Slashdot Mirror
BIOS "Rootkit" Preloaded In 60% of New Laptops
Keldrin_1 writes "Researchers Alfredo Ortega and Anibal Sacco, from Core Security Technologies, have discovered a vulnerability in the 'Computrace LoJack for Laptops' software. This is a BIOS-level application that calls home for instructions in case the laptop is ever lost or stolen. However, what the application considers 'home' is subject to change. This allows the creation of malware capable of 'infecting the BIOS with persistent code that survive reboots and reflashing attempts.' Computers from Dell, Lenovo, HP, Toshiba, Asus, and others may be affected."
P.C. Phone Home.
Sounds like it's right up Sony's alley.
"You can't really dust for vomit" --Nigel Tufnel
60% seems awfully high for a program I've never heard of. Not that I've been laptop shopping lately, but still.
Can someone with some knowledge please explain to me why we can't build a machine with simple boot code that does not EVER need to be modified for the life of the hardware?
"I'm just here to regulate funkiness."
LoJack swiftly changes to HiJack with a good splash of water
Libera te ex Inferis!
I use a Macbook.
Seriously, why did I get a Gateway in the first place?
Just like SPTD is not a rootkit when it hides my emulated dvd from copy protection software.
This is a popular piece of software that happens to have a potentially serious bug that the vendors and users should be demanding be fixed, but it doesn't make it a rootkit.
Macbooks will give you teh gay, which I guess is not a problem if you already smoke teh cock.
I know it's hard to believe. When doing our research (I'm Alfredo, hi!) we couldn't find a notebook *without* the Computrace agent. It's bad.
Cmon, it's a rootkit BY DESIGN, so it can't be wiped off the laptop easily.
Sheesh.
Someone should do a car analogy for this...
Sent from your iPad.
I was just thinking the same thing. Considering that the list of models with this stuff in the BIOS doesn't include Acer, who ship more laptops than anyone else, or HP, or several other big players, I'm a bit sceptical of that figure. Still the list is quite extensive, I'm a bit surprised I haven't heard of this.
Oh no... it's the future.
Recommending changing name to MIOS.
Malicious Input Output System.
Ok, so it does include HP. It's been a long day, and I go home in 3 minutes.
Oh no... it's the future.
"the duo demonstrate methods for infecting the BIOS with persistent code that survive reboots and reflashing attempts"
Where exactly is the code stored, that survives reboots?
Don't people specifically BUY low jack for laptops, or does it come pre installed and you pay to activate it?
It clearly has bugs, but I thought the hard/impossible to remove was considered a feature of the software?
You mad
Any way to tell if your laptop has this "feature"?
And is there any way to disable it?
Just to let you know my position;
I have a dell laptop and every laptop I have had for the last three years has had the Computrace option in the bios. It comes neither active or deactivated once you make a choice its irreversible (the Bios alerts you to it). Once activated no matter if you rebuild the laptop it will reapply the 'Feature', what is alarming is that the feature as of late is Geolocation aware in some incarnations. I would like the option to have a BIOS patch remove the feature for good as it appears that it may be compromised.
It also doesnt seem to be too hard to circumvent for the professional thief who may just use Dells service tools to change the asset tag.
1. How can I determine if a laptop has this?
2. Are their any workarounds? Fixes? Can it/Should it be disabled?
Lou
So, the idea was to load "sleeper" software by default on all these machines? Is the URL associated with this "service" always at the same memory location? It shouldn't be that hard for a Malware author to check for this BIOS and try to change the address. Who feels like being monitored by criminals? 10% off sale price?
The pair recommended a digital signature scheme to authenticate the call-home process.
How's that going to help? If you can replace the IP address then you can replace the certificate and signature too. If you have access to modify the BIOS flash, it's game over.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
From the Lojack compatibility list here is a list of company:
ASUS, Dell Fujitsu, GammaTech, Gateway, GD Itronix, Getac, HP, Lenovo,,Motion, Panasonic, Toshiba
You can find a list of models on the "bios compatibility list"
Please tell me if I'm missing something, but isn't the real vulnerability that the BIOS can be modified with unsigned code? A BIOS that allows this can be infected with a rootkit regardless of whether the LoJack code was there.
I'm surprised that hardware manufacturers haven't made better use of persistant on-chip data. A huge opportunity exists for device firmware developers to embed advertising. Imagine installing a Sony DVD drive that detects non-proprietary discs and popups a suggestion to purchase Sony discs. It isn't too hard to imagine Sony including a special bit string on their blank DVDs that their players look for each time a disc is inserted. Or several advertising partners with products that, when present, can create an "advertising opportunity": Sony DVD, Intel cpu, Microsoft OS and D-Link router trigger a cross-market moment.
You'll have to load your laptop into BIOS, it's one of the options listed. I set the option to completely disable it. That doesn't mean that someone could somehow modify code to turn it on, and report it to their site.
Go into the BIOS setup, you can choose to activate the feature if you paid for the license, or deactivate a previously activated agent. Choosing disable removes the feature completely. it can NEVER come back. TFA is hype. If it is never enabled in the bios NOTHING is installed on windows.
Good thing this doesn't come on the cheap models, I bought a cheap-as dirt ($300 new, not a netbook) Toshiba laptop that is a L305-S5955 and thankfully it doesn't have this "feature" but I feel like I dodged a bullet with this one.
Taxation is legalized theft, no more, no less.
Why can't computer manufacturers just sell clean working laptops with clean Windows installs plus drivers on a basic BIOS that just includes a few items like which drive to boot from and a hard drive corruption check? It's getting a little bit ridiculous. There are several dozen crapware programs on most mass-market laptops, then you've got the root-kit BIOS, apparently, and the trusted computing module (And to this day no one has really been able to adequately explain to me what features the TCM gives me despite it's ubiquity). I know laptops are getting cheaper, but they are also getting more and more aggravating in some ways.
This BIOS issue is more annoying than the crapware thing, really, because at least crapware can be removed in the control panel (Well, usually, I've seen a program or two refuse to uninstall) or through my computer, but a BIOS flashing is beyond most people's level of technical expertise. It's not anything else technological these days, it seems like, from software to hardware, we're told what we want and then "given" it and have no say in the matter, even if we like the old way better.
Computrace comes loaded in the bios of all of my Dell Latitudes. It is "inactive" until you turn it on in the BIOS. Once activated, there is no way to disable it.
There is a one time license fee to register the Computrace machine on their website. It uses IP based location. Windows will recognize the computrace hardware and install a "Generic USB HUB" driver for it (thanks MS). It must also interface with WMI in some way, as the website will also pull up some details on the computer's specs.
Once you flag the machine as stolen, Computrace (the company) tries to track it down. If they are unable to return your laptop within a certain amount of time (30 days I believe) they pay out 70% of the value of the laptop.
It is indeed hard to believe. As far as I've been able to tell, even in the laptops where it ships, it defaults to disabled. You must actively enable it in the BIOS for it to do anything at all. And it is certainly easily possible to get laptops without it - I just did from HP, two different ones.
Disable only works if the product was never activated. if the BIOS is set to active, AND the client software on the machine contacts the servers for Computrace, and verifies it should be licensed, then it "flips a switch" in that BIOS setting, and you can NEVER disable it again.
They need to write to the software, or else the software will always try to contact them, and then anyone could track any laptop with a supeana, ruining their business model.. Instead, it has to be "turned on".
Also, this software in the BIOS does not actually contact anyone directly. All the BIOS level crap does is forcibly try to re-install the agent software under windows. This could get ugly, if you update the BIOS, to try to force it to install a different program every time someone reloads windows...
Of course, I wonder what happens if I buy an "off lease" laptop, that was at one point activated...
What are we going to do tonight Brain?
Are you saying that this is a BIOS-level process that only introduces a Windows vulnerability? So Linux users and Hackintoshers are safe?
