Computrace Laptop Lojack Ripe for Abuse
November 11, 2008
So I recently stumbled across an interesting program called Computrace — a sort of “laptop lojack” system that theoretically can be used to locate a stolen laptop. This article describes how an LA school district used it to find stolen laptops.
The interesting thing about the Computrace software is that it apparently comes pre-loaded in the BIOS of millions of laptops. That’s right, there’s a good chance that your laptop has this software built-in, without you knowing about it. (You can check to see if your computer model carries it here). There’s a term for programs like this: “spyware.”
According to Absolute, the software manufacturer, Computrace software is automatically shipped as disabled in your BIOS (full FAQ here). It is not enabled until you pay and sign up for the Computrace services and install another piece of software. Of course, we can only take Absolute’s word for this. And the manufacturer’s. There’s no easy way to tell if the software has been activated on your computer, of course, and there’s no easy way to disable it (otherwise laptop thieves could easily remove it). We must simply trust the authorities.
Let me repeat. There’s no easy way to detect or remove this program, and it is built into your machine’s BIOS. It is designed for reporting your location and activity. Who knows what other functionality it may have. There’s a term for programs like this: rootkit.
Some of the capabilities noted in Journal article:
The agent contacts the Absolute data center to say it’s activated, and it creates a small application on the machine’s hard drive, explained Hawks. From that point forward, every 24.5 hours, the application sends a small update to the data center, to maintain a current profile of hardware, software, and licensing for the computer, including the IP address that’s being used to send the update from. When a theft of a particular computer is reported, he said, a flag goes up in the system that the computer has been stolen. The next time contact is made with the data center through the Internet, the computer is told, “instead of every 24.5 hours, we want you to report back every 15 minutes.”
The data center uses a set of forensic tools to begin recording historical data, including IP address information and keystroke logging. Unless the user is sophisticated enough to use an IP address anonymizer, that IP address can be used to track the computer to a specific Internet service provider. Absolute’s recovery services team, made up of retired and former police officers, works with local law enforcement agents to accumulate the facts necessary to obtain a subpoena. That, in turn, can be used to find out from an ISP what customer is using a particular IP address and where that Internet access is originating from.
The same agent can be used not only for theft recovery, but also for asset tracking and remote deletion. Absolute’s Hawks said that some districts have misplaced computers and used the technology to track them down. If a computer can’t be recovered quickly, the remote deletion function allows for all selected data on the machine to be deleted the next time contact is made with the data center. IT administrators can access those profiles from a browser to view assets and generate reports.
So we must trust a privately held corporation, Absolute, that they do not have some secret and remote method of enabling this software. A privately held corporation with government contracts and ex-military types on their board of directors. And we must trust that the government would not see the value of taking advantage of such a program and exploit it to the fullest.
Some theoretical ideas for finding/disabling Computrace can be found here. Anyone have more information?