Security Software Leaves PCs Vulnerable

Tuesday, February 18, 2014 @ 04:02 PM gHale

Real anti-theft software downloaded on millions of computers can leave systems vulnerable to remote hijack.

Absolute Computrace, a product developed by Austin, Texas-based Absolute Software “allows organizations to persistently track and secure all of their endpoints within a single cloud-based console,” according to the product page for the software. But there may be some security issues, according to a report published by Kaspersky Lab.

Attackers Eye Online Banking
Router Fixed after Holes Found
Mobile Woes: Modems Expose Control Panels
Wireless Camera Allows Remote Attacks

Remote takeover of impacted systems was possible through a number of avenues, according to the Kaspersky report.

“The protocol used by the [Computrace] Small Agent provides the basic feature of remote code execution,” the report said. “The protocol doesn’t use any encryption or authorization with the remote server, which creates numerous opportunities for remote attacks in a hostile network environment.”

While Kaspersky hasn’t seen any evidence of Computrace’s weaknesses being used to carry out attacks, the researchers found an attack on a local area network via address resolution protocol (ARP) poisoning (where a bad guy redirects all traffic from a computer running the software to his or her own control hub) was possible.

Another attack method could entail a domain name system (DNS) service attack “to trick the agent into connecting to a fake [command-and-control] server,” the report said.

Kaspersky Lab estimates the vulnerable Computrace software may be on more than 2 million computers around the global, with the majority of computers located in the U.S. and Russia.

The firm also warned users are unaware the software is even running on their systems. In fact, the team decided to look into the software after they discovered it was running on several computers belonging to Kaspersky Lab’s researchers unbeknownst to them.

After further investigation, analysts also found Computrace pre-activated on a Samsung laptop at a local computer retail shop.

In its report, Kaspersky said other researchers had previously warned users on the security of the product.

“While physical security and a lack of proper code validation have already been shown in prior research by Core Labs, in our research we have focused on the network security aspect of such solutions. Our intention was to evaluate how secure Computrace Agent communications are and to see if it is possible to hijack control remotely,” the report said.

Absolute Software was “currently reviewing the [Kaspersky] report” and would provide a more detailed response on the matter once its review was complete, said Stephen Midgley, vice president of global marketing at Absolute Software.

In the meantime, Midgley added “all major anti-malware software vendors recognize the Absolute client implementation as safe, legitimate technology that improved the security of the endpoint.”

“Absolute Computrace has been reviewed and implemented by numerous organizations globally,” Midgley said, later adding that the software “has been successfully deployed and actively protecting millions of devices, without compromise, for 20 years.”

Leave a Reply

You must be logged in to post a comment.