Computrace Backdoor Revisited

Presented at Black Hat USA 2014, Aug. 6, 2014, 5 p.m. (60 minutes)

This presentation includes a live demonstration of security flaws in modern anti-theft technologies that reside in firmware and PC BIOS of most popular laptops and some desktop computers. While the general idea behind anti-theft technology is good, improper implementation can render it useless as well as harmful, or even extremely dangerous. We have found several proofs of unauthorized activations of Absolute Computrace anti-theft software on our private and corporate computers and discovered that this software can be used as an advanced removal-resistant BIOS-based backdoor. While physical security and a lack of proper code validation have already been shown in prior research presented at Black Hat 2009 by Anibal Sacco and Alfredo Ortega from Core Labs, in our research we demonstrate network security flaws. Our demo will show how to own remote hosts running Absolute Computrace. And there is a cool extra surprise for those who have already heard about Computrace network issues.

Presenters:

• Anibal Sacco - Cubica Labs
  Anibal Sacco is an information security professional specialized in reverse engineering. He is a former Senior Exploit Writer and Security Researcher at CORE Security Technologies. He has been researching embedded devices and developing exploits for Windows, OS X, and Linux since 2006. Nowadays, he is co-founder and researcher at Cubica Labs, a security research and consulting startup. As a researcher, he has published several papers and presented at some of the most important security conferences like Black Hat, CanSecWest, SyScan, Ekoparty, and EUSecWest.
• Sergey Belov
  Sergey Belov is a Security Researcher at Kaspersky Lab.
• Vitaly Kamluk - Kaspersky Lab   as Vitaliy Kamluk
  Vitaly Kamluk has 10+ years work experience in IT security and now is Principal Security Researcher at Kaspersky Lab. He specializes in malware reverse engineering, computer forensics, and cybercrime investigations. He has presented at many security conferences including DEF CON, FIRST, Underground Economy, PHDays, ZeroNights and more.

Links:

• https://www.blackhat.com/us-14/archives.html#computrace-backdoor-revisited
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2014/video/Computrace Backdoor Revisited.mp4
• https://www.youtube.com/watch?v=AKmNf-JmjKQ
• https://www.blackhat.com/docs/us-14/materials/us-14-Kamlyuk-Kamluk-Computrace-Backdoor-Revisited.pdf
• https://www.blackhat.com/docs/us-14/materials/us-14-Kamluk-Computrace-Backdoor-Revisited-WP.pdf