Kaspersky Lab reports that anti-theft software could be exploited

A useful cyber-defensive utility can be turned into a powerful tool for cyber-attackers in the form of full access to millions of computers, according to research from Kaspersky Lab regarding an element of Absolute Software’s anti-theft software. The focus of the Kaspersky research was the Absolute Computrace agent that resides in the firmware of modern laptops and desktops. It’s a key part of the ability to trace endpoints in case of loss or theft by products like Absolute’s LoJack offering. 

Kaspersky Lab’s research has revealed millions of computers running anti-theft software could be at risk of being hijacked by cyber attackers. Kaspersky Lab’s security research team has published a report that highlights that the weak implementation of anti-theft software marketed by Absolute Software can turn a useful defensive utility into a powerful instrument for cyber attackers. The focus of the research was the Absolute Computrace agent that resides in the firmware, or PC ROM BIOS, of modern laptops and desktops. The major reason for this research project was the discovery of the Computrace agent running on several private computers of Kaspersky Lab’s researchers and corporate computers without prior authorisation. 

Read full article