Some get money for putting crapware on their systems. However, the one thing I hate more are the annoying OEM branded programs. Ok, sure, I want a CD burner that can burn ISOs, however I don't want a TOSHIBA (R) DISK BURNER, even though its a decent disk burning program, I hate OEM branded stuff, I buy a computer, I'm smart enough to know theres very little difference between this Toshiba and a similarly equipped Compaq. The OEM branded wallpapers also annoy me, yes, I know what computer I bought. It says so everywhere on the machine, it doesn't matter. I don't need OEM wallpapers.
But, that is what happens when you get a system designed by a marketing department...
Taxation is legalized theft, no more, no less.
First off, the 'feature' comes on a lot of laptops. Doesn't mean its enabled. You have to request it to be enabled in order for it to come from factory with it actually turned on.
If you don't turn it on, it doesn't do anything, no phone home, no remote wipe, no tracking.
Guess what, same thing applies to Blackberrys, and iPhones, and cars with LoJack that have remote shutoff. For every feature there is a potential risk, thats the way the world works.
If you want the potential to remotely locate/track and wipe a laptop or PC, then you also get the potential that someone else can do it as well.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Since most laptops come with Windows, and, well, you get my drift...
oh, that's right, those aren't BIOS rootkits, nevermind. Makes all the difference.
Though I don't much care if my nachine is compromised in pre-execution or later. All the same crap to me.
I wonder if the bad guys have bothered to monitor LoJack transmissions for cars. At least you'd know where the cops are, and could plan to be elsewhere...
deleting the extra space after periods so i can stay relevant, yeah.
When doing our research we couldn't find a notebook *without* the Computrace agent.
You didn't look very hard then, did you? Acer don't have CompuTrace and finding one of their notebooks is hardly challenging. According to the most recent data from NPD's DisplaySearch, Acer has the second largest unit-volume market share, with 16% of the global notebook shipments (excluding netbooks) to themselves.
Obviously you know that, because as the ZDNet article based on your presentation stated, fully 40% of all new notebooks don't include Computrace. With nearly half of notebooks not including the technology, it's obviously pretty darned easy to find a notebook without Computrace. Polemic statements like that still don't do your credibility any good, though.
They do. Its not enabled from the factory. You have to pay extra to get it to actually work. It is completely hidden to the OS unless enabled in the BIOS at boot time.
I realize you just read some FUD kdawson forwarded for us, but you have to take extra steps to make this software work. Out of the box there is nothing to do, you don't have to 'remove it', when the BIOS transfers control it is for all intents and purposes not available.
It is an optional feature, like traction control on your car or overdrive, you just turn it off.
If you don't want it enabled the solution is REAL simple, don't buy a laptop with computrace installed. There are plenty out there without it.
To use a car analogy, can you go to a dealership and buy a car without an engine? No. But you can find a car without air conditioning, if you put a little effort into it (depending on where you live, air conditioning may be an option rather than standard so bear with the analogy).
When you buy mass market cookie cutter products in order to get a lower price than you don't get to specify the exact specifications yourself, you take one of the options you are given as you have to choose what most people want.
If you want to pick anything you want then you have to build it yourself, which is FAR more expensive.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
They have every DV/TC-model of HP Laptop listed - I used to specifically work on all DV/TC/NC/NX models, I've NEVER ONCE seen this in BIOS during any of my repairs. NEVER. Also, this software was never listed in part of HP's troubleshooting guides, and that usually means that feature is not there.
I rebooted my laptop (DV9000, full featured loaded with every possible thing offered) and this 'rootkit' in BIOS is nowhere to be found, at all. Not on my friend's DV2000. Not on the new TC4400 I have in my art room.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Yea, but sony does sell the "Computrace LoJack for Laptops" for their notebooks in their Sony branded VIP Protection Suite (which include Norton NIS, Online backup and Computrace LoJack for Laptops).... But i guess in this case, you can optionally chose for this Sony RootKit.... lol
Successful Slashdot troll is, err, successful.
A list of participating manufacturers is right there on the company's web site: http://www.absolute.com/partners/bios-compatibility
My company recently investigated the LoJack system after one of our laptops got stolen. It's impressive technology. The sales rep talked up how "fortunate" they were to get the cooperation of many BIOS implementations from the folks who make BIOSes. I don't think that's fortune at all -- it's a corporate deal. Whatever.
