02-12-2014 04:05 PM
Researchers are warning that legitimate anti-theft software, impacting millions of users with the activated installation on their computers, leaves systems vulnerable to remote hijack.
On Wednesday, Kaspersky Lab's security team published a report on Absolute Computrace, a product developed by Austin, Texas-based Absolute Software which “allows organizations to persistently track and secure all of their endpoints within a single cloud-based console,” the product page for the software says.
According to Kaspersky researchers, however, it's the fact that Absolute's tracking software is pre-installed in the firmware of laptops and desktops, and difficult to remove or disable for users, that makes its security flaws that much more concerning.
The report said that remote takeover of impacted systems was possible through a number of avenues.
“The protocol used by the [Computrace] Small Agent provides the basic feature of remote code execution,” the report said. “The protocol doesn't use any encryption or authorization with the remote server, which creates numerous opportunities for remote attacks in a hostile network environment.”
While Kaspersky hasn't seen any evidence of Computrace's weaknesses being used to carry out attacks, the researchers found that an attack on a local area network via address resolution protocol (ARP) poisoning (where a saboteur redirects all traffic from a computer running the software to their own control hub) was possible.
Another attack method could entail a domain name system (DNS) service attack “to trick the agent into connecting to a fake [command-and-control] server,” the report said.
Kaspersky Lab estimates that the vulnerable Computrace software may be activated on more than 2 million computers around the global, with the majority of computers located in the U.S. and Russia.
02-13-2014 02:52 PM
The developer of the Computrace anti-theft mechanism shipped with millions of PCs which was recently claimed to be vulnerable to remote hijacking has rubbished the report as inaccurate and based on old research.
Absolute Software chief technology officer Phil Gardner told iTnews the Computrace analysis by security vendor Kaspersky was flawed, and his company had not been contacted to verify the findings.
Allowing vendors whose products are affected time to test and remedy problems before publication is the customary process for newly-discovered security issues.
"We’ve reviewed the report ... and we are unable to determine how Kaspersky was able to reach the conclusions they provide," Gardner said.
Kaspersky had found the software could be compromised remotely and used to hijack devices and wipe them.
Gardner said there was no transmission in clear text of any data and the software agent requires authentication. Nor can external attacks take place as the communication is encrypted and authenticated - the encryption would have to be broken first, Gardner said.
He said Computrace does not hide itself from anti-virus software, nor is it a root kit that rejects an administrator's commands to stop functioning or be deleted.
Computrace is only pre-activated under certain scenarios when the customer requests it as a time-saving measure, the company states. It cannot be activated without a customer's knowledge and is always under the control of an administrator.