Author Topic: Computrace / Lojack on laptops  (Read 3020 times)

0 Members and 1 Guest are viewing this topic.

Offline TerraHertzTopic starter

  • Super Contributor
  • ***
  • Posts: 3958
  • Country: au
  • Why shouldn't we question everything?
    • It's not really a Blog
Computrace / Lojack on laptops
« on: April 28, 2017, 12:02:47 pm »
That pile-o-laptops (https://www.eevblog.com/forum/testgear/list-your-test-equipment-score-here!/msg1189158/#msg1189158) has led to some interesting discoveries.

For one thing, who has heard of Computrace /  Lojack ?
It's supposedly a persistent application intended to allow recovery of stolen laptops. Looking into it makes it sound not so altruistic.

Where I found out it exists:

 http://forums.whirlpool.net.au/archive/2213357
  eddiesun  posted 2014-Jan-24, 11:37 pm AEST   O.P.
  Does anyone know to to reset or remove supervisor password for Lenovo S10s? the laptop that government gave
  out to school kids years ago. is there other way other than remove backup battery?
  Now my cousin want to reinstall windows agian but got stuck with SVP.

  PookeyMaster
  posted 2014-Jan-27, 2:00 pm AEST
  If the DER laptop still has a BIOS password then more than likely CompuTrace (the tracking software and chip) is still active.
  One of it's features is that the BIOS password is stored in the CompuTrace chip as well as the CMOS so that if it's deleted,
  it's instantly restored. Removing the battery won't do anything if CompuTrace is still active.


Googling: computrace

http://techhelp.mcla.edu/index.php/Computrace_Software

https://en.wikipedia.org/wiki/LoJack_for_Laptops

http://www.freakyacres.com/remove_computrace_lojack     How to remove Computrace Lojack

https://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700/
  Millions of PCs Affected by Mysterious Computrace Backdoor   August 11, 2014

  Kamluk described Computrace’s exploitability as follows:
    “The software is extremely flexible. It’s a tiny piece of code which is a part of the BIOS.
    As far as it is a piece of the BIOS, it is not very easy to update the software as often.
    So they made it very extensible. It can do nearly anything. It can run every type of code.
    You can do to the system whatever you want. Considering that the software is running on these
    local system privileges, you have full access to the machine. You can wipe the machine,
    you can monitor it, you can look through the webcam, you can actually copy any files,
    you can start new processes. You can do absolutely anything.”


https://sourceforge.net/projects/computrace-lojack-checker/
  Computrace Lojack Checker
  This tool check for any presence of the Computrace / Lojack spyware.
  With this simple utility check if the Computrace / Lojack spyware is on your computer. It can add lines on your
  hosts files to disable communications between your computer and the Computrace servers.

  Follow the detection method described at
  http://korben.info/computrace-lojack-absolute.html  (French. Includes looong list of affected laptops)



So... around 2010-12 the Education dept was handing out free laptops to schoolkids, with remote camera spyware enabled.
Because that's where these came from. Nearly 10 years old, obsoleted and disposed of (to me), but it seems they have it.

My job is to remove it from the BIOS and everything else from the HDD, then see about giving most of them away. Looks like some will be going to Philippines. The Lenovo s10e are pretty nice. Absent the spyware.



Collecting old scopes, logic analyzers, and unfinished projects. http://everist.org
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf