Researchers Discover BIOS Rootkit Shipped with Laptops
Anibal Sacco and Alfredo Ortega, Security Researchers at Core Security Technologies, made a presentation at the Black Hat Conference. According to their presentation, a widely used laptop theft recovery service, called "Computer LoJack for Laptops" and is packed with notebooks from Dell, Toshiba, HP, Gateway, Lenovo, Panasonic and Asus is in fact a hazardous BIOS rootkit, which could be compromised and controlled by hackers, as reported by ZDNet on July 30, 2009.
The researchers said - design vulnerabilities exist within the service along with an absence of a strong authentication, which could subject an affected computer to total compromise.
The researchers also said that the "Computrace" software, which Absolute Software Corp. based in Vancouver has developed, comes together with a subscription facility, which is employed to search stolen or lost PCs. The service could prove precious as it could facilitate remote hackers to purge sensitive data from a hijacked system, while the PC can still access a maliciously crafted website and take instructions even when the hacker fiddles with the system.
However, research by Anibal Sacco and Alfredo Ortega reveals that an attacker could manipulate and regulate it. This happens because the technology utilizes certain method of configuration which contains the port, URL and IP address, each of which is hard-coded within the particular Option-ROM.
The researchers also elucidate that an attacker who has infected a Computrace-loaded computer can gain control of the system. This is possible because he can change the configurations of the computer to remain connected with it despite the un-installation and reinstallation of the operating system for cleaning the viruses.
Chief Technology Officer 'Ivan Arce' of Core Security said - it is like having something which is already installed and regarded as harmless that can be tampered with and converted into a malevolent application, as reported by Yahoo! Tech on July 30, 2009.
According to Arce, Absolute could rectify the problem with the help of an updated version of the software, which is subsequently introduced into affected PCs. He concluded that with some technical knowledge, users could prevent the software from automatically becoming a problem.
» SPAMfighter News - 18-08-2009