As usual, something has been designed without a good forethought on security ramifications. Recovering your computer from thieves sounds great in marketing materials – but it comes with a price.
If you have purchased a computer with the ability to contact Lojac, then you are at risk. No you don’t have to subscribe to CompuTrace LoJac – you just have to have a computer with the code embedded in the BIOS.
This vulnerability is particularly nasty because it leads to a “persistent and complete control of a compromised system.” That’s right – once compromised, you effectively can’t get rid of it.
Look, the only effective way to protect your data in the event of theft is to encrypt your entire hard drive – and use a sufficiently strong password.
Reference:
Researchers find insecure BIOS ‘rootkit’ pre-loaded in laptops
http://blogs.zdnet.com/security/?p=3828&tag=nl.e539