Highlighted
dmillfree
1 Copper

Computrace Proven to be vulnerable by hackers

Computrace is a Lojack for Computers specifically laptops and maybe some optiplex units. Copmutrace has been proven to be vulnerable to hacker attack and take over.

http://securelist.com/analysis/publications/58278/absolute-computrace-revisited/

Ok here is what I know from reading up on this after experiencing some issues with several Dell laptops.

Computrace activated in the bios still install Computrace agent files into the windows operating system
 whether or not the computrace software is installed or not. As long as it is activated in the bios it does this.

Computrace alters autochk.exe a windows system file with it's own version. Upon booting the laptop
 a service gets created I have noticed 2 versions rcpnet and rcpnetp. THe files that get installed are

"C:\Windows\SysWOW64\rpcnet.dll"
"C:\Windows\SysWOW64\rpcnetp.dll"
"C:\Windows\SysWOW64\rpcnetp.exe"
"C:\Windows\SysWOW64\rpcnet.exe"


"C:\Windows\System32\rpcnet.dll"
"C:\Windows\System32\rpcnetp.dll"
"C:\Windows\System32\rpcnetp.exe"
"C:\Windows\System32\rpcnet.exe"

what happens is these mechanisms create a process that contacts Computrace servers whether or not Computrace software is installed. These files are coming from the bios and or the altered autochk.exe file.

I noticed this when I started buying repairing and selling Dell Laptops.

My routine went like this buy a laptop completely update everything starting with the bios.
 I noticed after several bios updates that on every laptop Computrace was somehow activated.
 Also If you clone a windows installation that has these "Computrace Agent" Files installed that could be what is triggering Computace to activate in the bios.

So to sum this all up Computrace activated in the bios will install "Computrace Agent Files" Into a windows operating system and Will contact Absolute Computrace Servers. Without your consent or knowledge. This also leaves you wide open to the security vulnerabilty that was just revisited by the black hat hackers.

Dell and Absolute need to allow Legitimate customers deactivate this security risk.

Tags (3)
1 Reply
ademcal
1 Nickel

RE: Computrace Proven to be vulnerable by hackers

I am thinking same like you where is the Deactivate Computrace Beside ı am new Dell 7559 user.

0 Kudos