Full Disclosure mailing list archives
Re: Breaking LoJack for Laptops
From: Bob Hacker <bob.hacker () gmail com>
Date: Sat, 24 Dec 2005 09:57:24 -0600
Let me begin with your very very WRONG. Those laptops cant be hacked even with the password. Have you lost what little mind you have left? Thats like saying there isnt a local for * 2.6.x stolen from lorians /home , give me a break. Go audit linksys router manual on typo's or something. And merry xmas !Z On 12/24/05, obnoxious () hush com <obnoxious () hush com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Breaking Computrace's Lo Jack for Laptops J. Oquendo obnoxious () hush com :: "Can you hear me now?" 12/24/05 After my company spent a pretty penny purchasing this Absolute's Computrace "Lojack for Laptops" product, I decided to write up a "How-To Defeat LoJack For Laptops" article. Why? Why not? Maybe the vendor can step it up a notch and create something that actually functions without flaw. This is not to say the product doesn't work to some capacity, this article tends to solely clarify what this product is and how simple it is to disable it. Here is Asbolute's advertisement: LAPTOP SECURITY PREVENTS LAPTOP THEFT. Computrace is laptop security and tracking software which deters laptop theft and recovers stolen computers – guaranteed. Absolute also provides software inventory, computer inventory, PC inventory, PC audits, IT asset management, asset tracking, software license management, and data security tools and services. I'd like to know how their product prevents laptop theft or even minimizes it. The ad is humorous. For the company to guarantee they can deter theft is another oddity. For starters there are no markings on my own laptop that state "Protected by Absolute" or anything similar. Even if there were, I highly doubt - that even if there were markings on my laptop - that would stop someone from picking up my machine and taking off with it. Secondly to state they can recover my laptop is even stranger. Lastly, someone might confuse Absolute with Absolut and snicker at it. To date my laptop has not "called in" for about sixty plus days. Should I call Absolute and put them to the test? The outcome would be nothing more than a refund for Computrace. Data? Laptop? Sayanora. So here is what Computrace is; it is nothing more than a piece of software that details what your machine is, and reports this data back to the Absolute website. This is some the information the reporting contains for some for those machines running this gimmick: Call Tracking Information (for my own laptop) Computrace Agent first installed on (first call): 11/10/2005 9:06:38 AM Computrace Agent version: 814 Computrace Agent last called on: 11/13/2005 2:20:17 PM Computrace Agent last called from: 192.168.0.1 Computrace Agent next call scheduled for: 11/14/2005 2:50:17 PM Asset tracking data last collected on: 11/13/2005 2:20:17 PM MY_USERNAME MY_LAPTOP_NAME Assig. Username: Make: Dell Computer Model: INSPIRON_6000 Serial# XXXXXXX Asset# 11/13/2005 2:20:17 PM 814 Active Today is December 24th 2005. Prior to the 11/10 date, I had the program installed and disabled it without any notice for approximately 64 days, then reinstalled it for testing purposes. Obviously had I stolen this laptop, Absolute wouldn't be able to do anything about it. They don't know where it's at. At least they let me know something was cooking: Dear Customer Center User: This is an automatic e-mail notification generated by the Customer Center alerting system. Please visit https://www.Absolute.com/public/secure/login.asp to investigate your new alert. The following alert(s) configured for your account have been triggered: * Alert Name: Last called 20 days ago * Description: Pre-defined alert - if you don't wish to use this alert, leave it in a suspended status (note that it will be recreated in a suspended status if deleted) * Alert Type: Automatic Reset in 10 days * Alert Condition: Last Call Time - Greater or Equal To - 20 day(s) since last call * Detected on: 24 Dec 2005 00:28:34:5 You have computers that have not called within a specific time period (as defined by the alert condition). For customers with the recovery guarantee: Note that the guarantee becomes invalid for computers that have not called in more than 30 days. Please refer to your Terms and Conditions for more information. For customers with the recovery service: The chances of recovering a computer post-theft are reduced if the computer is not calling regularly. For customers with asset tracking: your asset data is likely to be out of date for computers that haven't called in recently All Customers: