Millions of PCs Could Be Vulnerable Thanks to Computrace

By | August 12, 2014
Print Friendly, PDF & Email

Computrace back door could make millions of PCs vulnerable

Almost all recent PCs have Absolute Computrace embedded in their BIOS. It’s a product designed to allow companies to track and secure all of their PCs from a single cloud-based console.

But researchers at Kaspersky lab have revealed that it often runs without user-consent, persistently activates itself at system boot, and can be exploited to perform various attacks and to take complete control of an affected machine.

Kaspersky Lab researchers Vitaly Kamluk and Sergey Belov along with Annibal Sacco of Core Security demonstrated the flaw in a presentation at the Black Hat 2014 conference.

Kamluk first described Comutrace’s vulnerability at a Kaspersky Security Analyst Summit in February, “The software is extremely flexible. It’s a tiny piece of code which is a part of the BIOS. As far as it is a piece of the BIOS, it is not very easy to update the software as often. So they made it very extensible. It can do nearly anything. It can run every type of code. You can do to the system whatever you want. Considering that the software is running on these local system privileges, you have full access to the machine. You can wipe the machine, you can monitor it, you can look through the webcam, you can actually copy any files, you can start new processes. You can do absolutely anything”.

Six months on Computrace is still exploitable and once it has been activated it’s very persistent and difficult to turn off. It also doesn’t enforce encryption when it communicates and doesn’t verify the identity of servers from which it receives commands, so could expose users to attacks.

The mystery is, who or what is activating Computrace? The researchers believe it may be down to manufacturers’ testing of new machines to check for Computrace compatibility. Because it’s a legitimate piece of code it’s white listed by many antivirus programs.

They conclude that whilst there’s no reason to believe Absolute Software or PC manufacturers are deliberately activating Computrace in secret, they do need to notify users of its presence and issue instructions on how to turn it off if users don’t want Absolute’s services.

Source:  BetaNews 

6 thoughts on “Millions of PCs Could Be Vulnerable Thanks to Computrace

  1. Linda

    How can one know whether or not Computrace is in the Bios of their Computer???

    Reply
    1. Terry

      I’m sure many of us are wondering the same thing, is Computrace on my computer?

      Reply
  2. Janice M

    Is anyone else out there to HELP the common consumer besides C-8 and EMSISOFT? Is there really any way we can feel SAFE on the web anymore?

    Thanks so much for keeping us informed!

    Reply
  3. Linda

    Is there any solution as to how to get rid of this??? I have tried by going into Services to no avail. Any and all suggestions would be helpful is this is leaving our computers vulnerable.

    Reply
    1. infoave Post author

      It’s something the computer manufacturers add to the system BIOS. You cannot access the BIOS from Windows. You have to access the BIOS on boot before you enter Windows and even if you access the BIOS you wouldn’t be able to tell if your computer has it.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *