Kaspersky Says Computrace Is Vulnerable, Absolute Software Denies Accusations

Computrace agent compiled in 2012 analyzed by Kaspersky

At the Kaspersky Security Analyst Summit 2014, security researchers from Kaspersky have presented a report on vulnerabilities in Absolute Software’s Computrace, the anti-theft software that resides in the firmware or the BIOS of laptops and desktop computers.

Absolute says Computrace is used by 30,000 active customers, including Fortune 500 companies. Based on its research, Kaspersky has determined that the tool can represent a “powerful weapon for cybercriminals.”

Experts say there’s no evidence that cybercriminals are currently using Computrace as an attack platform, but they want users to be aware of the risks.

This isn’t the first time security researchers analyze Absolute Computrace. Back in 2009, experts made a similar presentation at the Black Hat conference.

However, Kaspersky says it has decided to perform another analysis of the software after discovering its presence on the privately owned laptops of some Kaspersky Lab researchers.

The Computrace agent, compiled in June 2012, was installed without prior authorization.

After the IT security firm published its report, Absolute Software came forward with a statement, an info sheet and an FAQ. Kaspersky sent an email to the company on February 3. However, they haven’t received a response, so they decided to go ahead and publish their findings.

Absolute, on the other hand, said it had learned of the report not from Kaspersky, but from a member of the press.

“We have reviewed the report and consider Kaspersky’s analysis flawed and rejects its conclusions. We are unable to determine how Kaspersky was able to reach the conclusions they provided,” Phil Gardner, Absolute Software’s CTO, noted in a blog post.

Gardner says the report looks very similar to the one from 2009 and highlights the fact that their response from back then is “still accurate and current.”

On the other hand, Kaspersky argues that if there are devices that come with the Computrace module automatically activated without the customer’s explicit consent, Absolute and manufacturers should address the problem.

“It is the responsibility of the manufacturers and Absolute Software to notify those users and explain how they can deactivate it if they don’t want to use Absolute Software services. Otherwise, these orphaned agents will keep on running unnoticed and provide opportunities for remote exploitation,” Kaspersky said.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s