Slashdot Mirror

← Back to Stories (view on slashdot.org)

BIOS "Rootkit" Preloaded In 60% of New Laptops

Posted by kdawson on Friday July 31, 2009 @03:45AM from the hijacking-lojack dept.

Keldrin_1 writes "Researchers Alfredo Ortega and Anibal Sacco, from Core Security Technologies, have discovered a vulnerability in the 'Computrace LoJack for Laptops' software. This is a BIOS-level application that calls home for instructions in case the laptop is ever lost or stolen. However, what the application considers 'home' is subject to change. This allows the creation of malware capable of 'infecting the BIOS with persistent code that survive reboots and reflashing attempts.' Computers from Dell, Lenovo, HP, Toshiba, Asus, and others may be affected."

3 of 236 comments (clear)

Min score:

Reason:

Sort:

Are Sony Vaio's using this? by motherpusbucket · 2009-07-31 03:47 · Score: 5, Insightful

Sounds like it's right up Sony's alley.

--
"You can't really dust for vomit" --Nigel Tufnel
Signature by Spazmania · 2009-07-31 04:05 · Score: 5, Insightful

The pair recommended a digital signature scheme to authenticate the call-home process.
How's that going to help? If you can replace the IP address then you can replace the certificate and signature too. If you have access to modify the BIOS flash, it's game over.

--
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Unsigned BIOS replacement is the problem by ral · 2009-07-31 04:11 · Score: 5, Insightful

Please tell me if I'm missing something, but isn't the real vulnerability that the BIOS can be modified with unsigned code? A BIOS that allows this can be infected with a rootkit regardless of whether the LoJack code was there.