Plenty Of Heart
Comments (AU Comments | US Comments)
I work for Absolute Software. Absolute reviewed the research paper and the claims that there’s a vulnerability in Computrace or Computrace LoJack for Laptops are without merit and systems are secure:
- The Computrace BIOS module does not allow a special undetected path into the operating system. It is not a rootkit.
- In order for the Computrace BIOS module to work, it is activated by the end-user customer, not the computer manufacturer, upon receipt of the computer and activation of Absolute Software’s products.
- The Computrace BIOS code alleged in the article to have this vulnerability is old code that was not officially released into a BIOS and, to Absolute’s knowledge, has never been active in the BIOS of any computer.
- If a malicious attacker were able to alter the BIOS code, any popular anti-virus software would alert the customer.
- The Computrace BIOS module currently on the market is not susceptible to the risks claimed in the article and therefore none of our customers are at risk for this specific type of attack.
Absolute has issued a statement to the public, refuting these claims and explaining their position at length here: http://www.absolute.com/company/pressroom/news/2009/07/refutes_claim
This is not going to be a good news for all laptop brand owner listed above, including me with a Dell Inspiron laptop. Since we now the bad effects of this malware, do we have any prevention methods for it?