You can use the ctmweb management tool to confirm that the agent software is installed and, if necessary, reinstall it. If the agent is installed, the ctmweb management tool can be used to perform a test call. Once machines call into the monitoring center, they automatically meet the call-back criteria for eligibility for the guarantee.To retrieve the list of computers, log into the Customer Center and follow the instructions below: a. Click on Reports. b. Go to "Call History and Loss Control" , click on "Missing Computers". In the box below "Show all Computers where...", under where it states: "group name is" use the drop down to select the group name: "Recovery Guarantee" then to the right, enter 20 days. Once done, click on "show results".This will provide you with a list of computers that need attention. ESN: XXXXXXXXXXXXXXXXXXXX PC Name: [MACHINE_X] Username: [username] Department: [departmentname] That message is reassuring. It's letting me know MACHINE_X hasn't been online. It is up to me to report it stolen so Absolute can retrieve it. But how do they expect to do this. There isn't anything other than a little program which runs after Windows has started that waits for connectivity to scream for help. Now let's look at what Absolute is using to find a stolen machine shall we? Computrace Agent last called from: 192.168.0.1 Secure? Doubtful. Absolute is solely relying on an IP address to track a machine. One of the problems with this is that they will need to go to court and request the information from the ISP on who used that IP address, after getting this information, they can only hope they will find the machine at that location. How much would it cost Absolute to go through these motions? Even if they did go through these motions, why should they when they can just refund someone the cost of the Computrace software. Or, what happens when a stolen laptop is using stolen resources for connections? Like say an open Wi-Fi hotspot? What does Computrace expect to do when someone reinstalls an operating system over the system with their software running. That software is useless. It's that simple. Reinstalling an operating system over a stolen laptop will automaGically make Computrace as useful as an industrial freezer in Antarctica, useless. Now supposing you stole a laptop with Computrace installed on it, and actually wanted to keep the data, you have one of a few choices: copy the data, wipe the drive and make a clean OS installation, or you can simply kill the process and modify the Windows registry to rid yourself of this gimmick. What are you looking for? A program called RPCNETP.EXE. You could search the registry for it and rename it, delete it entirely, stop the services by going to the Windows Control Panel/Administrative Tools/Services and stop it from there. Use Sysinternal's Process Explorer, Knoppix. I could count numerous ways to disable this product. As for the service Absolute offers, I've logged in twice in six months because I was wondering who was sending me those annoying alerts, and I wanted to see exactly what information was being passed over to Absolute's databases. Final word? Want security think Biometrics before a bios boot up, disabling CD/DVD start ups, passwording the bios. All in all there is little one can do when a laptop is stolen. Other than insurance purposes, I see this product as being nothing more than a gimmick. Sadly I was hoping I could give them some form of kudos. Maybe I can, their website and packaging are nice. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkOtY7wACgkQo8cxM8/cskousQCgvWJNpxfseItFts2OeTJMEBRjhEYA oK4F3A9hl5L66qX3R5A/29zMsQKN =sVF5 -----END PGP SIGNATURE----- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Breaking LoJack for Laptops obnoxious (Dec 24)
- Re: Breaking LoJack for Laptops Bob Hacker (Dec 24)
- Re: Breaking LoJack for Laptops Andrew Wong (Dec 25)
- Re: Breaking LoJack for Laptops Bob Hacker (Dec 25)
- Re: Breaking LoJack for Laptops Bob Franklin (Dec 25)
- Re: Breaking LoJack for Laptops Andrew Wong (Dec 25)
- Re: Breaking LoJack for Laptops Bob Hacker (Dec 24)
- RE: [inbox] Breaking LoJack for Laptops Exibar (Dec 27)
- Re: [inbox] Breaking LoJack for Laptops Michael Holstein (Dec 27)
- Re: [inbox] Breaking LoJack for Laptops Steve Friedl (Dec 27)
- Re: [inbox] Breaking LoJack for Laptops Michael Holstein (Dec 27)
- Re: [inbox] Breaking LoJack for Laptops nocfed (Dec 28)
- Re: [inbox] Breaking LoJack for Laptops Michael Holstein (Dec 27)
- Re: [inbox] Breaking LoJack for Laptops J.A. Terranson (Dec 27)
- <Possible follow-ups>
- Re: Breaking LoJack for Laptops obnoxious (Dec 25)