Hostwinds Blog

Search results for:

Kaspersky Lab researchers have recently released a report announcing that a "_legitimate anti-theft software_" can leave personal computer systems "_vulnerable to remote hijack_, "according to an article published by S.C. Magazine. The article states that this vulnerability impacts "_millions of users with the activated installation_" of this software on their computers.

According to the article, Kaspersky's findings outlined the product "Absolute Computrace_" which was developed by the Texas-based company Absolute Software. The report confirms that their product page claims that the software "_allows organizations to persistently track and secure all of their endpoints within a single cloud-based console_" which is concerning to Kaspersky researchers. The research that Kaspersky experts have conducted "_haven't seen any evidence of Computrace's weaknesses being used to carry out attacks_, "but they have determined that "_an attack on a local area network via address resolution protocol (ARP) poisoning was possible."

The researcher's report indicates that because this "tracking_" software is "_pre-installed in the firmware of laptops and desktops_" and complex for users "_to remove or disable_, "the flaws in its security are an obvious issue. The article quoted the report by stating, "_The protocol used by the [Computrace] Small Agent provides the basic feature of remote code execution. The protocol doesn't use any encryption or authorization with the remote server, which creates numerous opportunities for remote attacks in a hostile network environment."

Read more about how this software may be activated on approximately "_2 million computers around the globe, with the majority of computers located in the U.S. and Russia_" in the full article here at S.C. Magazine.

Written by Bryon Turcotte  /  February 13, 2014

Need help? Chat now!