Laptop security issue raised on anti-theft tool
Source: Agencies |
August 1, 2009, Saturday
|
Print Edition
Print Edition
A PIECE of anti-theft software built into many laptops at the factory opens a serious security hole, according to new research.
The "Computrace" software, made by Vancouver-based Absolute Software Corp, is part of a subscription service used to find lost or stolen computers.
Many people don't know the software is on their machines, but it is included in computers from the biggest PC makers.
The software is built into computers at the factory because that embeds it so deeply that even the extreme act of uninstalling won't delete it.
The software is included in a part of the computer known as the BIOS, which refers to programs used to boot the computer.
The service Absolute sells enables sensitive data to be purged remotely from a stolen machine.
The computer is still able to reach out to a specially designated Website for instructions even if a criminal is tampering with the machine.
However, research by Alfredo Ortega and Anibal Sacco with Boston-based Core Security Technologies, and presented on Thursday at the Black Hat security conference in Las Vegas, shows it can cut two ways.
If a criminal has infected a computer that has the Computrace technology, he or she can take deep control of a machine.
That's because the criminal is able to modify the settings to maintain a connection with that machine even if the operating software is uninstalled then reinstalled -- an extreme way, but sometimes the only way, to make sure a computer is cleaned of viruses.
"You have something that's pre-installed, and considered non-malicious, that you can manipulate and turn into a malicious program -- that's pretty unique," said Ivan Arce, Core Security's chief technology officer.
Arce said Absolute can fix the problem with a software update that is then pushed out to affected computers.
He said users can disable the software's ability to be a problem, but it takes some technical know-how.
"It's not hard to block once you know what to look for," Arce said.
Absolute spokesman Craig Clark said the firm would comment after Core's presentation, but then did not make anyone available.
The "Computrace" software, made by Vancouver-based Absolute Software Corp, is part of a subscription service used to find lost or stolen computers.
Many people don't know the software is on their machines, but it is included in computers from the biggest PC makers.
The software is built into computers at the factory because that embeds it so deeply that even the extreme act of uninstalling won't delete it.
The software is included in a part of the computer known as the BIOS, which refers to programs used to boot the computer.
The service Absolute sells enables sensitive data to be purged remotely from a stolen machine.
The computer is still able to reach out to a specially designated Website for instructions even if a criminal is tampering with the machine.
However, research by Alfredo Ortega and Anibal Sacco with Boston-based Core Security Technologies, and presented on Thursday at the Black Hat security conference in Las Vegas, shows it can cut two ways.
If a criminal has infected a computer that has the Computrace technology, he or she can take deep control of a machine.
That's because the criminal is able to modify the settings to maintain a connection with that machine even if the operating software is uninstalled then reinstalled -- an extreme way, but sometimes the only way, to make sure a computer is cleaned of viruses.
"You have something that's pre-installed, and considered non-malicious, that you can manipulate and turn into a malicious program -- that's pretty unique," said Ivan Arce, Core Security's chief technology officer.
Arce said Absolute can fix the problem with a software update that is then pushed out to affected computers.
He said users can disable the software's ability to be a problem, but it takes some technical know-how.
"It's not hard to block once you know what to look for," Arce said.
Absolute spokesman Craig Clark said the firm would comment after Core's presentation, but then did not make anyone available.
- About Us
- |
- Terms of Use
- |
-
RSS - |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 娌狪CP璇侊細娌狪CP澶05050403鍙-1
- |
- 浜掕仈缃戞柊闂讳俊鎭湇鍔¤鍙瘉锛31120180004
- |
- 缃戠粶瑙嗗惉璁稿彲璇侊細0909346
- |
- 骞挎挱鐢佃鑺傜洰鍒朵綔璁稿彲璇侊細娌瓧绗354鍙
- |
- 澧炲肩數淇′笟鍔$粡钀ヨ鍙瘉锛氭勃B2-20120012
Copyright 漏 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.
