Absolute Pwnage: A Short Paper about the Security Risks of Remote Administration Tools
Many IT departments use remote administration products to configure, monitor, and maintain the systems they manage. These tools can be beneficial in the right hands, but they can also be devastating if attackers exploit them to seize control of machines. As a case study, we analyze the security of a remote administration product called Absolute Manage. We find that the system’s communication protocol suffers from serious design flaws and fails to provide adequate integrity, confidentiality, or authentication. Attackers can exploit these vulnerabilities to issue unauthorized commands on client systems and execute arbitrary code with administrator privileges. These blatant vulnerabilities suggest that remote administration tools require increased scrutiny from the security community. We recommend that developers adopt defensive designs that limit the damage attackers can cause if they gain control.
KeywordsSecurity Risk Fast Software Encryption Arbitrary Code USENIX Security Symposium Heartbeat Message
Unable to display preview. Download preview PDF.
- 1.Absolute Software. Absolute Manage Web Site, http://www.absolute.com/en_GB/products/absolute-manage
- 2.Absolute Software. Absolute Software Acquires LANrev (December 3, 2009), http://www.absolute.com/company/pressroom/news/2009/12/lanrev
- 3.Apple. Remote Desktop 3, http://www.apple.com/remotedesktop/
- 4.CWE/SANS. 2010 Top 25 Most Dangerous Programming Errors, http://cwe.mitre.org/top25/
- 5.Lyon, G.F.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure, USA (2009)Google Scholar
- 6.Howell, J., Schechter, S.: What You See is What They Get: Protecting Users from Unwanted Use of Microphones, Cameras, and Other Sensors. Web 2.0 Security and Privacy (2010)Google Scholar
- 7.Postel, J., Reynolds, J., Reynolds, J.: Telnet protocol specification. STD 8, RFC 854 (May 1983)Google Scholar
- 8.Microsoft. Connect to Another Computer Using Remote Desktop Connection, http://windows.microsoft.com/en-us/windows-vista/Connect-to-another-computer-using-Remote-Desktop-Connection.
- 9.Ortega, A., Sacco, A.: Deactivate the Rootkit: Attacks on BIOS Anti-Theft Technologies. Blackhat (2009)Google Scholar
- 10.Robbins, B.J., et al.: Complaint Against Lower Merion School District (February 16, 2010), http://docs.justia.com/cases/federal/district-courts/pennsylvania/paedce/2:2010cv00665/347863/1/
- 11.Schneier, B.: Description of a new variable-length key, 64-bit block cipher (Blowfish) In: Fast Software Encryption, pp. 191–204 (1993)Google Scholar
- 12.Sir Dystic. Back Orifice, http://www.cultdeadcow.com/tools/bo.html
- 13.stryde.hax and Aaron Rhodes. The Spy At Harriton High (February 2010), http://strydehax.blogspot.com/2010/02/spy-at-harrington-high.html
- 14.Ylonen, T.: SSH–secure login connections over the Internet. In: Proceedings of the 6th USENIX Security Symposium, pp. 37–42 (1996)Google Scholar
- 15.Zetter, K.: School Spy Program Used on Students Contains Hacker-Friendly Security Hole. Threat Level (May 2010), http://www.wired.com/threatlevel/2010/05/lanrev/