It's common but not all-pervasive. (yet?) I looked for my laptop on the list and didn't find it, though, so it's not exactly all-pervasive. It's intended for corporations and individuals who want it.
While the inclusion of this feature into many BIOSes is kinda creepy, I'm not terribly unsettled by it. It does, however, make me want to pursue the open BIOS initiatives.
*sigh* Isn't there some way we could have a "write-only" jumper that locks the chip from being flashed or modified?
LOLjack
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
Well, once upon a time, that was the case :
In case of bug you needed either to move the BIOS chip to a separate flasher, or at least use a hardware switch on the motherboard to switch between 5v and 12v to enable BIOS chip flashing.
Nowadays, even Windows applications can write to the BIOS without any peculiar form of control. No switch at all involved.
BIOS rootkits were just bound to happen. What makes it even easier for rootkits, is that 90% of all PC uses the same brands of BIOS and those BIOS are designed in a modular fashion making it easy to add a "rootkit" modules without needing the re-create a whole new BIOS (see example of how to add an embed FreeDOS inside an Award BIOS).
That pretty much stupid : Most motherboard have a couple of bugs fixed during the first couple of months. Then there's mostly no need to reflash the BIOS, except for supporting newer CPUs, etc... which would require opening the case and accessing the motherboard anyway. But for the whole lifetime of the BIOS, it remains completely writeable even from user-space application from within highly insecure OSes.
Hardware "write-protection" switches for BIOSes should be reintroduced. Simple fix for a simple problem.
Instead you can stay sure that the manufacturers and Microsoft are going to require several layers of TPM and similar forms of DRM in BIOS which won't even guaranty that BIOSes would be protected from bugs.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I have worked with Computrace at one of my previous companies, and I always knew it was total crap.
It doesn't even work as advertised most of the time and defeating it is so simple a 5 year old with some skill could do it.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
"Of course, I wonder what happens if I buy an "off lease" laptop, that was at one point activated..."
The Original Vendor (DELL, IBM, etc) has the ability to reset activation state.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
I've had 4 laptops in the past few months, and none of them had any BIOS options resembling anything like that... maybe I just got lucky?
...at least on my Dell.
There's option to enable it permanently, meaning it cannot be disabled again.
So number of affected laptops is far from 60%.
60% may be vulnerable, but it is a bald faced lie to say that 60% are preloaded with a rootkit.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
It's funny, reading this article all I can think about are those Microsoft commercials where the customer wants to buy a laptop under $1500, and wants to get the best deal. They don't mention that the deal includes a pre-installed BIOS rootkit just waiting to be activated by a zero-day Windows exploit.
It doesn't hurt to be nice.
One of our BIOSes is broken, because I can turn my copy off on a whim. Perhaps its because my bios requires an admin password? I donno, but I have no problem disabling it. Perhaps its not really disabled?
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
And if it's enabled, will anything happen under Linux? Is there even a Linux client, so I can consider whether to buy the service?
It's offered really cheaply on a bunch of Dells. The program calls home and reports its IP address when activated after being stolen. I doubt if the police are going to do anything with the report of an IP address on a stolen used computer that might be worth $1000 (probably less). All the cops are going to tell you to do is a) use a cable lock in the future b) don't leave the machine in your (car, house, office, etc.) in plain sight and c) call your insurance company. In most cities, cops don't even investigate stolen cars. The original lojack for cars (identifier beacons) might have been useful in a couple of cases, but lojact for computers is almost a complete waste of money. Better off investing in a) a cable lock, b) computer cover and c) insurance.
... is that it allows for malicious code to be uploaded to the machine and the modifications will survive re-flashing and drive wipings. That is a HUGE glaring vulnerability right there and it might not even matter if you enable or disable the feature, if you use it, or if it is able to be disabled/enabled once set. The article does not mention whether it is necessary for it to be enabled, so lets assume it is not. It is not too much of an imagination stretch to envision malware that is able to upload change to the BIOS from the desktop that include the necessary settings for a successful attack. This is bad. Very bad.
