Abstract
Many IT departments use remote administration products to configure, monitor, and maintain the systems they manage. These tools can be beneficial in the right hands, but they can also be devastating if attackers exploit them to seize control of machines. As a case study, we analyze the security of a remote administration product called Absolute Manage. We find that the system’s communication protocol suffers from serious design flaws and fails to provide adequate integrity, confidentiality, or authentication. Attackers can exploit these vulnerabilities to issue unauthorized commands on client systems and execute arbitrary code with administrator privileges. These blatant vulnerabilities suggest that remote administration tools require increased scrutiny from the security community. We recommend that developers adopt defensive designs that limit the damage attackers can cause if they gain control.
Chapter PDF
References
Absolute Software. Absolute Manage Web Site, http://www.absolute.com/en_GB/products/absolute-manage
Absolute Software. Absolute Software Acquires LANrev (December 3, 2009), http://www.absolute.com/company/pressroom/news/2009/12/lanrev
Apple. Remote Desktop 3, http://www.apple.com/remotedesktop/
CWE/SANS. 2010 Top 25 Most Dangerous Programming Errors, http://cwe.mitre.org/top25/
Lyon, G.F.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure, USA (2009)
Howell, J., Schechter, S.: What You See is What They Get: Protecting Users from Unwanted Use of Microphones, Cameras, and Other Sensors. Web 2.0 Security and Privacy (2010)
Postel, J., Reynolds, J., Reynolds, J.: Telnet protocol specification. STD 8, RFC 854 (May 1983)
Microsoft. Connect to Another Computer Using Remote Desktop Connection, http://windows.microsoft.com/en-us/windows-vista/Connect-to-another-computer-using-Remote-Desktop-Connection.
Ortega, A., Sacco, A.: Deactivate the Rootkit: Attacks on BIOS Anti-Theft Technologies. Blackhat (2009)
Robbins, B.J., et al.: Complaint Against Lower Merion School District (February 16, 2010), http://docs.justia.com/cases/federal/district-courts/pennsylvania/paedce/2:2010cv00665/347863/1/
Schneier, B.: Description of a new variable-length key, 64-bit block cipher (Blowfish) In: Fast Software Encryption, pp. 191–204 (1993)
Sir Dystic. Back Orifice, http://www.cultdeadcow.com/tools/bo.html
stryde.hax and Aaron Rhodes. The Spy At Harriton High (February 2010), http://strydehax.blogspot.com/2010/02/spy-at-harrington-high.html
Ylonen, T.: SSH–secure login connections over the Internet. In: Proceedings of the 6th USENIX Security Symposium, pp. 37–42 (1996)
Zetter, K.: School Spy Program Used on Students Contains Hacker-Friendly Security Hole. Threat Level (May 2010), http://www.wired.com/threatlevel/2010/05/lanrev/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Novak, J., Stribley, J., Meagher, K., Halderman, J.A. (2012). Absolute Pwnage: A Short Paper about the Security Risks of Remote Administration Tools. In: Danezis, G. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7035. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27576-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-27576-0_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27575-3
Online ISBN: 978-3-642-27576-0
eBook Packages: Computer ScienceComputer Science (R0)