Gillian Shaw
Sun
Vancouver‘s Absolute Software is dismissing allegations that its security-tracking technology leaves computers vulnerable to takeover by hackers.
“These guys are completely wrong and they are completely off base,” said Absolute chief executive John Livingston of claims made in a paper presented by Alfredo Ortega and Anibal Sacco at the Black Hat security conference in Las Vegas this week.
The pair, with Core Security Technologies, claim Absolute’s Computrace software used to trace lost or stolen computers can be exploited by criminals to take control of computers.
Absolute responded to the allegations late Friday with a release saying they are unfounded, and that computer systems with Computrace are secure.
The software is built into many computers made by major manufacturers and is based on a subscription model in which users can choose to use the tracking software.
Livingston said the researchers “took what we do out of context” and didn’t talk to the company. He said the tracking software can only be controlled by the owner of the device, and any changes made to the code would trigger a virus alert. “Attempting to alter the Computrace BIOS module [part of the computer used to boot the system] for malicious purposes will not defeat conventional detection as claimed by the authors,” the company said in its release. “Any alteration to the BIOS module will cause any popular antivirus software to alert the customer.
“More importantly, if the BIOS of a computer has been compromised by an attacker, that machine is exposed to innumerable other vulnerabilities far beyond the scope of the Computrace BIOS module. The presence of the Computrace module … in no way weakens the security of the BIOS.”
If a computer is stolen, it can “call home” — alerting authorities to its location — and any data on the computer can be remotely wiped clear.
Livingston said the company has received many calls in the wake of the release of the research, but he said computer manufacturers understand that Absolute’s product doesn’t result in the supposed security vulnerability. “They don’t have the right to publish incorrect information,” he said of Ortega and Sacco. “We’ll be discussing that with them in due course.”
The company is not talking to its lawyers about legal action. “At this point in time our purchasers and customers are viewing this as inaccurate and not as a credible report.”
Shares in Absolute closed Friday on the TSX up 18 cents at $5.79.
© Copyright (c) The Vancouver Sun
