BIOS "Rootkit" Preloaded In 60% of New Laptops

Keldrin_1 writes "Researchers Alfredo Ortega and Anibal Sacco, from Core Security Technologies, have discovered a vulnerability in the 'Computrace LoJack for Laptops' software. This is a BIOS-level application that calls home for instructions in case the laptop is ever lost or stolen. However, what the application considers 'home' is subject to change. This allows the creation of malware capable of 'infecting the BIOS with persistent code that survive reboots and reflashing attempts.' Computers from Dell, Lenovo, HP, Toshiba, Asus, and others may be affected."

60%? Really?

[doctor_nation]

60% seems awfully high for a program I've never heard of. Not that I've been laptop shopping lately, but still.

It is time

[2names]

Can someone with some knowledge please explain to me why we can't build a machine with simple boot code that does not EVER need to be modified for the life of the hardware?

Re:It is time

[DadLeopard]

Been there, had that, in the 80s! Atari 1040ST had TOS (Tramiel Operating System) on EPROMs! Have yet to se a virus or rootkit that carried an EPROM eraser around with it, so as long as you booted up without media in the drives machine was guaranteed clean! God I miss That machine!! GEM was sweet!

Re:60%? Really?

[cachimaster]

I know it's hard to believe. When doing our research (I'm Alfredo, hi!) we couldn't find a notebook *without* the Computrace agent. It's bad.

Re:60%? Really?

[_bug_]

Any way to tell if your laptop has this "feature"?

And is there any way to disable it?

Re:Problem solved

[clone53421]

So? EFI = not-so-basic basic input/output system.

There's a mac version of LoJack. Whether or not it is installed on a Macbook would depend on whether Apple chose to preload it, I suppose. A hackintosh, OTOH, might be more likely to have it.

Re:Unsigned BIOS replacement is the problem

[coreboot]

You are assuming that the signed code can be trusted, which is a bad assumption. The signed code is from a vendor; how many vendors ship code with broken security; how many vendors would you expect to happily sign code with broken security, in the PC world? Answer: all of them :-)
This development should not be a surprise to anyone, but evidently it is. We've been trying to warn people about this possibilty for 10 years; nobody seemed to care. I am hoping they care more now.
I still feel the only solution to building PC systems you can trust is to turn to open code bases for ALL BIOS code. It's just too easy to hide some very nasty things in a 1 Mbyte binary blob.
BTW, this BIOS exploit is the tip of the iceberg. Check this one out: http://en.wikipedia.org/wiki/Intel_Active_Management_Technology. How can your work around that one? It may be the only way to build machines we can trust is to get ouf of the x86 world entirely.
ron

Re:Something doesn't sound right, here.

We buy this option on the Dells here at work. My guess is that it's more popular with larger organizations that have dedicated IT departments than it is with
Mom-and-Pop operations. You know, organizations subject to silly stuff like HIPPA, PCI, and SOX compliance.

Anecdote: We had a laptop so equipped stolen last year. With this service, they were able to locate the PC and have the local PD "retrieve" it for us.