Lojack (formerly CompuTrace) Becomes a Double-Agent

ASERT recently discovered Lojack agents containing malicious C2s. These hijacked agents pointed to suspected Fancy Bear (a.k.a. APT28, Pawn Storm) domains. The InfoSec community and the U.S. government have both attributed Fancy Bear activity to Russian espionage activity. Fancy Bear actors typically choose geopolitical targets, such as governments and international organizations. They also target industries that do business with such organizations, such as defense contractors. Lojack, formally known as Computrace, is a legitimate laptop recovery solution used by a number of companies to protect their assets should they be stolen. Lojack makes an excellent double-agent due to appearing as legit software while natively allowing remote code execution. Although the initial intrusion vector for this activity remains unknown, Fancy Bear often utilizes phishing email to deliver payloads.


Wikipedia on LoJack: “Analysis of Computrace by Kaspersky Lab shows that in rare cases, the software was preactivated without user authorization. The software agent behaves like rootkit (bootkit), reinstalling a small installer agent into the Windows OS at boot time. This installer later downloads the full agent from Absolute’s servers via the internet. This installer (small agent) is vulnerable to certain local attacks[8][9] and attacks from hackers who can control network communications of the victim.”




Absolute introduces Absolute Reach




Absolute Reach™ is a flexible endpoint security feature within the Absolute Platform that gives you the power to execute custom discovery, compliance, and remediation tasks across 100% of your endpoints on-demand, anytime or anywhere:

• Assess and enhance security posture: Always-on visibility and control—on and off the network
• Eliminate blind spots: Remediate known vulnerabilities on the spot
• Gather precise insights from any endpoint: Evaluate risk and prove compliance
• Remediate with lightning speed: Script once. Deploy everywhere
• Validate delivery for compliance assurance: Receive confirmation of successful delivery and execution


Absolute seeks OEM Business Development Director

It is an exciting time for the Absolute and Microsoft partnership!  Absolute’s placement in Windows device firmware provides a truly unique position within the Microsoft partner ecosystem. We continue to strengthen this relationship by opening new doors of engagement through our recent product integration announcements. To further support the relationship, we are looking for a tenured Business Development Director[…]


Absolute included in new Microsoft Surface devices

Excerpt from press release:

Absolute to Support New Microsoft Surface Pro 4 and Surface Book

Absolute(R) Software Corporation today announced support for the upcoming Microsoft(R) Surface Pro 4 and Surface Book devices. Persistence(R) technology by Absolute will be embedded into the firmware of these devices at the factory. Once activated, Absolute Data & Device Security (formerly Absolute Computrace(R)) will deliver a reliable two-way connection with all endpoints, regardless of user or location, enabling IT to maintain control of these devices and the data they contain.

Full press release:

European agreement for Absolute and Lenovo

The Canadian ISV/IHV Absolute Software Corporation is working with the European branch of the Chinese OEM Lenovo, to apply CompuTrace — now called Absolute(R) — silicon/firmware-level tracking technology within Europe. Excerpt of press release:

Absolute Collaborates with Lenovo EMEA to Introduce European Factory Activation

Absolute Software Corporation, the industry standard for persistent endpoint security and data risk management solutions, today announced the Company has entered into an agreement with Lenovo EMEA to introduce European factory activation of Absolute Data & Device Security (DDS) (formerly Absolute Computrace). Under this agreement, Lenovo EMEA will incorporate the automated deployment of Absolute DDS, (which will trigger the activation of Persistence technology by Absolute) through Lenovo’s Imaging Technology Center for its European customers. As part of this factory image, customers can opt to load and activate Absolute DDS onto all of their Lenovo devices before shipment.

“Many of our enterprise customers want their Lenovo devices to be protected while in transit. By installing Absolute DDS and activating Persistence technology, our customers will be able to secure these endpoints before they leave the factory,” said Stefan Larsen, EMEA business development manager, Lenovo. “This agreement also allows our customers to reduce the resources spent on configuring and imaging devices, without compromising best-in-class security.”

“Lenovo’s Imaging Technology Center delivers a customized, out-of-the-box experience for its enterprise customers,” said Geoff Haydon, chief executive officer, Absolute. “We are excited to expand our participation in this program to Lenovo customers in Europe. This agreement represents a tremendous opportunity for us to strengthen our position in the region.”

More information:


So,  some of Lenovo’s enterprise customers are concerned about new computers being stolen or otherwise manipulated before they leave the factory? Who can attack OEM systems at this point in the system? Is this just an issue for Lenovo, or do other OEM’s enterprise customers also have this kind of concern? How does this new Absolute/Lenovo change impact attacker’s ability to attack system before the hardware comes to Europe and Persistence technology gets activated?

I wish OEMs would give me the OPTION to have this feature, not presume all of their systems are sold to enterprises. I wish someone would maintain a list of modern CompuTrace-free systems, for non-enterprise citizens who don’t want it installed, as it is useless, since CompuTrace is only available to enterprises. It seems that their compatibility lists include nearly all modern OEM systems. Hmm, does Purism or Novena have it? Did the old Thinkpads — that are being refurbished with Libreboot and resold by 2 companies– have it?

Absolute divests some assets to HEAT

Absolute Software, makers of the Persistance(TM) silicon/firmware tracking technology, is selling off some of it’s products, to focus on it’s core security business.

HEAT Software, a global provider of Hybrid Service Management and Unified Endpoint Management (UEM) solutions for organizations of all sizes, today announced that it has reached a definitive agreement to acquire the assets and operations related to Absolute Manage and Absolute Service from Absolute Software Corporation. HEAT Software is a portfolio company of Clearlake Capital Group.

Absolute Software Corporation (TSX: ABT) today announced that it has signed a definitive agreement with HEAT Software for the sale of the assets and operations related to Absolute Manage(R) and Absolute Service, its computer lifecycle management and IT service management businesses. The transaction is subject to the satisfaction of normal closing conditions and is expected to close in early October, 2015. After the transaction closes, Absolute will work closely with HEAT Software to ensure a smooth transition and uninterrupted service to existing Absolute Manage and Absolute Service customers.

“We are pleased with the terms of this agreement and are incredibly excited for the future of our business,” said Geoff Haydon, chief executive officer, Absolute. “This divestiture enables us to singularly focus on our core information security business. With the ability to focus resources and investments on our adaptive endpoint security solutions, we are favorably positioned to accelerate our technology roadmap, extend our unique persistence platform, and strengthen our market leadership in this important segment globally.”




AMD adds Absolute ComputeTrace support

Today AMD joins Intel in adding Absolute’s CompuTrace technology into their systems:

Absolute collaborates with AMD to extend benefits of persistence technology
Vancouver, Canada: August 18, 2015– Absolute® Software Corporation (TSX:ABT), the industry standard for persistent endpoint security and data risk management solutions for computers, laptops, tablets and smartphones, today announced an agreement with Advanced Micro Devices, Inc. (AMD) to incorporate Persistence® technology by Absolute into AMD chip designs.
Under the terms of this agreement, Absolute and AMD will provide an enhanced security offering by embedding patented Persistence technology directly into AMD x86 APU technologies.
“In the interest of improving the privacy and security of our customers, we have been steadfast in our commitment to evolve security offerings through our technology,” said Roy Taylor, corporate vice president, Alliances, AMD. “We are excited to work with Absolute to leverage its unique Persistence technology by integrating this security functionality into AMD processors.”
“AMD is a long-tenured leader in the semiconductor industry with a keen focus on advancing security offerings on the devices they power,” said Geoff Haydon, chief executive officer, Absolute. “By working together, we can explore new ways to advance Persistence technology and deliver a higher level of data and device security to AMD and Absolute customers.”
Persistence technology by Absolute is embedded into the core of devices at the factory. Once activated, Persistence technology provides a reliable two-way connection so IT can confidently manage mobility, investigate potential threats, and take action if a security incident occurs.


Absolute Joins the RSA Ready Technology Partnership Program

Yesterday, Absolute announced that they’ve joined the RSA Ready Technology Partnership Program.

“Absolute announced today a new collaboration with RSA to offer enhanced endpoint data collection and remediation. As part of the RSA Ready Technology Partnership program, this effort is designed to deliver seamless interoperability between Absolute and RSA Security Analytics, an industry leading advanced threat detection and forensics platform. Using the Absolute SIEM connector, mutual customers can now get deeper visibility into their endpoint deployments by feeding vital Absolute endpoint data directly into the RSA Security Analytics monitoring platform.  If an endpoint security alert is triggered, customers will be able to promptly investigate and respond to potential threats within the broader context of the RSA Security Analytics environment. Customers will also be able to correlate logs, packets, NetFlow, and endpoint data, all within the same platform.”

“Absolute’s Persistence(R) technology is embedded into the core of most devices at the factory. Once activated, it provides organizations with comprehensive visibility into all of their devices so they can confidently manage mobility, investigate potential threats, and take action if a security incident occurs. Most importantly, they can apply remote security measures to protect each device and the data it contains.”

See the full announcement for more details:


Absolute’s CompuTrace is a unique security tool for firmware, it’s device is embedded into many (most?) modern systems, and the device checks if software support is disabled in the firmware, and re-enables it.

“Absolute Data & Device Security (DDS), formerly Absolute Computrace, is an adaptive endpoint security solution. It provides you with a persistent connection to all of your endpoints and the data they contain.”

“Our OEM partners embed Persistence technology into the BIOS or firmware of computers, netbooks, tablets, and smartphones during the manufacturing process. Once activated, customers who purchase these devices benefit from an extra level of security, persistence, and support.”

“Persistence technology from Absolute provides you with visibility and control over all of your devices, regardless of user or location. If an Absolute software client is removed from an endpoint, it will automatically reinstall so you can secure each device and the sensitive data it contains. No other technology can do this. Persistence technology is built into tens of millions of devices around the world and provides organizations with a trusted lifeline to each device in their deployment, regardless of user or location.”

You can use UEFITool to see if Absolute is in your firmware by searching for “computrace” Unicode string.