Kaspersky report 'flawed': Absolute Software
- 14 February, 2014 11:26
Anti-theft software firm, Absolute Software, has hit back at a Kaspersky report which claims its anti-theft software poses a cybersecurity risk.
Kaspersky Lab’s report claims millions of users running Absolute Computrace are at risk of being hijacked by cyber attackers.
The report highlights that the weak implementation of anti-theft software marketed by Absolute Software can turn a useful defensive utility into a powerful instrument for cyber attackers.
The focus of the research was the Absolute Computrace agent that resides in the firmware, or PC ROM BIOS, of modern laptops and desktops.
The major reason for this research project was the discovery of the Computrace agent running on several private computers of Kaspersky Lab’s researchers and corporate computers without prior authorisation.
Kaspersky Lab’s principal security researcher, Vitaly Kamluk, said: “Powerful actors with the ability to tap fiber optics can potentially hijack computers running Absolute Computrace,” he said.
“This software can be used to deploy spyware implants.”
Kamluk said that millions of computers were running Absolute Computrace software and that a large number of the users might be unaware that the software is activated and running.
“Who had reason to activate Computrace on all those computers? Are they being monitored by an unknown actor?,” he said.
“It is the responsibility of the software manufacturer to notify users and explain how the software can be deactivated and disabled,” he said.
However, Absolute Software chief technical officer, Phil Gardner, said Kaspersky’s analysis was ‘flawed’ and rejected its conclusions.
“Kaspersky alleges that the report confirms and demonstrates how Absolute Computrace can be used as a ‘powerful utility for cyber attackers," he said.
“They also assert that this will allow attackers to fully access millions of users’ computers.
“Absolute considers Kaspersky’s analysis flawed.”
A spokesperson for Absolute Software said the company had not been contracted by Kaspersky in order to validate research and provide technical insight.
“We received no response from Kaspersky Lab until the press release and report were published,” a spokeperson said.
“Since we did not have the benefit of reviewing the report until the day it was published, and because we have no insight to the veracity of the technical testing Kaspersky apparently undertook, our response is limited to the narrative within the report.”
Gardner said the report did not describe a demonstration of a successful attack.
“It’s important to note that any potential attack depends upon the endpoint or other devices being compromised first,” he said.
“This must happen before Computrace can be used maliciously. The obstacles to mounting such an attack are considerable and are not achievable via the mechanism outlined in the Kaspersky report.”