a bit OT: used laptops, computrace rootkit

Michael Torrie torriem at gmail.com
Sun Mar 23 22:49:02 MDT 2014


On 03/23/2014 10:09 PM, plug.mailing-list wrote:
> The marketing videos on that site boast they can retrieve data, wipe
> the devices, and perform patch management (install whatever they feel
> like).  Additional research shows there is *some* support for Linux,
> so unfortunately, you might still be vulnerable:
> 
> http://www.absolute.com/en/products/absolute-computrace/requirements
> 
> I don't think I'll be purchasing a used laptop without checking the
> BIOS/UEFI first.
> 
> If I were you, I would pursue getting Computrace disabled.  If the
> company can't (or won't) disable it, I'd resell the laptop and buy
> another.

That's the user-installable agent part they are talking about.  With
linux you have to install the agent manually, and it won't survive a
re-install, though I'm sure the agent activates the BIOS part, which
will infect subsequent windows installs.  The BIOS portion includes
agent injection for Windows only, at present (limited space in the
BIOS/UEFI).  This whole mechanism could be hijacked to infect Linux of
course.  It's only a matter of time before malware infects CompuTrace.
How often do people update their firmware to close security holes?  And
I could see the NSA doing something like this as well.  What's scary is
this software is on almost all new laptops nowadays. Even if you
permanently disable it, there's nothing preventing software from
re-enabling it, though of course BIOS-infections are nothing new.  Scary
stuff, though, since it's so widespread.

Clearly if you really wanted to keep a laptop from being stolen, you
kind of want these features that CompuTrace has.  But they are open to
misuse.


More information about the PLUG mailing list