The eternal struggle of good vs. evil begins within one's self.
Yeah, it's pretty funny that a piece of software that has nothing to do with Microsoft that gets loaded on hardware that Microsoft has nothing to do with by the OEMs themselves through a deal with a completely different company is not mentioned in a Microsoft commercial about Windows. Or actually, it's really not.
The point is that it makes it super easy...all the police have to do is show up. Lojack provides evidence and testifies, if necessary. Police are working with a company they're used to working to.
After all, they care about noise complaints.
That said, I still think a cable lock is a ripoff
posted primarily to undo moderation that /.'s fucking AJAX put in for me.
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
At least on Dell laptops, there is a method of disabling CompuTrace after activating (or re-enabling it once "disabled permanently") by erasing the contents of a certain EEPROM chip...
> This is a BIOS-level application that calls home for instructions in
> case the laptop is ever lost or stolen. However, what the application
> considers 'home' is subject to change.
Reminds me of an old cartoon where two people are standing right outside a bank's new, mighty vault. One's pointing at 3 foot hole in the wall with a plug lying on the floor, "...and that's the escape hatch in case someone gets locked in."
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
The article isn't really clear how the malicious code would be initially installed.
Does the user have to run an executable that flashes the BIOS? Do you need root access?
Please explain to me how this works.
This BIOS 'switch' - how exactly is that flipped? CMOS is not permanent, NVRAM is not permanent, RAM is not permanent. The only permanent storage are removable devices such as hard drives, and the BIOS itself. The BIOS is usually protected physically (jumper) and isn't a 'volatile' storage means anyways. Also, from my understanding, this isn't something that can be reprogrammed on the fly - it has to be done in "real mode" and is done on a block level, rather than bit level (just like programming any other chip).
I just either lack the magic clue that tells me how this is possible, or this isn't possible at all.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
You're not missing any clues; it's just impossible.
My Dell Inspiron 6000's last BIOS update (several years ago) came with some Computrace back-end stuff, with the aforementioned options for on, off, and disable. On and disable are both "permanent" options.
Which is really interesting, if you follow the timeline: The feature wasn't wasn't there at all to begin with. And then, I flashed it in. And now, it says its permanent. Uh - yeah, right.
If I set it to "on" or "disable", it'll just flip a bit somewhere, and/or do some magic crypto, and flash that result into a region of BIOS.
But, it's still all just flash. It can still be erased, and then it can be rewritten. The BIOS might not support doing this on its own (for reasons which might range from management to marketing), but that doesn't mean that it's something that cannot be accomplished with other tools.
Kid-proof tablet..
So if this is on the bios and works with an installed program on the machine, isn't it feasible to pull the HDD and replace it?
As for the bios, like was said, it may get ugly.
If it's active, there is probably some way to shut it off...
I got my dell about 8 months back. The sound didn't work at first and i went to the bios and saw some option that allows for the laptop to be tracked. I guess this is it. Is the laptop still vulnerable even if this feature is turned off? Mine came with it turned off as default. Maybe you gotta pay extra for it, i dunno.
Including Windows means the laptop is not clean.
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
Perhaps they have some form of WORM memory? However, given the example of a machine that never had the feature until a BIOS update, I'm guessing it's just tucked away somewhere in the regular BIOS memory.
And then, I flashed it in. And now, it says its permanent. Uh - yeah, right.
If I set it to "on" or "disable", it'll just flip a bit somewhere, and/or do some magic crypto, and flash that result into a region of BIOS.
Of course you could disable it. But that's not the point.
There seems to be a prevalent view on /. that because a security system can be disabled, it always will be and is therefore pointless. But anyone who's got enough knowledge to know about the existence of this is probably not a junkie that steals laptops left alone for a minute on the train. And that's what the great majority of petty theft is.
"Of course, I wonder what happens if I buy an "off lease" laptop, that was at one point activated..."
