Your PC or Laptop May Have a Backdoor Enabled by Default, Millions Do - Computerworld

Computerworld, By Darlene Storm

Did you grant permission for a LoJack-like software to establish secret communications and connect to a server each time you boot up your laptop or PC? That answer is probably not, but most PCs have the anti-theft softwareAbsolute Computrace embedded in their BIOS/UEFI. Although it’s legitimate software, it behaves a lot like malware, leaving a “backdoor” that could allow attackers to execute remote code. In fact, at Black Hat USA, researchers used Computrace vulnerabilities to remotely wipe a brand new out-of-the-box Windows 8 x64 laptop.

"Absolute Backdoor Revisted" was presented by Kaspersky Lab's Vitaly Kamluk and Sergey Belov, along with Anibal Sacco from Cubica Labs. During their presentation (pdf), they abused Computrace in multiple live demos to show how an attacker could take complete control of a PC. They are not certain if Computrace was enabled by default on most PCs by human error or unintentionally turned on by manufacturers, but they don’t believe it was introduced with malicious intentions. “Computrace was designed with good intentions, but our research shows that vulnerabilities in this software can turn a useful tool into a powerful weapon for cybercriminals.” Read more.