Absolute Home & Office (originally known as CompuTrace, and LoJack for Laptops) is a proprietary
laptop theft
Laptop theft is a significant threat to users of laptop and netbook computers. Many methods to protect the data and to prevent theft have been developed, including alarms, laptop locks, and visual deterrents such as stickers or labels. Victims of l ...
recovery software (
laptop tracking software). The
persistent
Persistent may refer to:
* Persistent data
* Persistent data structure
* Persistent identifier
* Persistent memory
* Persistent organic pollutant
* Persistent Systems, a technology company
* USS ''Persistent'', three United States Navy ships
See ...
security features are built into the firmware of devices. ''Absolute Home & Office'' has services of an investigations and recovery team who partners with law enforcement agencies to return laptops to their owners.
Absolute Software
Absolute Software Corporation is an American-Canadian company that provides products and services in the fields of endpoint security and zero trust security. The company is headquartered in Vancouver, British Columbia, Canada. Regional offices in ...
licensed the name LoJack from the vehicle recovery service
LoJack
LoJack is a stolen vehicle recovery and IoT connected car system that utilizes GPS and cellular technology to locate users' vehicles, view trip history, see battery levels, track speeding, and maintain vehicle health via a native app. Prior to se ...
in 2005.
Analysis of ''Absolute Home & Office'' (LoJack) by
Kaspersky Lab
Kaspersky Lab (; Russian: Лаборатория Касперского, tr. ''Laboratoriya Kasperskogo'') is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in th ...
shows that in rare cases, the software was preactivated without user authorization. The software agent behaves like a
rootkit, reinstalling a small installer agent into the Windows OS at boot time. This installer later downloads the full agent from Absolute's servers via the internet. This installer is vulnerable to certain local attacks,
[Absolute Computrace Revisited]
/ SecureList, Vitaly Kamluk, February 12, 2014. and attacks from hackers who can control network communications of the victim.
Functionality
Once installed, the ''Absolute Home & Office'' agent makes itself persistent by making an initial call to the "Monitoring Center".
The software may be updated by modules, downloaded from a command server.
Subsequent contact occurs daily, checking to ensure the agent remains installed and provides detailed data such as location, user, software, and hardware.
If the device is stolen the owner is able to contact Absolute. Then, the next time the protected device connects to the
internet
The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
, it switches to theft mode and accelerates Monitoring Center communication. The Investigations and Recovery team forensically mine the computer using key captures,
registry Registry may refer to:
Computing
* Container registry, an operating-system-level virtualization registry
* Domain name registry, a database of top-level internet domain names
* Local Internet registry
* Metadata registry, information system for re ...
and file scanning,
geolocation, and other investigative techniques. The team works with local law enforcement to recover the protected device, and provides police with evidence to pursue
criminal charges
A criminal charge is a formal accusation made by a governmental authority (usually a public prosecutor or the police) asserting that somebody has committed a crime. A charging document, which contains one or more criminal charges or counts, can ...
. In the event of theft, a user can log into their online account to remotely lock the computer or delete sensitive files to avoid
identity theft
Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term ''identity theft'' was co ...
.
''Absolute Home & Office'' comes preinstalled in some
Acer,
Asus,
Fujitsu
is a Japanese multinational information and communications technology equipment and services corporation, established in 1935 and headquartered in Tokyo. Fujitsu is the world's sixth-largest IT services provider by annual revenue, and the la ...
,
Panasonic,
Toshiba
, commonly known as Toshiba and stylized as TOSHIBA, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan. Its diversified products and services include power, industrial and social infrastructure system ...
,
Dell
Dell is an American based technology company. It develops, sells, repairs, and supports computers and related products and services. Dell is owned by its parent company, Dell Technologies.
Dell sells personal computers (PCs), servers, data ...
,
HP and
Lenovo
Lenovo Group Limited, often shortened to Lenovo ( , ), is a Chinese Multinational corporation, multinational technology company specializing in designing, manufacturing, and marketing consumer electronics, Personal computer, personal computers, ...
machines. Apple, unlike some other
PC manufacturers, does not allow the software to be installed in the BIOS. Absolute Home & Office can be installed on Apple computers, but it will be stored on the hard drive instead of the BIOS. If the hard drive is replaced or reformatted, the software will be lost.
The
BIOS
In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
service is disabled by default and can be enabled by purchasing a license for ''Absolute Home & Office''; upon being enabled, the BIOS will copy a downloader agent named
rpcnetp.exe
from the BIOS flash ROM to the ''System32'' folder on Windows systems. On some Toshiba laptops,
rpcnetp.exe
is factory-preinstalled by Toshiba on the unit's hard drive. In turn,
rpcnetp.exe
will download the full agent software and install the
rpcnet.exe
Windows service
In Windows NT operating systems, a Windows service is a computer program that operates in the background. It is similar in concept to a Unix daemon. A Windows service must conform to the interface rules and protocols of the Service Control Manager ...
. From then on,
rpcnet.exe
will phone home to ''Absolute Software'' servers once a day, querying for a possible theft report, and transmitting the results of a system scan, IP address, user- and machine names and location data, which it obtains either by tapping the
GPS
The Global Positioning System (GPS), originally Navstar GPS, is a Radionavigation-satellite service, satellite-based radionavigation system owned by the United States government and operated by the United States Space Force. It is one of t ...
data stream on machines equipped with GPS hardware, or by triangulating available
WLAN access points in the vicinity, by providing WLAN IDs and signal strengths so ''Absolute Software'' servers can geolocate the device using the
Mexens Technology data base. If ''Absolute'' receives a theft report, the service can be remotely commanded to phone home every 15 minutes, install additional 3rd party vendor software, such as a key logger or a forensic package, make
screenshot
screenshot (also known as screen capture or screen grab) is a digital image that shows the contents of a computer display. A screenshot is created by the operating system or software running on the device powering the display.
Additionally, s ...
s, and various other actions.
''Absolute Home & Office'' also supports
Intel
Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...
's ''
AT-p'' anti-theft protection scheme. If it is unable to phone home within a configurable time interval it will require a special BIOS password upon the next reboot. It can be configured to shut down the machine's power supply immediately in this case, to force a reboot.
Persistence
The
persistence module, installed as part of system BIOS/UEFI, detects when the ''Absolute Home & Office'' software has been removed. It ensures the software is automatically reinstalled even if the hard drive is replaced, or the
firmware
In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide h ...
is flashed. ''Absolute Software'' partners with many
original equipment manufacturer
An original equipment manufacturer (OEM) is generally perceived as a company that produces non-aftermarket parts and equipment that may be marketed by another manufacturer. It is a common industry term recognized and used by many professional or ...
s to embed this technology in the firmware of computers, netbooks, smartphones, and tablets by
Acer,
ASUS,
Dell
Dell is an American based technology company. It develops, sells, repairs, and supports computers and related products and services. Dell is owned by its parent company, Dell Technologies.
Dell sells personal computers (PCs), servers, data ...
,
Fujitsu
is a Japanese multinational information and communications technology equipment and services corporation, established in 1935 and headquartered in Tokyo. Fujitsu is the world's sixth-largest IT services provider by annual revenue, and the la ...
,
HP,
Lenovo
Lenovo Group Limited, often shortened to Lenovo ( , ), is a Chinese Multinational corporation, multinational technology company specializing in designing, manufacturing, and marketing consumer electronics, Personal computer, personal computers, ...
, Motion,
Panasonic,
Samsung
The Samsung Group (or simply Samsung) ( ko, 삼성 ) is a South Korean multinational manufacturing conglomerate headquartered in Samsung Town, Seoul, South Korea. It comprises numerous affiliated businesses, most of them united under the ...
and
Toshiba
, commonly known as Toshiba and stylized as TOSHIBA, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan. Its diversified products and services include power, industrial and social infrastructure system ...
.
Vulnerabilities
The ''Absolute Home & Office'' client has
trojan and
rootkit-like behaviour, but some of its modules have been whitelisted by several antivirus vendors.
Earlier it was detected as ''TR/Hijack.Explor.1245'' or ''W32/Agent.SW!tr''.
At the Black Hat Briefings conference in 2009, researchers showed that the implementation of the Computrace/LoJack agent embedded in the BIOS has vulnerabilities and that this "available control of the anti-theft agent allows a highly dangerous form of BIOS-enhanced rootkit that can bypass all chipset or installation restrictions and reutilize many existing features offered in this kind of software." ''Absolute Software'' rejected the claims made in the research, stating that "the presence of the Computrace module in no way weakens the security of the BIOS". Another independent analyst confirmed the flaws, noted that a malware hijacking attack would be a "highly exotic one", and suggested that the larger concern was that savvy thieves could disable the phone home feature. Later, Core Security Technologies proved the researcher's finding by making publicly available several proofs of concept, videos, and utilities on its webpage.
Local and remote exploitation of the first stage CompuTrace agent, which is used to install the full version after activation or reinstallation of the operating system, was demonstrated at BlackHat USA 2014. This dropper agent is whitelisted by several antivirus vendors and can be used to set up some local attacks, for example to download and install software from different servers. ESET discovered a first attack in the wild with a rootkit called LoJax that infected vulnerable LoJack configurations.LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
''WeLiveSecurity'' by ESET, 2018-09-27
See also
*
Prey (software)
Prey is a software and online platform for mobile device tracking, management, and protection available for laptops, tablets, and mobiles. The software and service is developed by the Chilean company Prey Inc., successor of the funding company For ...
References
External links
11 Security Resolutions for 2013/ PCWorld
*
/ PCWorld
/ About.com
New last-minute gifts for business travelers/ USA Today
CompuTraceat ThinkWiki
Millions of PCs Affected by Mysterious Computrace Backdoor / Threatpost, 2014-08-11
{{DEFAULTSORT:Absolute Home and Office
Laptops
Security software
Emergency management software