Computrace Backdoor Revisited

Explore the security vulnerabilities in modern anti-theft technologies embedded in firmware and PC BIOS of popular laptops and desktop computers. Delve into the potential misuse of Absolute Computrace anti-theft software as an advanced removal-resistant BIOS-based backdoor. Learn about unauthorized activations, network security flaws, and how to exploit remote hosts running Computrace. Discover the inner workings of Computrace, including its suspicious behavior, detection rates, and protocol attacks. Examine the vulnerable protocol design, demo environment, and communication methods of the main agent. Understand local attacks on the configuration block and learn how to detect and deactivate Computrace. Gain insights into similar cases like Radmin and receive practical advice for protecting against these security risks.

Intro
Where is Computrace?
Why this research?
How does it work?
Suspicious Behavior
VT Detection Rate
Attacks on Protocol
Small Agent Protocol
Communication explained
Vulnerable Protocol Design
Demo Environment
Main Agent (rpcnet.exe)
Main Agent Communication
Vulnerable Protection Mechanism
Local attacks - Configuration Block
How to detect Computrace?
How about network detection?
Who activated Computrace?
How to deactivate Computrace?
Some advice
Similar Case: Radmin