Don't run Windows, excepting virtual instances.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Yup, just like Daemon tools (or at least the part that does the actual emulation) is very rootkit-like technically, as long as it does what the user wants it isn't a rootkit. Although it must be said that if the software (due to a bug or something) ends up in a state where it doesn't do what the legitimate user wants and doesn't allow him to remove it, it can become a rootkit and that is something that software developers should try to avoid. Perhaps splitting the software in two parts, one that can only remove the software under proper authentication and the other to do the actual work that is designed in such a way that whatever happens to it it can never overwrite the first part, would help.
Go into the BIOS setup, you can choose to activate the feature if you paid for the license, or deactivate a previously activated agent. Choosing disable removes the feature completely. it can NEVER come back. TFA is hype. If it is never enabled in the bios NOTHING is installed on windows.
So, if I want to steal a laptop and I'm afraid of this Lojack thing, all I have to do is simply disable it in the BIOS and the laptop will never phone home? Doesn't this kind of defeat the purpose of Lojack in the first place?
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
The title is VERY MISLEADING.
I've got a few Dell laptops that are friggin ancient in my book (aka single core) and they have computrace settings in the bios.
Get into your bios and disable it, if you have no intention of using it.
Sos groso, sabelo.
I imagine it's a fuse/bit. You have to be able to prevent the laptopknapper from disabling or flashing your BIOS in order for it to be an effective security measure.
Computrace (R)
Disable - Deactivate - Activate
This field lets you Activate or Disable the BIOS module interface of the optional Computrace (R) Service from Absolute(R) Software. The Computrace agent from Absolute Software is a service solution designed to help track assets and provide recovery services in the event the notebook is lost of stolen. The Computrace agent communicates with the Absolute Software Monitoring Server at programmed intervals to provide the tracking service. By activating the service, you consent to the transmission of information from and to your computer and the Absolute Software Monitoring Server. The Computrace service is purchased as a separate option and the monitoring Server will enable its agent security module through an interface provided by the BIOS. The Computrace tracking agent can only be used in the US, UK, Canada and Australia. Computrace(R) and Absolute(R) are registered trademarks of Absolute Software Corporation.
Disable = Permanently block the Computrace module interface.
Deactivate = Block the Computrace module interface (Default).
Activate = Permit the Computrace module interface.
The Absolute Anti-Theft solution is Disabled. You cannot change the setting.
# tpm module killall: blacklist tpm_infineon blacklist tpm blacklist tpm_bios
It loads up to communicate using the tpm i should know i just spent mths trying to find why my box was bouncing packets of a particular ip .. so under linux you just blacklist the 3 tpm modules .....
so you think it all takes place at bios level?? thats bs
This is a very bad thing. A "security" product should not allow downloading of software. This is even worse. It allows hidden downloading of software not visible to the user.
Supposedly it's delivered "turned off"? But how do you know it's turned off at startup? How do you know it wasn't turned on during operating system loading, or wasn't turned on by any of the preloaded crap that the "major PC manufacturers" preload? How do you know there isn't some way to turn it on remotely?
No computer with this software in ROM should be used for proprietary material, legal documents, medical records regulated by the HIPPA, financial records regulated by the SEC, or anything else that might attract an opponent. If you just play WoW, go ahead.
Ever hear of a fusible link? It's conceivable that a small fuse is blown upon activation, and then the connection that fuse made is tested to see if it should be active. Write-Once, Read-Many (WORM) memory.
ERROR: SIG NOT FOUND (A)bort, (R)etry, (F)ail?:
Well, I did - but I didn't apply it to BIOS. (I only know of them in the context of microcontrollers)
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
No, I don't think I can disable it. I can only issue an instruction to a computer which is described as disabling the function permanently, but that doesn't exactly mean anything important.
Here's the scenario:
I "disable" it, the appropriate bits are written into the flash ROM on the motherboard, and it appears to be disabled.
Later, something else comes along, and writes different bits into the flash ROM. And then it's not disabled anymore.
(And, whatever the case, the default is "off," which should at least forestall any white hat usage of the thing without user intervention. Emphasis on "should" and "white hat". It's Really Fucking Important to maintain a certain level of mistrust when it comes to considering such matters.)
