Several BIOS anti-theft technologies only use an application agent to protect the agent from tampering and reuse. The techniques of such technologies operate in trusted mode, in which the BIOS anti-theft technology is configured to restrict the signatures and certificates used by a third party application agent. This means that despite the use of such a security vulnerability, a third party cannot impersonate a legitimate BIOS anti-theft technology.
If the owner of the infected laptop is breached by a malicious third party, the privacy rights of the owner are remarkably limited. For example, the third party can access all the information contained in the BIOS anti-theft technology, grab information of other devices connected to the infected laptop, and access the data on the infected laptop. This means that the owner can use a product with anti-theft technology but, at the same time, at the risk of privacy security issues.
To prevent such information threats, some manufacturers of anti-theft technologies allow users to customize the way in which the agent operates. In some cases, the user can prevent the unwanted third party from accessing the information stored during the operation of the third party. This makes the security of the anti-theft technology easier to control.
Having compared the possible scenarios related to the data stored during the operation of the anti-theft technology with the detection of a dangerous third party, this article advises those who want to activate the anti-theft technology to immediately uninstall the application agent, or to activate the anti-theft technology by default and only allow the system administrator to control the activation of the agent.
If the manufacturer of an anti-theft technology is initially unable to find the threat of vulnerabilities in the design and installation process of the BIOS anti-theft technology, the responsibility to fix the problem belongs to the vendor of the technology. There is no additional work on the part of security researchers to develop vulnerabilities that these vendors could supposedly fix. d2c66b5586