Finnish firm detects new Intel security flaw

Finnish firm detects new Intel security flaw

Although the successful exploitation of the security issue requires physical proximity, this might not be as hard for skilled attackers to organize as you might think.

"The issue potentially affects millions of laptops globally".

Intel AMT is software created to provide maintenance and remote access monitoring services for corporate laptop users. Weaknesses in the tech have been discovered before (examples here and here) but the latest flaw is nonetheless noteworthy because of the ease of exploitation.

A hacker trying to gain access to a computer can enter the Intel Management Engine BIOS menu when the device is booted, using a password that is usually set by default, and then configure for itself remote access.

To exploit the flaws highlighted by F-Secure, attackers only need to reboot or power-up the target machine and press CTRL-P during boot-up, claimed F-Secure.

Intels Management Engine BIOS Extension, or MEBx, contains the standard log-in combination "admin", "admin" and because many users simply do not change it, according to F-Secure this opens the door to an easy to set-up attack.

However, as this feature comes enabled by default even on consumer devices, it has anxious privacy activists that it can be used as a backdoor or to allow attackers remote access to victims' machines. The attacker can now gain remote access to the system from both wireless and wired networks, as long as they're able to insert themselves onto the same network segment with the victim. Access to the device may also be possible from outside the local network via an attacker-operated CIRA (client-initiated remote access) server.

He warned: "It can give an attacker complete control over an individual's work laptop".

Although the initial attack requires physical access, the speed at which it can be carried out makes it easily exploitable, said Sintonen. The remote access is limited to whatever network the targeted computer connects to, but that can include wireless networks.

A successful attack would lead to complete loss of confidentiality, integrity and availability, F-Secure said.

Germany's computer emergency response team, CERT-Bund, had also previously detailed how MEBx could be used to boot to a specially configured USB device, again bypassing the BIOS password.

F-Secure has notified Intel, all relevant device manufacturers and the CERT-Coordination Center in the USA about the security issue.

A large part of the problem is that enterprises are not following Intel's guidance in practice, said F-Secure, adding that it was going public in order to draw attention to the issue. "Since then we have been coordinating with laptop vendors and with Intel", F-Secure spokeswoman Melissa Michael tells ISMG. "Despite there being information available for manufacturers on how to prevent this, manufacturers are still not following best practices, leaving vast numbers of vulnerable laptops out there". What he has essentially done here is set up the machine to allow remote access without the user's knowledge that the computer is being exploited.

The exploit is however not as bad as Meltdown and Spectre since the former requires physical access to the device, but it's still a critical flaw as a system could be compromised in a couple of minutes.

Attackers with physical access to machines with Intel AMT can compromise them in under a minute.

"We issued guidance on best configuration practices in 2015 and updated it in November 2017, and we strongly urge OEMs to configure their systems to maximize security", she says.

First of all, F-Secure recommends to never leave your laptop unwatched in an insecure location.

F-Secure researchers found a new vulnerability in AMT that could allow anyone to bypass BitLocker encryption, BIOS password, TPM Pin, and login credentials on most laptops in less than a minute.

Related Articles

  • Suspected Russian Jets Kill at Least 20 Near Syrian Capital

    Suspected Russian Jets Kill at Least 20 Near Syrian Capital

    It also denied a report by the Kommersant business daily that seven military planes were destroyed in the attack. The ministry cited a technical fault as the cause of the crash and said the helicopter did not come under fire.
    United Nations  agency in Palestine says to continue work under United Nations  mandate

    United Nations agency in Palestine says to continue work under United Nations mandate

    USA vice president Mike Pence will travel to the Middle East next week , with stops scheduled in Egypt, Jordan and Israel.
    Big Ten basketball power rankings: New team at the top

    Big Ten basketball power rankings: New team at the top

    That's where being a jerk comes into play. "I don't really care where they are mentally, confidence-wise", he said. He's also a top-10 rebounder at 7.5 a game and continues to be one of the most dynamic players in the country.
  • United Kingdom  football coach repeatedly raped youth, court told

    United Kingdom football coach repeatedly raped youth, court told

    Bennell has admitted seven of the charges, while he's denied a further 48 which include indecent and sexual assault. The player said he was abused "tens of tens if not 100" times by Bennell mainly in his fl at above a video shop.

    Notable Stock Analysts Ratings Mondelez International, Inc. (MDLZ)

    Finally, Bank of New York Mellon Corp increased its stake in shares of Mondelez International by 0.3% during the third quarter. It is negative, as 53 investors sold FB shares while 618 reduced holdings. 35 funds opened positions while 107 raised stakes.
    Leia's Star Wars: Last Jedi Force Powers Confused Daisy Ridley

    Leia's Star Wars: Last Jedi Force Powers Confused Daisy Ridley

    Would she and Finn fall in love? Can Rey resist Poe? There's also the question regarding Rey's parents that was a bit fuzzy. Plus, if Rey is going to train as a Force user, it's possible she'll take the solitary route to focus on her training.
  • Teen Titans Go! to the Movies teaser trailer revealed

    Teen Titans Go! to the Movies teaser trailer revealed

    But de facto leader Robin is determined to remedy the situation, and be seen as a star instead of a sidekick. But things get tricky when they're misdirected by a super-villain with a plan to take over the planet.
    Joe Arpaio Announces Senate Run

    Joe Arpaio Announces Senate Run

    Following Arpaio's announcement , the Green Party also highlighted their candidate: indigenous activist Eve Reyes Aguirre . A Tuesday poll from ABC15/OHPI shows Joe Arpaio skyrocketing to the top of the Republican Primary for U.S.

    That Dark Souls Trilogy Box Set Isn't Coming West

    If you're on a PS4 Pro, Xbox One X , or a PC powerful enough to run 4K, you can die at 60 FPS in an upscaled 4K resolution. Switch owners meanwhile will be able to squeeze out 30 FPS at 1080p when the system is docked.
  • Florida House of Representatives passes legislation concerning federal immigration laws

    Florida House of Representatives passes legislation concerning federal immigration laws

    This is the third year in a row that the Republican-controlled House has passed a bill aimed at so-called sanctuary cities. Jacquet reassured the Haitians living in Florida they would be alright, speaking directly to the community in Haitian.
    Noren: EurAsia Cup a super start to 2018

    Noren: EurAsia Cup a super start to 2018

    India's SSP Chawrasia is confident Team Asia can defy the odds when they take on Team Europe at the EurAsia Cup which starts on Friday.
    Romaine lettuce suspected in deadly E. coli outbreak

    Romaine lettuce suspected in deadly E. coli outbreak

    Since the cause of the outbreak hasn't been pinpointed in the USA , an official recall hasn't been released by the FDA or CDC. Five people have been hospitalized in the United States and one has died, according to the CDC.