A quick analysis of the file information revealed that these modules were created by Absolute Software and are part of the Absolute Computrace software. The failure was related to instability in modules named identprv.dll and wceprv.dll that were loaded in the address space of one of the system service host processes (svchost.exe).
ABSOLUTE LOJACK BLOCK FULL
A quick check then led to a full research cycle which eventually resulted in this report. The crash generated an event log record and a memory dump that was immediately analyzed. He observed repeated system process crashes on one of his personal laptops. Our research started with a real-life incident involving one of our colleagues. We believe that companies producing anti-theft technologies must consider the security of their products extremely seriously. While the general idea behind anti-theft technology is good, improper implementation can render it useless as well as harmful, or even extremely dangerous. One such type of software is anti-theft technologies that are widely used on modern laptops, i.e., Absolute Computrace. While most of these products can be permanently removed or disabled by the user or an IT administrator, some types of product are designed to remain on the system even after professional system cleanup or total disk drive replacement. It might be difficult for an ordinary user to understand all the risks of such “extra-packages” existing on the system. Modern computer systems that are widely used by individual consumers as well as large corporations have a number of pre-installed software that is shipped by an OEM manufacturer or a regional reseller to promote certain services and products. Our intention was to evaluate how secure Computrace Agent communications are and to see if it is possible to hijack control remotely. While physical security and a lack of proper code validation have already been shown in prior research by Core Labs, in our research we have focused on the network security aspect of such solutions. In particular, we have analyzed a number of standalone firmware files and personal computers. This report is a return to the problem of security mechanisms implemented in modern anti-theft technologies that reside in firmware and PC BIOS of commonly used laptops and some desktop computers.
0 kommentar(er)
