Absolute Home & Office (originally known as CompuTrace, and LoJack for Laptops) is a proprietary

laptop theft Laptop theft is a significant threat to users of laptop and netbook computers. Many methods to protect the data and to prevent theft have been developed, including alarms, laptop locks, and visual deterrents such as stickers or labels. Victims ...

recovery software ( laptop tracking software). The persistent security features are built into the firmware of devices. ''Absolute Home & Office'' has services of an investigations and recovery team who partners with law enforcement agencies to return laptops to their owners. Absolute Software licensed the name LoJack from the vehicle recovery service LoJack in 2005. Analysis of ''Absolute Home & Office'' (LoJack) by

Kaspersky Lab Kaspersky Lab (; Russian: Лаборатория Касперского, tr. ''Laboratoriya Kasperskogo'') is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company i ...

shows that in rare cases, the software was preactivated without user authorization. The software agent behaves like a

rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...

, reinstalling a small installer agent into the Windows OS at boot time. This installer later downloads the full agent from Absolute's servers via the internet. This installer is vulnerable to certain local attacks,Absolute Computrace Revisited
/ SecureList, Vitaly Kamluk, February 12, 2014. and attacks from hackers who can control network communications of the victim.

Functionality

Once installed, the ''Absolute Home & Office'' agent makes itself persistent by making an initial call to the "Monitoring Center". The software may be updated by modules, downloaded from a command server. Subsequent contact occurs daily, checking to ensure the agent remains installed and provides detailed data such as location, user, software, and hardware. If the device is stolen the owner is able to contact Absolute. Then, the next time the protected device connects to the

internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, p ...

, it switches to theft mode and accelerates Monitoring Center communication. The Investigations and Recovery team forensically mine the computer using key captures,

registry Registry may refer to: Computing * Container registry, an operating-system-level virtualization registry * Domain name registry, a database of top-level internet domain names * Local Internet registry * Metadata registry, information system for re ...

and file scanning,

geolocation Geopositioning, also known as geotracking, geolocalization, geolocating, geolocation, or geoposition fixing, is the process of determining or estimating the geographic position of an object. Geopositioning yields a set of geographic coordinates ...

, and other investigative techniques. The team works with local law enforcement to recover the protected device, and provides police with evidence to pursue

criminal charges A criminal charge is a formal accusation made by a governmental authority (usually a public prosecutor or the police) asserting that somebody has committed a crime. A charging document, which contains one or more criminal charges or counts, can ...

. In the event of theft, a user can log into their online account to remotely lock the computer or delete sensitive files to avoid

identity theft Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term ''identity theft'' was c ...

. ''Absolute Home & Office'' comes preinstalled in some Acer, Asus,

Fujitsu is a Japanese multinational information and communications technology equipment and services corporation, established in 1935 and headquartered in Tokyo. Fujitsu is the world's sixth-largest IT services provider by annual revenue, and the la ...

Panasonic formerly between 1935 and 2008 and the first incarnation of between 2008 and 2022, is a major Japanese multinational conglomerate corporation, headquartered in Kadoma, Osaka. It was founded by Kōnosuke Matsushita in 1918 as a lightbulb ...

Toshiba , commonly known as Toshiba and stylized as TOSHIBA, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan. Its diversified products and services include power, industrial and social infrastructure systems, ...

Dell Dell is an American based technology company. It develops, sells, repairs, and supports computers and related products and services. Dell is owned by its parent company, Dell Technologies. Dell sells personal computers (PCs), servers, data ...

, HP and

Lenovo Lenovo Group Limited, often shortened to Lenovo ( , ), is a Chinese multinational technology company specializing in designing, manufacturing, and marketing consumer electronics, personal computers, software, business solutions, and related se ...

machines. Apple, unlike some other PC manufacturers, does not allow the software to be installed in the BIOS. Absolute Home & Office can be installed on Apple computers, but it will be stored on the hard drive instead of the BIOS. If the hard drive is replaced or reformatted, the software will be lost. The

BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the b ...

service is disabled by default and can be enabled by purchasing a license for ''Absolute Home & Office''; upon being enabled, the BIOS will copy a downloader agent named rpcnetp.exe from the BIOS flash ROM to the ''System32'' folder on Windows systems. On some Toshiba laptops, rpcnetp.exe is factory-preinstalled by Toshiba on the unit's hard drive. In turn, rpcnetp.exe will download the full agent software and install the rpcnet.exe

Windows service In Windows NT operating systems, a Windows service is a computer program that operates in the background. It is similar in concept to a Unix daemon. A Windows service must conform to the interface rules and protocols of the Service Control Manag ...

