Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Pre-installed Computrace Software Could be Used to Hijack Computers: Kaspersky Lab

Security researchers at Kaspersky Lab claim in a new report that the Computrace agent residing in the firmware of many popular laptop and desktop computers can be used as a springboard for attackers.

Security researchers at Kaspersky Lab claim in a new report that the Computrace agent residing in the firmware of many popular laptop and desktop computers can be used as a springboard for attackers.

Made by Absolute Software, Computrace is marketed as a product that can help organizations track and secure their endpoints. The Computrace agent resides in the firmware of devices, making it difficult to remove.

According to Kaspersky Lab, Computrace uses many tricks popular among malicious software. For example, it uses anti-debugging and anti-reverse engineering techniques, injects memory into other processes and keeps configuration files encrypted. The network protocol used by the Computrace Small Agent provides basic features for remote code execution. The protocol does not require the use of any encryption or authentication of the remote server, opening up avenues of attack.

“Although encryption seems to be added to the protocol at some later stages of communication, an attacker may utilize the basic unencrypted protocol to successfully hijack the system remotely,” according to the Kaspersky Lab report. “A typical attack on a local area network would be to redirect all traffic from a computer running Small Agent to the attacker’s host via ARP-poisoning. Another possibility is to use a DNS service attack to trick the agent into connecting to a fake C&C server. We believe there are more ways to accomplish such attacks, though this is beyond the scope of the current research.”

“Powerful actors with the ability to tap fiber optics can potentially hijack computers running Absolute Computrace,” said Vitaly Kamluk, principal security researcher for the Global Research and Analysis Team at Kaspersky Lab, in a statement. “This software can be used to deploy spyware implants. Our estimate is that millions of computers are running Absolute Computrace software and a large number of the users might be unaware that this software is activated and running. Who had a reason to activate Computrace on all those computers? Are they being monitored by an unknown actor? That is a mystery which needs to be solved.”

Kaspersky Lab says it has no proof that Absolute Computrace is being used as a platform for attacks. However, this is not the first time security concerns have been raised about the product. In 2009, researchers from Core Security Technologies warned that an attacker could potentially modify the system registry to hijack the callbacks from Computrace. At the time, Absolute Software denied it was an issue.

In response to the Kaspersky Lab report, Absolute Software Vice President of Global Marketing Stephen Midgley said the company is reviewing the report and will offer a detailed response in the future.

“All major anti-malware software vendors recognize the Absolute client implementation as safe, legitimate technology that improves the security of the endpoint – hence our status as a white-listed vendor,” he said.

Kamluk called for Computrace to use authentication and encryption in order to better secure the product.

Advertisement. Scroll to continue reading.

“It’s clear that if there are a lot of computers with Computrace agents running, it is the responsibility of the manufacturer to notify users and explain how the software can be deactivated and disabled,” he said. “Otherwise, these orphaned agents will keep on running unnoticed and provide a possibility for remote exploitation.”

Midgley noted that the software has been reviewed and implemented by numerous organizations around the world.

“Absolute currently has over 30,000 active customers representing all industries including corporate, healthcare, government, and education – from Fortune 500 to individuals,” he said. “Computrace has been successfully deployed and actively protecting millions of devices, without compromise, for 20 years.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.