Friday, August 7, 2009

The CompuTrace LoJack and Organizational Security Practices

Many of the usual security sites have picked this story up - ZDNet's Ryan Naraine covers Alfredo Ortega and Anibal Sacco's discovery of vulnerabilities and issues in CompuTrace LoJack for Laptops. The duo, both from Core Security Technologies, explain that the BIOS level theft recovery tool can be exploited allowing a persistent compromise. The fixed strings used in the program for remote connections make it an easier target - and worse, because it is a common security program, compromises of it pose an even greater threat - Naraine notes that it is whitelisted by AV vendors, meaning that in many cases a compromise may go unnoticed.

As a security professional, I now have to ensure that we track whether laptops are shipped with a BIOS level recovery tool, and I need to work with our desktop support staff to make sure that another utility gets patched. Since this ships on many laptops, we may not even be aware of its existence in many cases.

Is it a major threat? Probably not. Is it worth watching and preparing for? Quite probably. For now, I'll check our major vendors default installs so that I can advise the appropriate management members.

No comments: