![]() I wish OEMs would give me the OPTION to have this feature, not presume all of their systems are sold to enterprises. So, some of Lenovo’s enterprise customers are concerned about new computers being stolen or otherwise manipulated before they leave the factory? Who can attack OEM systems at this point in the system? Is this just an issue for Lenovo, or do other OEM’s enterprise customers also have this kind of concern? How does this new Absolute/Lenovo change impact attacker’s ability to attack system before the hardware comes to Europe and Persistence technology gets activated? This agreement represents a tremendous opportunity for us to strengthen our position in the region.” “We are excited to expand our participation in this program to Lenovo customers in Europe. “Lenovo’s Imaging Technology Center delivers a customized, out-of-the-box experience for its enterprise customers,” said Geoff Haydon, chief executive officer, Absolute. “This agreement also allows our customers to reduce the resources spent on configuring and imaging devices, without compromising best-in-class security.” By installing Absolute DDS and activating Persistence technology, our customers will be able to secure these endpoints before they leave the factory,” said Stefan Larsen, EMEA business development manager, Lenovo. “Many of our enterprise customers want their Lenovo devices to be protected while in transit. As part of this factory image, customers can opt to load and activate Absolute DDS onto all of their Lenovo devices before shipment. Under this agreement, Lenovo EMEA will incorporate the automated deployment of Absolute DDS, (which will trigger the activation of Persistence technology by Absolute) through Lenovo’s Imaging Technology Center for its European customers. Excerpt of press release:Ībsolute Collaborates with Lenovo EMEA to Introduce European Factory ActivationĪbsolute Software Corporation, the industry standard for persistent endpoint security and data risk management solutions, today announced the Company has entered into an agreement with Lenovo EMEA to introduce European factory activation of Absolute Data & Device Security (DDS) (formerly Absolute Computrace). The Canadian ISV/IHV Absolute Software Corporation is working with the European branch of the Chinese OEM Lenovo, to apply CompuTrace - now called Absolute(R) - silicon/firmware-level tracking technology within Europe. This installer (small agent) is vulnerable to certain local attacks and attacks from hackers who can control network communications of the victim.” This installer later downloads the full agent from Absolute’s servers via the internet. The software agent behaves like rootkit (bootkit), reinstalling a small installer agent into the Windows OS at boot time. Wikipedia on LoJack: “Analysis of Computrace by Kaspersky Lab shows that in rare cases, the software was preactivated without user authorization. ![]() Although the initial intrusion vector for this activity remains unknown, Fancy Bear often utilizes phishing email to deliver payloads. Lojack makes an excellent double-agent due to appearing as legit software while natively allowing remote code execution. ![]() Lojack, formally known as Computrace, is a legitimate laptop recovery solution used by a number of companies to protect their assets should they be stolen. They also target industries that do business with such organizations, such as defense contractors. Fancy Bear actors typically choose geopolitical targets, such as governments and international organizations. government have both attributed Fancy Bear activity to Russian espionage activity. These hijacked agents pointed to suspected Fancy Bear (a.k.a. Interesting findings by about Computrace/LoJack (UEFI rootkit) malicious activity We already discussed LoJack low-level details in #BHASIA talk last year (from slide 33) Alex Matrosov May 2, 2018ĪSERT recently discovered Lojack agents containing malicious C2s.
0 Comments
Leave a Reply. |