Slashdot Mirror

← Back to Stories (view on slashdot.org)

BIOS "Rootkit" Preloaded In 60% of New Laptops

Posted by kdawson on from the hijacking-lojack dept.

Keldrin_1 writes "Researchers Alfredo Ortega and Anibal Sacco, from Core Security Technologies, have discovered a vulnerability in the 'Computrace LoJack for Laptops' software. This is a BIOS-level application that calls home for instructions in case the laptop is ever lost or stolen. However, what the application considers 'home' is subject to change. This allows the creation of malware capable of 'infecting the BIOS with persistent code that survive reboots and reflashing attempts.' Computers from Dell, Lenovo, HP, Toshiba, Asus, and others may be affected."

7 of 236 comments (clear)

  1. Are Sony Vaio's using this? by motherpusbucket · · Score: 5, Insightful

    Sounds like it's right up Sony's alley.

    --
    "You can't really dust for vomit" --Nigel Tufnel
  2. Not a "rootkit" when I want it by Anonymous Coward · · Score: 4, Insightful

    Just like SPTD is not a rootkit when it hides my emulated dvd from copy protection software.

    This is a popular piece of software that happens to have a potentially serious bug that the vendors and users should be demanding be fixed, but it doesn't make it a rootkit.

  3. Re:It is time by betterunixthanunix · · Score: 4, Insightful

    What if a bug is discovered in the boot code?

    --
    Palm trees and 8
  4. Re:Problem solved by oahazmatt · · Score: 4, Insightful

    I use a Macbook.

    As do I, but that does not mean that I have any delusions as it relates to security.

    There are quite a bits of exploitable code available that, if properly engineered, can do quite a bit of damage to an Apple computer. Simply because there is no Mac version of the "Melissa" virus does not mean that as a Mac user I should assume that there will never be one.

    And let's not forget the iLife torrent that had something special added to it. There are plenty of individuals attempting to prove to the general public that a Mac is no more secure than it's Windows counterpart, and it will be not a false sense of security, but a lack of personal responsibility that will assist in that.

    Opinion, obviously. Results may vary.

    --
    Those who believe the Internet is private,
    find their privates are on the Internet.
  5. Signature by Spazmania · · Score: 5, Insightful

    The pair recommended a digital signature scheme to authenticate the call-home process.

    How's that going to help? If you can replace the IP address then you can replace the certificate and signature too. If you have access to modify the BIOS flash, it's game over.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  6. Unsigned BIOS replacement is the problem by ral · · Score: 5, Insightful

    Please tell me if I'm missing something, but isn't the real vulnerability that the BIOS can be modified with unsigned code? A BIOS that allows this can be infected with a rootkit regardless of whether the LoJack code was there.

  7. Re:60%? Really? by somecreepyoldguy · · Score: 4, Insightful

    Go into the BIOS setup, you can choose to activate the feature if you paid for the license, or deactivate a previously activated agent. Choosing disable removes the feature completely. it can NEVER come back. TFA is hype. If it is never enabled in the bios NOTHING is installed on windows.