Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Absolute Software Strikes Back Over Computrace Security Vulnerability Claims

Absolute Software hit back on Kaspersky Lab’s assertion that its Computrace software can be exploited by hackers.

Absolute Software hit back on Kaspersky Lab’s assertion that its Computrace software can be exploited by hackers.

Computrace is marketed as a product that can help organizations track and secure their endpoints. In a report Wednesday, Kaspersky Lab researchers said the network protocol used by the Computrace Small Agent provides the opportunity for remote code execution. The protocol does not require the use of any encryption or authentication of the remote server, opening up avenues of attack.

“The protocol doesn’t use any encryption or authorization with the remote server, which creates numerous opportunities for remote attacks in a hostile network environment,” according to Kaspersky Lab. “Although encryption seems to be added to the protocol at some later stages of communication, an attacker may utilize the basic unencrypted protocol to successfully hijack the system remotely. A typical attack on a local area network would be to redirect all traffic from a computer running Small Agent to the attacker’s host via ARP-poisoning. Another possibility is to use a DNS service attack to trick the agent into connecting to a fake C&C server.”

Absolute Software CTO Phil Gardner however called the Kaspersky Lab analysis is flawed.

“The installation process is under the full control of the Absolute Computrace administrator and once the installation is complete, the communication is secure and uses encryption as well as authentication of the host server to reject attacks as described in the Kaspersky report,” he said in a statement. “There is no clear text transmission of any data and the protocol of the full agent will reject attempts to communicate without authorization and will only communicate with mutual authentication of the server and the client.  The rebuilding process (Absolute persistence) is armed.”

“The Absolute Computrace rebuild mode cannot be forced from outside the system through an attack on a secure system via the fully installed Absolute Computrace software agent,” he added. “The discussion of ARP attacks and DNS attacks are irrelevant since the encrypted and authenticated communication of the full agent would have to be defeated first.”

It is also irrelevant that the small agent is not signed, Gardner said.

“This is for efficiency, but does not compromise the security of the system since the source of the binary is from firmware,” he said. “Modern firmware is signed as a package and the individual components do not have to be signed since the integrity of the system was verified at boot.”

Kaspersky Lab also took issue with the persistence of the software, which researchers said is difficult to remove. However, Gardner said the software does not hide from antivirus and requires an administrator’s permission to “maintain its function as a component in the security subsystem of their systems.”

In addition, Absolute Software said that for any potential attack depends upon the endpoint or other devices being compromised first.

Kaspersky Lab is not the first to raise security concerns about the software. In 2009, researchers from Core Security Technologies warned that an attacker could potentially modify the system registry to hijack callbacks from Computrace.  

Kaspersky Lab says it has no proof that Absolute Computrace is being actively used as a platform for attacks. 

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.