The Flat Earth Society

Other Discussion Boards => Technology & Information => Topic started by: disputeone on September 17, 2018, 05:51:43 AM

Title: Firmware backdoors
Post by: disputeone on September 17, 2018, 05:51:43 AM
https://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700/

https://www.kaspersky.com/blog/beware-of-vulnerable-anti-theft-applications/3837/

Toshiba: all of these model families have it: https://www.absolute.com/en/partners/oem/toshiba

Lenovo model families: https://www.absolute.com/en/partners/oem/lenovo

Dell: https://www.absolute.com/en/partners/oem/dell

Acer: https://www.absolute.com/en/partners/oem/acer

Asus: https://www.absolute.com/en/partners/oem/asus

HP: https://www.absolute.com/en/partners/oem/hp

This can apparently be rectified on Toshiba laptops using this method. I would be very skeptical.

Quote
How to Disable the CompuTrace Laptop BIOS on a Toshiba?

    CompuTrace is tracking software, developed by Absolute, that allows you to recover and restore missing or stolen computer systems. Some Toshiba laptops come with this application. You cannot manually remove CompuTrace from your Toshiba laptop; instead, contact Absolute HelpDesk for the removal process. Use an administrative account to perform this task.
    Instructions

    1 - Locate the serial number of your Toshiba laptop at the bottom of your laptop. It will say “Serial No” followed by the actual serial number, which is a combination of letters and numbers. Write down the serial number on a piece of paper.

    2 - Navigate to “CompuTrace Support” webpage (see Resources). Click the “Click here” link under “Log in to your account.”

    3 - Use your Absolute username and password and click “Login.” This opens a request form.

    4 - Type “CompuTrace removal” in the provided box for the request form. Type the serial number of your computer in the corresponding field. Also, provide your email address. Click the “Submit” button.

    5 - Wait for a confirmation email from Absolute. It notes that your request has been processed.

    6 - Connect your Toshiba laptop to the Internet.

    Once you do this, Absolute automatically removes CompuTrace from your laptop.

AMD has their own implementation, which can arguably be turned off, but it's actually an onboard ARM core embedded on your CPU. Some ARM do some don't. The i.MX 6 and 8 do not, for example. The 8 will be used in the Puri.sm Librem 5 phone.

https://puri.sm/shop/librem5

Their laptops have IME removed.

https://puri.sm/shop

Not sure on tinkerboard.

You still have Spectre and Meltdown, but POWER9 chips like the talos workstation use coreboot and have no remote management.

https://www.raptorcs.com/TALOSII/

I've heard that flashing your BIOS won't get rid of it but of you flash it well enough...

Anyway privacy is dead.
Title: Re: Firmware backdoors
Post by: Lord Dave on September 17, 2018, 10:13:20 AM
Yes, lets make a security software super easy to remove....


You're right, it shouldn't be on by default and should be encrypted.  However outright removal is not really feasable if you want it to actually do the job it needs to do.
Title: Re: Firmware backdoors
Post by: Pete Svarrior on September 17, 2018, 12:37:46 PM
Yes, lets make a security software super easy to remove...
I'm not convinced that CompuTrace can really be called security software. It's tracking software. It might be "good" if you insist, but it doesn't improve your security.

Dell normally starts with CompuTrace (allegedly) deactivated, and provides an option to (allegedly) permanently disable it in UEFI. Whether or not these options actually have any meaning, I don't know.
Title: Re: Firmware backdoors
Post by: Lord Dave on September 17, 2018, 01:12:14 PM
Yes, lets make a security software super easy to remove...
I'm not convinced that CompuTrace can really be called security software. It's tracking software. It might be "good" if you insist, but it doesn't improve your security.

Dell normally starts with CompuTrace (allegedly) deactivated, and provides an option to (allegedly) permanently disable it in UEFI. Whether or not these options actually have any meaning, I don't know.
Tracking, remote locking/wiping, IDing who took your stuff.
Its marketed to businesses who let people take laptops home or on business trips.
Title: Re: Firmware backdoors
Post by: Pete Svarrior on September 28, 2018, 07:19:03 AM
https://thehackernews.com/2018/09/uefi-rootkit-malware.html

Yes, Computrace was definitely a good idea. Nobody could have predicted this.
Title: Re: Firmware backdoors
Post by: Rama Set on September 28, 2018, 01:13:30 PM
Is there an app for that?