BIOS "Rootkit" Preloaded In 60% of New Laptops

Keldrin_1 writes "Researchers Alfredo Ortega and Anibal Sacco, from Core Security Technologies, have discovered a vulnerability in the 'Computrace LoJack for Laptops' software. This is a BIOS-level application that calls home for instructions in case the laptop is ever lost or stolen. However, what the application considers 'home' is subject to change. This allows the creation of malware capable of 'infecting the BIOS with persistent code that survive reboots and reflashing attempts.' Computers from Dell, Lenovo, HP, Toshiba, Asus, and others may be affected."

Hmmm

P.C. Phone Home.

Re:Hmmm

[SEWilco]

If I find my PC erecting a metal umbrella then I'll worry about it.

From Mogwai to Gremlin

[CrimsonKnight13]

LoJack swiftly changes to HiJack with a good splash of water

Re:From Mogwai to Gremlin

[trevorrowe]

LoJack swiftly changes to HiJack with a good meal after midnight

There, fixed that for you. A splash of water would give you more laptops... if only ...

Re:From Mogwai to Gremlin

[TinBromide]

LoJack swiftly changes to HiJack with a good meal after midnight

There, fixed that for you. A splash of water would give you more laptops... if only ...

Yeah, but they'd all run windows ME

Re:It is time

[$RANDOMLUSER]

Busg happen. Consider the /. "write once" paradigm.

Re:It is time

[$RANDOMLUSER]

Woosh

Persistant Advertising...

[Xin+Jing]

I'm surprised that hardware manufacturers haven't made better use of persistant on-chip data. A huge opportunity exists for device firmware developers to embed advertising. Imagine installing a Sony DVD drive that detects non-proprietary discs and popups a suggestion to purchase Sony discs. It isn't too hard to imagine Sony including a special bit string on their blank DVDs that their players look for each time a disc is inserted. Or several advertising partners with products that, when present, can create an "advertising opportunity": Sony DVD, Intel cpu, Microsoft OS and D-Link router trigger a cross-market moment.

Re:No,not sony for once, here is a list

[dogfolife69]

Yea, but sony does sell the "Computrace LoJack for Laptops" for their notebooks in their Sony branded VIP Protection Suite (which include Norton NIS, Online backup and Computrace LoJack for Laptops).... But i guess in this case, you can optionally chose for this Sony RootKit.... lol

Re:It is time

[Chris+Mattern]

That's nice. "Hello, customer. There's a fatal bug in your BIOS. Of course, there's not a damn thing you can do about it, since the BIOS on this model isn't changable, but at least you know about it now."

LoJack is now

[Phizzle]

LOLjack

Re:It is time

[darksabre]

Damn, I've just wasted 15 years of my life porting BIOSes to different platforms. Thanks for telling me that it was all unnecessary. Hardware manufacturers will also be pleased to know that they can just use a smaller ROM of a few KB instead of the 4MB ROMs that are coming into use now. That will save a few pennies.

I bow before your in depth and vastly superior knowledge of the subject.

Re:Something doesn't sound right, here.

[bmwEnthusiast]

Isn't that what a rootkit is made to do? Hide from you so you have no idea its there. Otherwise they might call it an ObviousKit? /meh