. From then on, rpcnet.exe will phone home to ''Absolute Software'' servers once a day, querying for a possible theft report, and transmitting the results of a system scan, IP address, user- and machine names and location data, which it obtains either by tapping the

GPS The Global Positioning System (GPS), originally Navstar GPS, is a satellite-based radionavigation system owned by the United States government and operated by the United States Space Force. It is one of the global navigation satellite sy ...

data stream on machines equipped with GPS hardware, or by triangulating available

WLAN A wireless LAN (WLAN) is a wireless computer network that links two or more devices using wireless communication to form a local area network (LAN) within a limited area such as a home, school, computer laboratory, campus, or office buildin ...

access points in the vicinity, by providing WLAN IDs and signal strengths so ''Absolute Software'' servers can geolocate the device using the Mexens Technology data base. If ''Absolute'' receives a theft report, the service can be remotely commanded to phone home every 15 minutes, install additional 3rd party vendor software, such as a key logger or a forensic package, make

screenshot screenshot (also known as screen capture or screen grab) is a digital image that shows the contents of a computer display. A screenshot is created by the operating system or software running on the device powering the display. Additionally, s ...

s, and various other actions. ''Absolute Home & Office'' also supports

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 ser ...

's '' AT-p'' anti-theft protection scheme. If it is unable to phone home within a configurable time interval it will require a special BIOS password upon the next reboot. It can be configured to shut down the machine's power supply immediately in this case, to force a reboot.

Persistence

The persistence module, installed as part of system BIOS/UEFI, detects when the ''Absolute Home & Office'' software has been removed. It ensures the software is automatically reinstalled even if the hard drive is replaced, or the

firmware In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide h ...

is flashed. ''Absolute Software'' partners with many

original equipment manufacturer An original equipment manufacturer (OEM) is generally perceived as a company that produces non-aftermarket parts and equipment that may be marketed by another manufacturer. It is a common industry term recognized and used by many professional or ...

s to embed this technology in the firmware of computers, netbooks, smartphones, and tablets by Acer, ASUS,

, HP,

, Motion,

Samsung The Samsung Group (or simply Samsung) ( ko, 삼성 ) is a South Korean multinational manufacturing conglomerate headquartered in Samsung Town, Seoul, South Korea. It comprises numerous affiliated businesses, most of them united under the ...

and

Vulnerabilities

The ''Absolute Home & Office'' client has

trojan Trojan or Trojans may refer to: * Of or from the ancient city of Troy * Trojan language, the language of the historical Trojans Arts and entertainment Music * ''Les Troyens'' ('The Trojans'), an opera by Berlioz, premiered part 1863, part 189 ...

and

-like behaviour, but some of its modules have been whitelisted by several antivirus vendors. Earlier it was detected as ''TR/Hijack.Explor.1245'' or ''W32/Agent.SW!tr''. At the

Black Hat Briefings Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together ...

conference in 2009, researchers showed that the implementation of the Computrace/LoJack agent embedded in the BIOS has vulnerabilities and that this "available control of the anti-theft agent allows a highly dangerous form of BIOS-enhanced rootkit that can bypass all chipset or installation restrictions and reutilize many existing features offered in this kind of software." ''Absolute Software'' rejected the claims made in the research, stating that "the presence of the Computrace module in no way weakens the security of the BIOS". Another independent analyst confirmed the flaws, noted that a malware hijacking attack would be a "highly exotic one", and suggested that the larger concern was that savvy thieves could disable the phone home feature. Later, Core Security Technologies proved the researcher's finding by making publicly available several proofs of concept, videos, and utilities on its webpage. Local and remote exploitation of the first stage CompuTrace agent, which is used to install the full version after activation or reinstallation of the operating system, was demonstrated at BlackHat USA 2014. This dropper agent is whitelisted by several antivirus vendors and can be used to set up some local attacks, for example to download and install software from different servers. ESET discovered a first attack in the wild with a rootkit called LoJax that infected vulnerable LoJack configurations.LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
''WeLiveSecurity'' by ESET, 2018-09-27

References

External links

11 Security Resolutions for 2013
/ PCWorld *

/ PCWorld

/ About.com
New last-minute gifts for business travelers
/ USA Today
CompuTrace
at ThinkWiki
Millions of PCs Affected by Mysterious Computrace Backdoor
/ Threatpost, 2014-08-11 {{DEFAULTSORT:Absolute Home and Office Laptops Security software Emergency management software

Functionality

Persistence

Vulnerabilities

See also

References

External links