Slashdot Mirror

← Back to Stories (view on slashdot.org)

BIOS "Rootkit" Preloaded In 60% of New Laptops

Posted by kdawson on from the hijacking-lojack dept.

Keldrin_1 writes "Researchers Alfredo Ortega and Anibal Sacco, from Core Security Technologies, have discovered a vulnerability in the 'Computrace LoJack for Laptops' software. This is a BIOS-level application that calls home for instructions in case the laptop is ever lost or stolen. However, what the application considers 'home' is subject to change. This allows the creation of malware capable of 'infecting the BIOS with persistent code that survive reboots and reflashing attempts.' Computers from Dell, Lenovo, HP, Toshiba, Asus, and others may be affected."

11 of 236 comments (clear)

  1. Are Sony Vaio's using this? by motherpusbucket · · Score: 5, Insightful

    Sounds like it's right up Sony's alley.

    --
    "You can't really dust for vomit" --Nigel Tufnel
  2. Not a "rootkit" when I want it by Anonymous Coward · · Score: 4, Insightful

    Just like SPTD is not a rootkit when it hides my emulated dvd from copy protection software.

    This is a popular piece of software that happens to have a potentially serious bug that the vendors and users should be demanding be fixed, but it doesn't make it a rootkit.

  3. Re:It is time by betterunixthanunix · · Score: 4, Insightful

    What if a bug is discovered in the boot code?

    --
    Palm trees and 8
  4. Re:Problem solved by oahazmatt · · Score: 4, Insightful

    I use a Macbook.

    As do I, but that does not mean that I have any delusions as it relates to security.

    There are quite a bits of exploitable code available that, if properly engineered, can do quite a bit of damage to an Apple computer. Simply because there is no Mac version of the "Melissa" virus does not mean that as a Mac user I should assume that there will never be one.

    And let's not forget the iLife torrent that had something special added to it. There are plenty of individuals attempting to prove to the general public that a Mac is no more secure than it's Windows counterpart, and it will be not a false sense of security, but a lack of personal responsibility that will assist in that.

    Opinion, obviously. Results may vary.

    --
    Those who believe the Internet is private,
    find their privates are on the Internet.
  5. Signature by Spazmania · · Score: 5, Insightful

    The pair recommended a digital signature scheme to authenticate the call-home process.

    How's that going to help? If you can replace the IP address then you can replace the certificate and signature too. If you have access to modify the BIOS flash, it's game over.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  6. Re:Problem solved by clone53421 · · Score: 3, Insightful

    We're talking about a BIOS rootkit. The BIOS runs directly on the hardware. It doesn't really care what OS you're loading, unless it has some specific reason to.

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  7. Unsigned BIOS replacement is the problem by ral · · Score: 5, Insightful

    Please tell me if I'm missing something, but isn't the real vulnerability that the BIOS can be modified with unsigned code? A BIOS that allows this can be infected with a rootkit regardless of whether the LoJack code was there.

  8. Re:60%? Really? by somecreepyoldguy · · Score: 4, Insightful

    Go into the BIOS setup, you can choose to activate the feature if you paid for the license, or deactivate a previously activated agent. Choosing disable removes the feature completely. it can NEVER come back. TFA is hype. If it is never enabled in the bios NOTHING is installed on windows.

  9. Re:60%? Really? by Desler · · Score: 3, Insightful

    Yeah, it's pretty funny that a piece of software that has nothing to do with Microsoft that gets loaded on hardware that Microsoft has nothing to do with by the OEMs themselves through a deal with a completely different company is not mentioned in a Microsoft commercial about Windows. Or actually, it's really not.

  10. Re:It is time by darksabre · · Score: 3, Insightful

    Sorry but the BIOS has not been small and simple for about 20 years. It does far more than simply launch a bootloader. New technologies have constantly been added to the BIOS and each one has added to the complexity. APM, PnP, PCI, ACPI, EPP/ECP, BBS, UEFI, PCIe etc etc. The 4MB ROM is not yet full of BIOS code, that's still only about 1.5MB give or take. However Intel boards also have code in there for their manageability engine etc. With a reasonable amount of headroom in the ROM manufacturers are looking to add value by using that available space to include new features hence this Lojack fiasco.
    OSS doesn't stand much of a chance of producing a BIOS until it has a suitably open hardware platform to go with it. So much of a BIOS is intimately connected to the hardware that without access to the full specs the hardware would be obsolete before it could be reverse engineered.

  11. Mod parent up. This is very bad. by Animats · · Score: 3, Insightful

    This is a very bad thing. A "security" product should not allow downloading of software. This is even worse. It allows hidden downloading of software not visible to the user.

    Supposedly it's delivered "turned off"? But how do you know it's turned off at startup? How do you know it wasn't turned on during operating system loading, or wasn't turned on by any of the preloaded crap that the "major PC manufacturers" preload? How do you know there isn't some way to turn it on remotely?

    No computer with this software in ROM should be used for proprietary material, legal documents, medical records regulated by the HIPPA, financial records regulated by the SEC, or anything else that might attract an opponent. If you just play WoW, go ahead.