Just another day reading the tech news:
A popular laptop theft-recovery service that ships on notebooks made by
HP, Dell, Lenovo, Toshiba, Gateway, Asus and Panasonic is actually a
dangerous BIOS rootkit that can be hijacked and controlled by malicious
hackers.
The service — called Computrace LoJack for Laptops — contains design vulnerabilities and a lack of strong authentication that can lead to “a complete and persistent compromise of an affected system,” according to Black Hat conference presentation by researchers Alfredo Ortega and Anibal Sacco from Core Security Technologies.
Computrace LoJack for Laptops, which is is pre-installed on about 60 percent of all new laptops...[snip]
“This is a rootkit. It might be legitimate rootkit, but it’s a dangerous rootkit,” Sacco declared...[snip]
That’s because the technology uses a configuration method that contains the IP address, port and URL, all hard-coded in the Option-ROM.Full article here.
