On some Toshiba laptops, rpcnetp.exe is factory-preinstalled by Toshiba on the unit's hard drive. The BIOS service is disabled by default and can be enabled by purchasing a license for Computrace upon being enabled, the BIOS will copy a downloader agent named rpcnetp.exe from the BIOS flash ROM to the System32 folder on Windows systems. If the hard drive is replaced or reformatted, the LoJack software will be lost. LoJack can be installed on Apple computers, but it will be stored on the hard drive instead of the BIOS. Īpple, unlike some other PC manufacturers, does not allow the software to be installed in the BIOS. LoJack comes preinstalled in some Lenovo, HP, Dell, Fujitsu, Panasonic, Toshiba, and Asus machines. In the event of theft, a user can log into their online account to remotely lock the computer or delete sensitive files to avoid identity theft. The team works closely with local law enforcement to recover the protected device, and provides police with evidence to pursue criminal charges. The Investigations and Recovery team forensically mines the computer using a variety of procedures including key captures, registry and file scanning, geolocation, and other investigative techniques. The next time the protected device connects to the internet it silently switches to theft mode and accelerates Monitoring Center communication. If the device is stolen the owner first contacts the police to file a report, then contacts Absolute. Subsequent contact occurs daily, checking to ensure the agent remains installed and provides detailed data such as location, user, software, and hardware. The software may be updated by modules, downloaded from a command server. Once installed, the LoJack agent activates "absolute persistence" by making an initial call to the "Monitoring Center". This installer (small agent) is vulnerable to certain local attacks and attacks from hackers who can control network communications of the victim. This installer later downloads the full agent from Absolute's servers via the internet. The software agent behaves like rootkit (bootkit), reinstalling a small installer agent into the Windows OS at boot time. Īnalysis of Computrace by Kaspersky Lab shows that in rare cases, the software was preactivated without user authorization. Ībsolute's Computrace persistence module is preinstalled into many BIOS images by most laptop vendors. Īctivated Computrace/LoJack for Laptops periodically phones home to Absolute Software's server to both announce its location and to check to see if the machine has been reported stolen. Ībsolute Software licensed the name LoJack from the vehicle recovery service LoJack in 2005. Additionally, LoJack for Laptops provides additional services of an investigations and recovery team who partners with law enforcement agencies around the world to return protected laptops to their owners. The persistent security features are built into the firmware of devices themselves. LoJack for Laptops (originally known as CompuTrace) is a proprietary laptop theft recovery software ( laptop tracking software) with features including the abilities to remotely lock, delete files from, and locate the stolen laptop on a map. Please update this engineering to reflect recent events or newly available information. Parts of this engineering (those related to Software seems to be renamed or not sold anymore) need to be updated.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |