Finnish firm detects new Intel security flaw

Finnish firm detects new Intel security flaw

Although the successful exploitation of the security issue requires physical proximity, this might not be as hard for skilled attackers to organize as you might think.

"The issue potentially affects millions of laptops globally".

Intel AMT is software created to provide maintenance and remote access monitoring services for corporate laptop users. Weaknesses in the tech have been discovered before (examples here and here) but the latest flaw is nonetheless noteworthy because of the ease of exploitation.

A hacker trying to gain access to a computer can enter the Intel Management Engine BIOS menu when the device is booted, using a password that is usually set by default, and then configure for itself remote access.

To exploit the flaws highlighted by F-Secure, attackers only need to reboot or power-up the target machine and press CTRL-P during boot-up, claimed F-Secure.

Intels Management Engine BIOS Extension, or MEBx, contains the standard log-in combination "admin", "admin" and because many users simply do not change it, according to F-Secure this opens the door to an easy to set-up attack.

However, as this feature comes enabled by default even on consumer devices, it has anxious privacy activists that it can be used as a backdoor or to allow attackers remote access to victims' machines. The attacker can now gain remote access to the system from both wireless and wired networks, as long as they're able to insert themselves onto the same network segment with the victim. Access to the device may also be possible from outside the local network via an attacker-operated CIRA (client-initiated remote access) server.

He warned: "It can give an attacker complete control over an individual's work laptop".

Although the initial attack requires physical access, the speed at which it can be carried out makes it easily exploitable, said Sintonen. The remote access is limited to whatever network the targeted computer connects to, but that can include wireless networks.

A successful attack would lead to complete loss of confidentiality, integrity and availability, F-Secure said.

Germany's computer emergency response team, CERT-Bund, had also previously detailed how MEBx could be used to boot to a specially configured USB device, again bypassing the BIOS password.

F-Secure has notified Intel, all relevant device manufacturers and the CERT-Coordination Center in the USA about the security issue.

A large part of the problem is that enterprises are not following Intel's guidance in practice, said F-Secure, adding that it was going public in order to draw attention to the issue. "Since then we have been coordinating with laptop vendors and with Intel", F-Secure spokeswoman Melissa Michael tells ISMG. "Despite there being information available for manufacturers on how to prevent this, manufacturers are still not following best practices, leaving vast numbers of vulnerable laptops out there". What he has essentially done here is set up the machine to allow remote access without the user's knowledge that the computer is being exploited.

The exploit is however not as bad as Meltdown and Spectre since the former requires physical access to the device, but it's still a critical flaw as a system could be compromised in a couple of minutes.

Attackers with physical access to machines with Intel AMT can compromise them in under a minute.

"We issued guidance on best configuration practices in 2015 and updated it in November 2017, and we strongly urge OEMs to configure their systems to maximize security", she says.

First of all, F-Secure recommends to never leave your laptop unwatched in an insecure location.

F-Secure researchers found a new vulnerability in AMT that could allow anyone to bypass BitLocker encryption, BIOS password, TPM Pin, and login credentials on most laptops in less than a minute.

Related Articles

  • Big Ten basketball power rankings: New team at the top

    Big Ten basketball power rankings: New team at the top

    That's where being a jerk comes into play. "I don't really care where they are mentally, confidence-wise", he said. He's also a top-10 rebounder at 7.5 a game and continues to be one of the most dynamic players in the country.

    Toshiba shares close at 2-month high after Westinghouse sale

    Schneider said he was surprised that Brookfield acquired Westinghouse, given that the company has no other nuclear businesses. The project went billions of dollars over budget, and Westinghouse filed for bankruptcy in March to escape the contracts.

    Notable Stock Analysts Ratings Mondelez International, Inc. (MDLZ)

    Finally, Bank of New York Mellon Corp increased its stake in shares of Mondelez International by 0.3% during the third quarter. It is negative, as 53 investors sold FB shares while 618 reduced holdings. 35 funds opened positions while 107 raised stakes.
  • United Kingdom  football coach repeatedly raped youth, court told

    United Kingdom football coach repeatedly raped youth, court told

    Bennell has admitted seven of the charges, while he's denied a further 48 which include indecent and sexual assault. The player said he was abused "tens of tens if not 100" times by Bennell mainly in his fl at above a video shop.

    Weight Watchers International, Inc. (WTW)- Stocks Making Notable Moves

    Moreover, Tudor Et Al has 0.03% invested in Weight Watchers International, Inc . (NYSE: WTW ). 5,500 are owned by Bluestein R H &. The rating was maintained by Craig Hallum on Tuesday, November 7 with "Buy". 38 funds opened positions while 36 raised stakes.

    That Dark Souls Trilogy Box Set Isn't Coming West

    If you're on a PS4 Pro, Xbox One X , or a PC powerful enough to run 4K, you can die at 60 FPS in an upscaled 4K resolution. Switch owners meanwhile will be able to squeeze out 30 FPS at 1080p when the system is docked.
  • Suspected Russian Jets Kill at Least 20 Near Syrian Capital

    Suspected Russian Jets Kill at Least 20 Near Syrian Capital

    It also denied a report by the Kommersant business daily that seven military planes were destroyed in the attack. The ministry cited a technical fault as the cause of the crash and said the helicopter did not come under fire.
    United Nations  agency in Palestine says to continue work under United Nations  mandate

    United Nations agency in Palestine says to continue work under United Nations mandate

    USA vice president Mike Pence will travel to the Middle East next week , with stops scheduled in Egypt, Jordan and Israel.
    Triple H Gives Update On Ronda Rousey's WWE Status

    Triple H Gives Update On Ronda Rousey's WWE Status

    Her arrival has actually become a topic of discussion amongst WWE Superstars and Enzo Amore just joined the conversation. Those rumors have swirled ever since Rousey appeared inside the ring alongside The Rock at WrestleMania 31 in 2015.
  • Noren: EurAsia Cup a super start to 2018

    Noren: EurAsia Cup a super start to 2018

    India's SSP Chawrasia is confident Team Asia can defy the odds when they take on Team Europe at the EurAsia Cup which starts on Friday.
    Teen Titans Go! to the Movies teaser trailer revealed

    Teen Titans Go! to the Movies teaser trailer revealed

    But de facto leader Robin is determined to remedy the situation, and be seen as a star instead of a sidekick. But things get tricky when they're misdirected by a super-villain with a plan to take over the planet.
    Aamir finds Saif 'outstanding' in 'Kaalakaandi'

    Aamir finds Saif 'outstanding' in 'Kaalakaandi'

    He, however, looked exasperated when someone pointed out that cuss words in films leave a negative impact on children. Aamir saw the film at a special screening and posted a picture consisting of his thoughts about the film.