A pair of computer security researchers have discovered a BIOS vulnerability caused by the Computrace Laptop Lojack software, serving as a rootkit to potentially let malware nest and thrive in an estimated 60% of newish laptops.
The research team of Alfredo Ortega and Anibal Sacco say that when malware infects a system BIOS, it is able to survive multiple attempts to reflash the core software, and extremely difficult to get rid of. Even worse, because Lojack is white listed by virus and malware scanners, any attacks exploiting this vulnerability on a computer will largely go undetected. And for Laptop Lojack to be effective, it must operate like a stealthy rootkit. Unfortunately, it’s installed in the majority of new notebooks from HP, Asus, Dell, Lenovo and Toshiba.