 | By Robert Vamosi A presentation by two researchers at a recent security conference suggests that one particular rootkit-like program may be present in 60% of all laptops. The absence of strong authentication in this well-intentioned, widely distributed program has the potential to compromise systems, according to the researchers, but I believe you actually face little risk. |
Black Hat bark may be worse than its bite
There was considerable buzz around SMS and SSL vulnerabilities at this year’s Black Hat Briefings July 25–30 in Las Vegas. But the lion’s share of attention went to a 20-minute presentation given by Core Security researchers Alfredo A. Ortega and Anibal Sacco.
In a PDF paper titled “Deactivate the rootkit,” Ortega and Sacco said they were initially interested in showing how rootkits can infiltrate a PC’s BIOS. In the course of their research, however, they said they found that something with the potential to become a rootkit — Absolute Software’s Computrace LoJack for Laptops — was already embedded within their test laptop.
The concept is this: If a laptop with Lojack installed is stolen, the company can recover the device by pinpointing its IP address when the laptop connects to the Internet. Ortega and Sacco said the product may be embedded in as many as 60% of the laptops sold since 2005. Those notebook PCs use a BIOS from Phoenix Technologies that includes the LoJack detection system.
The researchers noted that “the antitheft agent must be stealthy, must have complete control of the system, and most importantly, must be highly persistent.” Specifically, the agent must be buried deep within the BIOS to survive a hard-drive wipe by thieves.
Related posts:
