Who is "Absolute Persistence", and why is their spyware on 600M computers?

walterbell 1 year ago |

CompuTrace has been shipped by every major x86 PC OEM for decades, for Windows process injection, https://en.wikipedia.org/wiki/Absolute_Home_%26_Office

> Absolute Home & Office (originally known as CompuTrace, and LoJack for Laptops) is a proprietary laptop theft recovery software (laptop tracking software). The persistent security features are built into the firmware of devices. Absolute Home & Office has services of an investigations and recovery team who partners with law enforcement agencies to return laptops to their owners. Absolute Software licensed the name LoJack from the vehicle recovery service LoJack in 2005.

There used to be a BIOS option for on/off and "Permanently Disable", but that might have changed in recent versions.

HP: https://support.hpwolf.com/s/article/Absolute-Software-Activ...

Dell: yikes, the 2024 version is a permanent one-way, one-time option for Activate or Disable? Need to check status on eBay device purchases. https://www.dell.com/community/en/conversations/inspiron/how...

Lenovo: that one time we accidentally enabled it, https://support.lenovo.com/us/en/solutions/ht105220-unintend...

Apple x86 laptops: shipped an Arm microcontroller (T2 Security Enclave) to assert control of interactions between x86 CPU and disk storage, until they could replace the CPU with Apple Silicon.

HN ranking history for this thread: https://hnrankings.info/42277714/

unsnap_biceps 1 year ago | |

Are you saying Apple x86 shipped with this? Or are you saying the T2 is equivalent?

walterbell 1 year ago | | |

T2 is exclusively under Apple control, without dependency on a third party (e.g. Intel, Management Engine, Absolute).

The functionality of different T2 generations has been documented by Apple and security researchers.

T2 included Activation Lock / Anti-Theft features.

altairprime 1 year ago | | |

So, to confirm: Apple has no involvement with LoJack / Absolute; but you’ve included them because .. they have a better-known anti-theft system?

walterbell 1 year ago | | |

Apple implemented an anti-theft system under their own control, even when shipping x86 platforms.

Any other x86 OEM could have done the same, instead of handing control to 3rd-party CompuTrace / LoJack / Absolute.

As HP says in the document at the start of this sub-thread:

  If the [Absolute] product is currently enabled, the risk is someone else is in a position to lock the system, wipe the drive and/or retrieve files.

altairprime 1 year ago | | |

> even when shipping x86 platforms

Could you say more on why x86 a focus of your reply? Absolute is supported on ARM PC laptops as well, so it’s unclear how to interpret x86 here.

M95D 1 year ago |

I had it in Lenovo X61 Tablet. It was called CompuTrace back then. It was a BIOS module that Windows executes while processing ACPI tables during boot. Now it's probably a UEFI module that does the same.

I removed it by 0-ing out the module in a BIOS update image and reinstalling Windows. This method probably doesn't work with UEFI anymore because it invalidates the signature, so yes, it's unremovable.

yencabulator 1 year ago |

It seems the "persistence" part depends on a Windows installation doing something specific. The year of Linux on the Laptop!

phkamp 1 year ago |

I have never seen a single article anywhere mention this company or their factory installed spyware. Why ?

bigfatkitten 1 year ago | |

Because it used to be called CompuTrace, which has been around for decades and written about at length.

https://news.ycombinator.com/item?id=18749010

dboreham 1 year ago | | |

But not discussed here, it appears.

walterbell 1 year ago | | |

Mentioned in comments, https://hn.algolia.com/?query=computrace&type=comment

yodon 1 year ago |

Is this advertising campaign of theirs new?

It seems like an absolutely terrible idea for a campaign "hey everyone - our company has been wildly successful at putting spyware on hundreds of millions of machines and no one even knows our name!"

Animats 1 year ago |

So who's exploiting this now? Exploits were known back in 2014.

Could a manufacturer placing this on a PC be considered material support of terrorism?

bigfatkitten 1 year ago | |

> Could a manufacturer placing this on a PC be considered material support of terrorism?

No.

JSDevOps 1 year ago |

Never heard of it

toss1 1 year ago | |

>>Never heard of it

Neither had I.

It sounds like a major part of their plan, to just behave as a silent process that can always be re-booted through whatever changes the device goes through. Best to keep that sort of thing obscure.

bigfatkitten 1 year ago | | |

Obscure how?

It's been around for decades, the option to enable/disable it is in the BIOS setup on every machine that has it, and computer manufacturer's documentation tells you exactly what it is, because it's a selling point.

fmajid 1 year ago | |

You may have heard of under the LoJack name, basically an anti-theft measure for laptops.