Firmware backdoors
« on: September 17, 2018, 05:51:43 AM »
https://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700/

https://www.kaspersky.com/blog/beware-of-vulnerable-anti-theft-applications/3837/

Toshiba: all of these model families have it: https://www.absolute.com/en/partners/oem/toshiba

Lenovo model families: https://www.absolute.com/en/partners/oem/lenovo

Dell: https://www.absolute.com/en/partners/oem/dell

Acer: https://www.absolute.com/en/partners/oem/acer

Asus: https://www.absolute.com/en/partners/oem/asus

HP: https://www.absolute.com/en/partners/oem/hp

This can apparently be rectified on Toshiba laptops using this method. I would be very skeptical.

Quote
How to Disable the CompuTrace Laptop BIOS on a Toshiba?

    CompuTrace is tracking software, developed by Absolute, that allows you to recover and restore missing or stolen computer systems. Some Toshiba laptops come with this application. You cannot manually remove CompuTrace from your Toshiba laptop; instead, contact Absolute HelpDesk for the removal process. Use an administrative account to perform this task.
    Instructions

    1 - Locate the serial number of your Toshiba laptop at the bottom of your laptop. It will say “Serial No” followed by the actual serial number, which is a combination of letters and numbers. Write down the serial number on a piece of paper.

    2 - Navigate to “CompuTrace Support” webpage (see Resources). Click the “Click here” link under “Log in to your account.”

    3 - Use your Absolute username and password and click “Login.” This opens a request form.

    4 - Type “CompuTrace removal” in the provided box for the request form. Type the serial number of your computer in the corresponding field. Also, provide your email address. Click the “Submit” button.

    5 - Wait for a confirmation email from Absolute. It notes that your request has been processed.

    6 - Connect your Toshiba laptop to the Internet.

    Once you do this, Absolute automatically removes CompuTrace from your laptop.

AMD has their own implementation, which can arguably be turned off, but it's actually an onboard ARM core embedded on your CPU. Some ARM do some don't. The i.MX 6 and 8 do not, for example. The 8 will be used in the Puri.sm Librem 5 phone.

https://puri.sm/shop/librem5

Their laptops have IME removed.

https://puri.sm/shop

Not sure on tinkerboard.

You still have Spectre and Meltdown, but POWER9 chips like the talos workstation use coreboot and have no remote management.

https://www.raptorcs.com/TALOSII/

I've heard that flashing your BIOS won't get rid of it but of you flash it well enough...

Anyway privacy is dead.

*

Offline Lord Dave

  • *
  • Posts: 7653
  • Grumpy old man.
    • View Profile
Re: Firmware backdoors
« Reply #1 on: September 17, 2018, 10:13:20 AM »
Yes, lets make a security software super easy to remove....


You're right, it shouldn't be on by default and should be encrypted.  However outright removal is not really feasable if you want it to actually do the job it needs to do.
If you are going to DebOOonK an expert then you have to at least provide a source with credentials of equal or greater relevance. Even then, it merely shows that some experts disagree with each other.

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16073
  • (◕˽ ◕ ✿)
    • View Profile
Re: Firmware backdoors
« Reply #2 on: September 17, 2018, 12:37:46 PM »
Yes, lets make a security software super easy to remove...
I'm not convinced that CompuTrace can really be called security software. It's tracking software. It might be "good" if you insist, but it doesn't improve your security.

Dell normally starts with CompuTrace (allegedly) deactivated, and provides an option to (allegedly) permanently disable it in UEFI. Whether or not these options actually have any meaning, I don't know.
Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume

*

Offline Lord Dave

  • *
  • Posts: 7653
  • Grumpy old man.
    • View Profile
Re: Firmware backdoors
« Reply #3 on: September 17, 2018, 01:12:14 PM »
Yes, lets make a security software super easy to remove...
I'm not convinced that CompuTrace can really be called security software. It's tracking software. It might be "good" if you insist, but it doesn't improve your security.

Dell normally starts with CompuTrace (allegedly) deactivated, and provides an option to (allegedly) permanently disable it in UEFI. Whether or not these options actually have any meaning, I don't know.
Tracking, remote locking/wiping, IDing who took your stuff.
Its marketed to businesses who let people take laptops home or on business trips.
If you are going to DebOOonK an expert then you have to at least provide a source with credentials of equal or greater relevance. Even then, it merely shows that some experts disagree with each other.

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16073
  • (◕˽ ◕ ✿)
    • View Profile
Re: Firmware backdoors
« Reply #4 on: September 28, 2018, 07:19:03 AM »
https://thehackernews.com/2018/09/uefi-rootkit-malware.html

Yes, Computrace was definitely a good idea. Nobody could have predicted this.
Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume

Rama Set

Re: Firmware backdoors
« Reply #5 on: September 28, 2018, 01:13:30 PM »
Is there an app for that?