|This article may be written like an advertisement. If so, please help rewrite this article from a neutral point of view. (April 2010)|
The LoJack Stolen Vehicle Recovery System is an aftermarket vehicle tracking system that allows vehicles to be tracked by police, with the aim of recovering them in case of theft. The manufacturer claims a 90% recovery rate. The name "LoJack" was coined to be the "antithesis of hijack", wherein "hijack" refers to the theft of a vehicle through force.
LoJack’s core business comprises the tracking and recovery of cars, trucks, construction equipment, commercial vehicles and motorcycles. However, LoJack is expanding into new markets through licensing agreements and investments in areas such as cargo security and people at risk of wandering (probationers, parolees, and Alzheimer's patients). LoJack Corporation claims that over 300,000 vehicles have been recovered worldwide since the product was introduced more than two decades ago.
How it works
The core of the LoJack Stolen Vehicle Recovery System is a small, silent radio transceiver that is clandestinely installed in a vehicle. The vehicle is not marked as possessing a LoJack transceiver, and the location of the transceiver within the vehicle varies from one car to the next. Once installed, the unit and the vehicle's VIN are registered in a database which interfaces with the National Crime Information Center (NCIC) system used by federal, state and local law enforcement agencies throughout the US. In the event of a theft, a customer reports the incident to the police, who make a routine entry into the state police crime computer, including the stolen vehicle's VIN. This theft report is automatically processed by LoJack computers, triggering a remote command to the specific LoJack unit in the stolen vehicle.
The command tells the LoJack unit to start sending out signals to tracking units on board some police cars. Every police car so equipped, that is within a 3-5 mile radius of the signal source, will be alerted. The tracking units will display an alphanumeric serial number and an indication of the approximate direction and distance to the stolen vehicle. Based on the serial number, the police can obtain a physical description of the vehicle, including make (brand), model, color, VIN, and license plate number. Police aircraft can also be equipped with tracking units; airborne units can receive the (line-of-sight) signals from further away than ground-based units.
The company’s systems are operable in 27 US states, the District of Columbia, and in 30+ countries.
Upgraded (more expensive) systems can alert the owner of a vehicle in the event the car is moved or started.
LoJack transmits on a radio (RF) carrier frequency of 173.075 MHz. Vehicles with the system installed send a 200 millisecond (ms) chirp every ten seconds on this frequency. When being tracked after reported stolen, the devices send out a 200 ms signal once per second. The radio frequency transmitted by LoJack is near the VHF spectrum band formerly used in North America by analog television channel 7, although there was minimal interference due to the low power of radiation, brief chirp duration, and long interval between chirps.
Vehicle tracking systems are potentially vulnerable to jamming attacks since the device must transmit incident messages to a receiver or telecommunications network. Inexpensive handheld jammers have ranges around 5m, larger jammers can disrupt communication devices within a 200m radius. XM, 3G, GPS, GSM, UHF, VHF and bluetooth devices can all be muted with an appropriate transmitter device.
Lojack products can be used to track stolen vehicles, motorcycles, construction equipment, long-haul trucking equipment and cargo. Other types can be used to track people (such as those with Alzheimer's disease and autism) and laptops.
An optional component of the LoJack System, Early Warning alerts the owner by phone, e-mail or text message if the protected vehicle has been moved without authorization. A personal key fob sends a signal to the system to disable the warning as long as the owner is carrying it. LoJack offers the Early Warning product for cars, trucks and motorcycles.
A software product from Vancouver, British Columbia, based Absolute Software that enables law enforcement to recover stolen laptops by tracing them via the Internet. The product was initially sold under the name "Computrace". In 2005, Absolute Software licensed the LoJack brand name and produces the software under both the Computrace and "LoJack for Laptops" product names. Unlike the LoJack for vehicles and equipment products, which use a small radio beacon installed in the tracked device, the Computrace/LoJack for Laptops product is laptop tracking software that periodically phones home to Absolute Software's server to both announce its location and to check to see if the machine has been reported stolen.
LoJack comes preinstalled in the BIOSes of, at least, Lenovo, HP, Dell, Fujitsu, Panasonic, Toshiba, and Asus machines. It is disabled by default and can be enabled by purchasing a license for Computrace; upon being enabled, the BIOS will copy a downloader named
rpcnetp.exe from the BIOS flash ROM to
%WINDIR%\System32 (which usually resolves to
C:\WINDOWS\System32). On some Toshiba laptops rpcnetp.exe is preinstalled by Toshiba on the unit's hard drive prior to shipment from the factory. Rpcnetp.exe will in turn download the actual agent
rpcnet.exe and install it as a windows service.
Recently[when?], Dell, Lenovo, Panasonic and Fujitsu appear to have discontinued this method and require manual installation. Once enabled, Computrace cannot be disabled or deinstalled without assistance from Absolute Software, not even by reformatting or substituting the hard disk, because the BIOS keeps reinstalling or repairing it prior to loading the operating system. Owners of those Toshiba laptops which come with Computrace's two activating files are subject to monitoring by Absolute Software from the instant they connect their new Toshiba with the Internet for the first time.
From then on,
rpcnet.exe will phone home to Absolute Software servers once a day, querying for a possible theft report, and, in any case, transmitting the results of a comprehensive system scan, IP address, user- and machine names and location data, which it obtains either by tapping the GPS data stream on machines equipped with GPS hardware, or by triangulating available WLAN access points in the vicinity, by providing WLAN IDs and signal strengths so Absolute Software servers can geolocate the device using the Mexens Technology data base.
If Absolute receives a theft report, the service can be remotely commanded to phone home every 15 minutes, install additional 3rd vendor software, such as a key logger or a forensic package, make screenshots, etc.
Computrace also supports Intel's AT-p anti theft protection scheme: If it is unable to phone home within a configurable time interval it will require a special BIOS password upon the next reboot. It can be configured to shut down the machine's power supply immediately in this case, to force a reboot.
As the Computrace client exhibits trojan-like behaviour, it was detected as TR/Hijack.Explor.1245 or W32/Agent.SW!tr by antivirus software; however, these warnings have been discontinued.
At the Black Hat Briefings conference in 2009, researchers Anibal Sacco and Alfredo Ortega showed that the implementation of the Computrace/LoJack agent embedded in the BIOS has vulnerabilities and that this "available control of the anti-theft agent allows a highly dangerous form of BIOS-enhanced rootkit that can bypass all chipset or installation restrictions and reutilize many existing features offered in this kind of software." Absolute Software rejected the claims made in the research, stating that "the presence of the Computrace module in no way weakens the security of the BIOS". Another independent analyst confirmed the flaws, noted that a malware hijacking attack would be a "highly exotic one", and suggested that the larger concern was that savvy thieves could disable the phone home feature.
Later, Core Security Technologies proved the researcher's finding by making publicly available several proofs of concept, videos, and utilities on its webpage.
- Motor vehicle theft
- Radio direction finder
- Vehicle tracking system
- Insurance Bureau of Canada Approved Immobilizers
- Comparison of device tracking software
- ↑ 1.0 1.1 "What is LoJack." URL accessed on 2006-08-23.
- ^ Hindo, Brian, "LoJack's Stronger Signal", BusinessWeek, 2006-01-16.
- ^ "Request for Waiver of Section 90.20(e)(6)." FCC (USA): 2000-08-31. URL accessed on 2008-05-31.
- ^ "LoJack Radio Frequency, How LoJack Works." Freq of Nature. URL accessed on 2008-05-31.
- ^ "Television Frequency Table." URL accessed on 2008-05-31.
- ^ "Private Land Mobile Services; Stolen Vehicle Recovery Systems - Proposed Rule.." Federal Register (Volume 71, Number 163): 2006-08-23. URL accessed on 2008-05-31.
- ^ John Mooney. "Gangs using jammers to deactivate alarms." Times Online.
- ^ David A. Andelman. "Does LoJack For Laptops Work?", Forbes, 2005-08-19.
- ^ LoJack foils laptop theft, Techworld.com
- ^ "LoJack licenses technology to track stolen computers", Boston Business Journal, June 27, 2005. Retrieved on 2009-04-10.
- ^ Heath, Nick, "Thieves caught out as PCs 'phone home'", zdnet.co.uk, 15 Apr 2008. Retrieved on 2009-04-10.
- ^ "Absolute Software Service Agreement." (pdf) Absolute Software: July 30, 2008. URL accessed on 2009-04-10.[dead link]
- ^ Absolute Software, Partner: BIOS Compatibility, absolute.com
- ^ Sacco, Anibal; Alfredo Ortéga. "Deactivate the Rootkit." Exploiting Stuff. URL accessed on 2009-10-06.
- ^ Robertson, Jordan, "Anti-theft software could create security hole", The Associated Press. Retrieved on 2009-08-06.
- ^ Sacco, Anibal; Alfredo Ortéga. "Deactivate the Rootkit." Black Hat Briefings. URL accessed on 2009-08-06.
- ^ "Absolute Software downplays BIOS rootkit claims", ZDNet. Retrieved on 2009-08-20.
- ^ Sacco, Anibal; Alfredo Ortéga. "Deactivate the Rootkit." Core Security Technologies. URL accessed on 2009-09-08.
- Ian Ayres and Steven Levitt: "Measuring Positive Externalities from Unobservable Victim Precaution: An Empirical Analysis of Lojack." Quarterly Journal of Economics, 1998, 113(1), pp. 43–77