And, whatever the case: I don't think it even matters at that point. The thing still needs some software support in order to work, and the package which includes that software can fairly easily modify the BIOS to include whatever small bit of code the programmer decides should be there.
There's well-documented, reliable, and easy methods for inserting your own code into BIOS to initialize a SCSI card, perform a network boot, or change the Energy Star logo, and there's no reason at all why these same methods cannot be used purposes other than those I just listed -- including, of course, quietly inserting malicious backdoors.
Kid-proof tablet..
Ok, so: Blow the fuse upon either activating or disabling it.
And then, something else comes along and changes the code that looks for the status of that fuse.
Ever hear of a video game crack? This sounds trivial, by comparison.
Kid-proof tablet..
So, bottom line - I don't imagine people owning Vaios long enough for them to be too problematic. They'll be in the shop being repaired every six months!
My vaio desktop is 10 years old; A solid computer and still used regularly. Did the VAIO brand go to shit while I was under a rock?
TCM has roots in a paper called "Programming Satan's computer" the first paragraph of the conclusion is this ...
We have tried to give an accessible introduction to the complex and fascinating
world of cryptographic protocols. Trying to program a computer which is under
the control of an intelligent and malicious opponent is one of the most challenging
tasks in computer science, and even programs of a few lines have turned out to
contain errors which were not discovered for over a decade.
The second sentence tells you what TPM is for; hint: it's not for you.
Please read the paper. The configuration is saved in NVRAM and there are many ways to reverse it. We even found a software-only way.
Never say never.
I work for Absolute Software. Absolute reviewed the research paper, and the claims that there's a vulnerability in Computrace or Computrace LoJack for Laptops BIOS module are without merit and systems are secure:
- The Computrace BIOS module does not allow a special undetected path into the operating system. It is not a rootkit.
- In order for the Computrace BIOS module to work, it is activated by the end-user customer, not the computer manufacturer, upon receipt of the computer and activation of Absolute Software's products.
- The Computrace BIOS code alleged in the article to have this vulnerability is old code that was not officially released into a BIOS and, to Absolute's knowledge, has never been active in the BIOS of any computer.
- If a malicious attacker were able to alter the BIOS code, any popular anti-virus software would alert the customer.
- The Computrace BIOS module currently on the market is not susceptible to the risks claimed in the article and therefore none of our customers are at risk for this specific type of attack.
Absolute has issued a statement to the public, refuting these claims and explaining their position at length here: http://www.absolute.com/company/pressroom/news/2009/07/refutes_claim
Absolute refutes the claims of BIOS vulnerability:
http://www.absolute.com/company/pressroom/news/2009/07/refutes_claim
I have 4 laptops (2 Dell, 1 Compaq, 1 HP). They've been purchased at various times over the last 6 years, and not one of them has the option to enable this. The Dells are model M50 and M70 (business laptops), the HP is an 8530w (also a business laptop), and the Compaq is some random shitty home model I can't recall right now. Not one of them has an option to enable or disable this in the bios, and the older Dell and Compaq don't even have a TPM module. 60% just seems like a bullshit number to me. Maybe they meant 6%?
(yes I know anecdotal != fact)
Google is your friend,
http://www.absolute.com/company/pressroom/news/2009/06/Absolute-Acer-IntelAT
Acer also have computrace, in fact it has the newer version, probably more secure. In fact, some Sony models also have it. Look for "ABSOLUTE" in a dmidecode dump. I think that most Netbooks don't have it, bot we don't have every notebook model to check.
Is disabled, yes. How do you know that? did you read the source? it's closed. If you want to have software that can remotely erase or read your data in your notebook, is up to you to trust Intel or Absolute.
Disabling it in the BIOS don't work.
Don't miss interpret us, they have a useful product. But it must be a little more secure, and *optional*.
All those MS commercials mention the computer brands by name, and all of those brands include this.
If Microsoft is going to bundle their OEMs' brand names into their ads, they have to accept that the mistakes of those OEMs reflect on their advertisements.
It doesn't hurt to be nice.