COMPUTRACE BACKDOOR REVISITED

Black Hat USA 2014

Presented by: Sergey Belov, Vitaliy Kamluk, Anibal Sacco
Date: Wednesday August 06, 2014
Time: 17:00 - 18:00
Location: South Seas IJ

This presentation includes a live demonstration of security flaws in modern anti-theft technologies that reside in firmware and PC BIOS of most popular laptops and some desktop computers. While the general idea behind anti-theft technology is good, improper implementation can render it useless as well as harmful, or even extremely dangerous. We have found several proofs of unauthorized activations of Absolute Computrace anti-theft software on our private and corporate computers and discovered that this software can be used as an advanced removal-resistant BIOS-based backdoor.

While physical security and a lack of proper code validation have already been shown in prior research presented at Black Hat 2009 by Anibal Sacco and Alfredo Ortega from Core Labs, in our research we demonstrate network security flaws. Our demo will show how to own remote hosts running Absolute Computrace. And there is a cool extra surprise for those who have already heard about Computrace network issues.

Vitaliy Kamluk

Vitaly Kamluk has 10+ years work experience in IT security and now is Principal Security Researcher at Kaspersky Lab. He specializes in malware reverse engineering, computer forensics, and cybercrime investigations. He has presented at many security conferences including DEF CON, FIRST, Underground Economy, PHDays, ZeroNights and more.

Sergey Belov

Anibal Sacco

Anibal Sacco is an information security professional specialized in reverse engineering. He is a former Senior Exploit Writer and Security Researcher at CORE Security Technologies. He has been researching embedded devices and developing exploits for Windows, OS X, and Linux since 2006. Nowadays, he is co-founder and researcher at Cubica Labs, a security research and consulting startup. As a researcher, he has published several papers and presented at some of the most important security conferences like Black Hat, CanSecWest, SyScan, Ekoparty, and EUSecWest.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats