*ANDROID Users read - Computrace Agent software*

illuz

illuz

illuz

Soldato
Joined
27 Apr 2012
Posts
4,068
I've recently bought an s6 and ive got a question to any owner to check out something in their apps If you use Android.

Upon setting up the phone i went straight into apps to check out the bloatware that comes with it and instantly saw Computrace Agent and alarms bells were ringing. Trying to uninstall it is a no go, it basically comes embedded in the phones firmware and/or bios as a persistence module, the second its uninstalled the bios reinserts it and the service is running again. Think of a rootkit for a phone essentially providing full access to the phone, yesterday it contacted +13106916499 15 times through SMS, am I meant to be paying those damn fees daily to message an abroad number for them to send and recieve data?... The text was was base64 encoded so its most likely encryption but i dont know what cipher or how key generation will be, it would have to be local to the device but no idea really. I've included some screenshots of the software messages etc.

Not only that it provides full access remotely to everything on your device, it also is vulnerable and is another point of entry for an attacker. If they can take over that service they have undeniable remote access to everything as well. They are past presentations at BlackHat conference covering this.

There isnt many topics when searching for this and in one long thread on the EE forums where a high standing member of the forum is saying basically shut up and deal with it. He's very rude and leaves the customer with no choice and doesnt understand the implications of this software, even denying that it sends SMS.

I tried flashing everything off the phone using XtresoLite ROM through TWRP2 including the bootloader and modem firmware to no avail, the application persists and immediately sends a startup signal to the home server, the number from above ironically comes up as California - NSAesque or what!! I have read of one method of installing the clean samsung firmware which i will try tonight however im unsure whether this will do anything, on the companys website they have the vendor list and they work with a lot of hardware companies to support integration with their bios and firmware including Samsung and Asus.

Im pretty annoyed, paid a lot for the phone and this damn rootkit makes me want to get rid of it immediately, sure the NSA monitor all this from their end but its taking the mick when a phone comes with this kind of software embedded.

Screenshots: http://imgur.com/e2j3rr8,klQl5bB,LlShUoc,fa58R5Z
 
How odd. I'd expect some custom firmware, or flash Android onto it (the one direct from Google) will get rid of it though?

Where did you get the phone. That sounds very dodgy if it is actually 'phoning home' with texts.

I wonder if it's just some sort of support / security software they think is helpful? Maybe to blacklist/lock or even track phones if they're stolen? The texts are definitely weird though. Have you checked that you're actually paying for them?
 
Last edited:
I bought it from the OcUK marketplace, the google threads are mainly from EE phones and the rude forum rep actually said it would probably come as an update to the phone, the phone home number is the same as others so i assume you go through a home company server and someone has access to the data with a login of some sort.

I am running custom firmware and baseband etc from xda-forum to no avail. Im going to try stock firmware and a total wipe of everything tonight.
 
Yeah I saw that thread, but also another about how it's just support / security software provided by EE for blacklisting and locking down stolen handsets.

A full wipe will surely work. If not, then that's pretty bad of EE! Don't modern phones have anti-bricking stuff in them now, i.e. a section of memory that can't be modified but can be used to restore if you brick it? Could be coming from there I suppose
 
Last edited:
I dont know of any secondary bios, I feel it has but its to store this damn software.

Ive flashed over the bootloader, the modem, rooted it and the ROM Which is 450mb and has had 1.5gb stripped from it, as minimal as can be and its still there.
 
The rom i flashed was a stripped barebones ROM not of any carrier from XDA Forums. Its embedded somewhere deep for sure.

I read its antitheft but this is why I purchased Cerberus, softwhare which I have chosen to install, not some corporate backdoor.
 
I've been up digging all night and trawling through my phone trying to wipe this piece of #### off my phone, made some progress in blocking it temporarily before I can fully remove the software.

To block it install Titanium Backup - Pro version is needed and freeze the app. This will kill the agent but the persistence module remains, it tries to start it every 60 seconds however it will fail. The app can be uninstalled then however a new one is dropped immediately and is unfrozen so its best just to just freeze and leave it for now.

Its not running in the background anymore, the service isnt tied to the app and i have no SMS or Internet activity from any of the software now.

I'll post any updates here if I manage to completely wipe this from the device.
 
There's no real way to get rid of it as far as I know.

My EE S6 has it. Does it bother me? No, not at all. It's not causing any harm so why the paranoia?
 
dbmzk1 said:
There's no real way to get rid of it as far as I know.

My EE S6 has it. Does it bother me? No, not at all. It's not causing any harm so why the paranoia?
Click to expand...

There is, it will be removable, I assure you.

And because this is MY phone. The more people just shrug at corporate backdoors like this, the more they embed them, and the less privacy you have overall. 15 years ago privacy was way better, we've shrugged and shrugged and now *everything* is monitored regardless - Why do EE need access to my life and to cost me more money through SMS when the NSA to do that work?

10 more years time you'll not be ******** on the toilet without a camera to check if you've hidden something up there.
 
Yes it appears as an app, however due to its rootkit style of integration this is likely to not help, im pretty sure the software has disabled my ability to join the network since I blocked it.

Im going to try and wipe, turn off immediately and flash to another rom, wipe again and recovery to factory rom using stock non-ee software. I'll keep this thread updated here.

Trying to kick up a fuss on google about this with another forum member elsewhere, its not right and im sure youll see way more posts in the coming months as people realise this is coming installed on their phones.
 
It's in the phones firmware which as far as I know cannot be changed or altered. It will install itself on any rom you install no matter how many times you format, wipe, etc.

EE have explained why it's there and while I'd rather not have it I don't really see it as an issue. It's not spying on you. Move on with your life, there's much more important things to worry about.
 
I had it on my S5, it annoyed me but I accepted that it was there as extra security. Until I noticed that it was using data... Why should a security app be "calling home" when there has been no reported problems !

I managed to remove it on KK & will not upgrade to LP until I can get a clean install.
 
I would imagine so, it's "anti-theft". They're already contacting USA (It's a T-Mobile registered number) regardless of where you're from anyway.

dbmzk1 - it is removable. It resides on a partition, I will have it removed tonight as I already have a copy of the partition from a clean handset, I just need to flash it over.


1. Flash to a clean ROM - immediately turn off the device, do not let it boot up.

2. Overwrite the /dev/block/.../sda13 partition in recovery mode. This is where absolute resides as "/persdata/absolute" - deleting this folder or changing permissions causes a hard reboot of the phone from the ABTPersistenceService.

3. Wipe cache, data & then Factory/hard reset to the now clean ROM.


Edit - Just got off the phone with EE for the 4th time over the past few days, I'm having headaches getting the SIM activated on the network too (Ironically it stopped working once I managed to block the application). They flat out say they don't know what it is and deny it pretty much, asking to talk to somebody with more technical knowledge got me further, the people on the phones are just reading from scripts and don't have a damn clue about anything.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom