Computrace Laptop Lojack Ripe for Abuse

November 11, 2008

So I recently stumbled across an interesting program called Computrace — a sort of “laptop lojack” system that theoretically can be used to locate a stolen laptop. This article describes how an LA school district used it to find stolen laptops.

The interesting thing about the Computrace software is that it apparently comes pre-loaded in the BIOS of millions of laptops. That’s right, there’s a good chance that your laptop has this software built-in, without you knowing about it. (You can check to see if your computer model carries it here). There’s a term for programs like this: “spyware.”

According to Absolute, the software manufacturer, Computrace software is automatically shipped as disabled in your BIOS (full FAQ here). It is not enabled until you pay and sign up for the Computrace services and install another piece of software. Of course, we can only take Absolute’s word for this. And the manufacturer’s. There’s no easy way to tell if the software has been activated on your computer, of course, and there’s no easy way to disable it (otherwise laptop thieves could easily remove it). We must simply trust the authorities.

Let me repeat. There’s no easy way to detect or remove this program, and it is built into your machine’s BIOS. It is designed for reporting your location and activity. Who knows what other functionality it may have. There’s a term for programs like this: rootkit.

Some of the capabilities noted in Journal article:

The agent contacts the Absolute data center to say it’s activated, and it creates a small application on the machine’s hard drive, explained Hawks. From that point forward, every 24.5 hours, the application sends a small update to the data center, to maintain a current profile of hardware, software, and licensing for the computer, including the IP address that’s being used to send the update from. When a theft of a particular computer is reported, he said, a flag goes up in the system that the computer has been stolen. The next time contact is made with the data center through the Internet, the computer is told, “instead of every 24.5 hours, we want you to report back every 15 minutes.”

The data center uses a set of forensic tools to begin recording historical data, including IP address information and keystroke logging. Unless the user is sophisticated enough to use an IP address anonymizer, that IP address can be used to track the computer to a specific Internet service provider. Absolute’s recovery services team, made up of retired and former police officers, works with local law enforcement agents to accumulate the facts necessary to obtain a subpoena. That, in turn, can be used to find out from an ISP what customer is using a particular IP address and where that Internet access is originating from.

[...]

The same agent can be used not only for theft recovery, but also for asset tracking and remote deletion. Absolute’s Hawks said that some districts have misplaced computers and used the technology to track them down. If a computer can’t be recovered quickly, the remote deletion function allows for all selected data on the machine to be deleted the next time contact is made with the data center. IT administrators can access those profiles from a browser to view assets and generate reports.

So we must trust a privately held corporation, Absolute, that they do not have some secret and remote method of enabling this software. A privately held corporation with government contracts and ex-military types on their board of directors. And we must trust that the government would not see the value of taking advantage of such a program and exploit it to the fullest.

Yeah, right.

Some theoretical ideas for finding/disabling Computrace can be found here. Anyone have more information?

About these ads

4 Responses to “Computrace Laptop Lojack Ripe for Abuse”


  1. Oh. My. Fucking. God.

    So much for “Install linux, and be safe!”

    If current desktop-sized machines don’t have it, maybe luggables will become popular again. Invest now! The luggable revolution awaits!

  2. iNinja Says:

    install ubuntu fuck lojack

  3. Kay Says:

    that’s does not kill absolute’s software:
    the agent, which is able to reinstall itself on the Windows partition (and possibly others) sits in the BIOS and has networking capabilities. This one already connects to computrace’s servers.
    !

    • Quantum Says:

      It is not the software, LoJack is built into as you’ve already established the BIOS and if its ACTIVATED then it’s as good as worthless. If that motherboard battery fails as a security precaution against tampering it will hose the entire motherboard and render the machine un-usable.

      A lot of mis-informed people presume this is just software on its own. Totally incorrect, if you install LoJack in a Car, do you think the car then dials the Internet to report its location?

      No it does not, the answer is more insidious, it’s actually a GPS tracker built into the mini PCI Wireless Card!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: