Absolute Home & Office (originally known as CompuTrace, and LoJack for Laptops) is a proprietary laptop theft recovery software ( laptop tracking software). The persistent security features are built into the firmware of devices. ''Absolute Home & Office'' has services of an investigations and recovery team who partners with law enforcement agencies to return laptops to their owners. Absolute Software licensed the name LoJack from the vehicle recovery service LoJack in 2005. Analysis of ''Absolute Home & Office'' (LoJack) by

Kaspersky Lab Kaspersky Lab (; ) is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky a ...

shows that in rare cases, the software was preactivated without user authorization. The software agent behaves like a

rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exist ...

, reinstalling a small installer agent into the Windows OS at boot time. This installer later downloads the full agent from Absolute's servers via the internet. This installer is vulnerable to certain local attacks,Absolute Computrace Revisited
/ SecureList, Vitaly Kamluk, February 12, 2014. and attacks from hackers who can control network communications of the victim.

Functionality

Once installed, the ''Absolute Home & Office'' agent makes itself persistent by making an initial call to the "Monitoring Center". The software may be updated by modules, downloaded from a command server. Subsequent contact occurs daily, checking to ensure the agent remains installed and provides detailed data such as location, user, software, and hardware. If the device is stolen the owner is able to contact Absolute. Then, the next time the protected device connects to the

internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...

, it switches to theft mode and accelerates Monitoring Center communication. The Investigations and Recovery team forensically mine the computer using key captures, registry and file scanning,

geolocation Geopositioning is the process of determining or estimating the geographic position of an object or a person. Geopositioning yields a set of Geographic coordinate system, geographic coordinates (such as latitude and longitude) in a given map datum ...

, and other investigative techniques. The team works with local law enforcement to recover the protected device, and provides police with evidence to pursue criminal charges. In the event of theft, a user can log into their online account to remotely lock the computer or delete sensitive files to avoid

identity theft Identity theft, identity piracy or identity infringement occurs when someone uses another's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. ...

. ''Absolute Home & Office'' comes preinstalled in some Acer,

Asus ASUSTeK Computer Inc. (, , , ; stylized as ASUSTeK or ASUS) is a Taiwanese Multinational corporation, multinational computer, phone hardware and electronics manufacturer headquartered in Beitou District, Taipei, Taiwan. Its products include deskto ...

, Fujitsu,

Panasonic is a Japanese multinational electronics manufacturer, headquartered in Kadoma, Osaka, Kadoma, Japan. It was founded in 1918 as in Fukushima-ku, Osaka, Fukushima by Kōnosuke Matsushita. The company was incorporated in 1935 and renamed and c ...

Toshiba is a Japanese multinational electronics company headquartered in Minato, Tokyo. Its diversified products and services include power, industrial and social infrastructure systems, elevators and escalators, electronic components, semiconductors ...

Dell Dell Inc. is an American technology company that develops, sells, repairs, and supports personal computers (PCs), Server (computing), servers, data storage devices, network switches, software, computer peripherals including printers and webcam ...

, HP and

Lenovo Lenovo Group Limited, trading as Lenovo ( , zh, c=联想, p=Liánxiǎng), is a Chinese multinational technology company specializing in designing, manufacturing, and marketing consumer electronics, personal computers, software, servers, conv ...

machines. Apple, unlike some other PC manufacturers, does not allow the software to be installed in the BIOS. Absolute Home & Office can be installed on Apple computers, but it will be stored on the hard drive instead of the BIOS. If the hard drive is replaced or reformatted, the software will be lost. The

BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is a type of firmware used to provide runtime services for operating systems and programs and to perform hardware initialization d ...

service is disabled by default and can be enabled by purchasing a license for ''Absolute Home & Office''; upon being enabled, the BIOS will copy a downloader agent named rpcnetp.exe from the BIOS flash ROM to the ''System32'' folder on Windows systems. On some Toshiba laptops, rpcnetp.exe is factory-preinstalled by Toshiba on the unit's hard drive. In turn, rpcnetp.exe will download the full agent software and install the rpcnet.exe

Windows service In Windows NT operating systems, a Windows service is a computer program that operates in the background. It is similar in concept to a Unix daemon. A Windows service must conform to the interface rules and protocols of the Service Control Manag ...

. From then on, rpcnet.exe will phone home to ''Absolute Software'' servers once a day, querying for a possible theft report, and transmitting the results of a system scan, IP address, user- and machine names and location data, which it obtains either by tapping the GPS data stream on machines equipped with GPS hardware, or by triangulating available

WLAN A wireless LAN (WLAN) is a wireless computer network that links two or more devices using wireless communication to form a local area network (LAN) within a limited area such as a home, school, computer laboratory, campus, or office buildin ...

access points in the vicinity, by providing WLAN IDs and signal strengths so ''Absolute Software'' servers can geolocate the device using the Mexens Technology data base. If ''Absolute'' receives a theft report, the service can be remotely commanded to phone home every 15 minutes, install additional 3rd party vendor software, such as a key logger or a forensic package, make

screenshot A screenshot (also known as screen capture or screen grab) is an analog or digital image that shows the contents of a computer display. A screenshot is created by a (film) camera shooting the screen or the operating system An operating sys ...

s, and various other actions. ''Absolute Home & Office'' also supports

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California, and Delaware General Corporation Law, incorporated in Delaware. Intel designs, manufactures, and sells computer compo ...

's '' AT-p'' anti-theft protection scheme. If it is unable to phone home within a configurable time interval it will require a special BIOS password upon the next reboot. It can be configured to shut down the machine's power supply immediately in this case, to force a reboot.

Persistence

The persistence module, installed as part of system BIOS/UEFI, detects when the ''Absolute Home & Office'' software has been removed. It ensures the software is automatically reinstalled even if the hard drive is replaced, or the

firmware In computing Computing is any goal-oriented activity requiring, benefiting from, or creating computer, computing machinery. It includes the study and experimentation of algorithmic processes, and the development of both computer hardware, h ...

is flashed. ''Absolute Software'' partners with many original equipment manufacturers to embed this technology in the firmware of computers, netbooks, smartphones, and tablets by Acer,

ASUS ASUSTeK Computer Inc. (, , , ; stylized as ASUSTeK or ASUS) is a Taiwanese Multinational corporation, multinational computer, phone hardware and electronics manufacturer headquartered in Beitou District, Taipei, Taiwan. Its products include deskto ...

, Fujitsu, HP,

, Motion,

Samsung Samsung Group (; stylised as SΛMSUNG) is a South Korean Multinational corporation, multinational manufacturing Conglomerate (company), conglomerate headquartered in the Samsung Town office complex in Seoul. The group consists of numerous a ...

and

Vulnerabilities

The ''Absolute Home & Office'' client has trojan and

-like behaviour, but some of its modules have been whitelisted by several antivirus vendors. At the

Black Hat Briefings Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together ...

conference in 2009, researchers showed that the implementation of the Computrace/LoJack agent embedded in the BIOS has vulnerabilities and that this "available control of the anti-theft agent allows a highly dangerous form of BIOS-enhanced rootkit that can bypass all chipset or installation restrictions and reutilize many existing features offered in this kind of software." ''Absolute Software'' rejected the claims made in the research, stating that "the presence of the Computrace module in no way weakens the security of the BIOS". Another independent analyst confirmed the flaws, noted that a malware hijacking attack would be a "highly exotic one", and suggested that the larger concern was that savvy thieves could disable the phone home feature. Later, Core Security Technologies proved the researcher's finding by making publicly available several proofs of concept, videos, and utilities on its webpage. Local and remote exploitation of the first stage CompuTrace agent, which is used to install the full version after activation or reinstallation of the operating system, was demonstrated at BlackHat USA 2014. This dropper agent is whitelisted by several antivirus vendors and can be used to set up some local attacks, for example to download and install software from different servers. ESET discovered a first attack in the wild with a rootkit called LoJax that infected vulnerable LoJack configurations.LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
''WeLiveSecurity'' by ESET, 2018-09-27

References

External links

11 Security Resolutions for 2013
/ PCWorld *

/ PCWorld

/ About.com
New last-minute gifts for business travelers
/ USA Today
CompuTrace
at ThinkWiki
Millions of PCs Affected by Mysterious Computrace Backdoor
/ Threatpost, 2014-08-11 {{DEFAULTSORT:Absolute Home and Office Laptops Security software Emergency management software

Functionality

Persistence

Vulnerabilities

See also

References

External links