Breaking News

SAMA Expands CPU Cooling Lineup with A60 and A40 Series Air Coolers for Gaming and Creator PCs The Lockerstor 12R Pro Gen2 and 16R Pro Gen2 are Here! TRUSTA Highlights SSD Power Efficiency for AI Servers at OCP APAC 2025 XPG Launches VALOR NANO Compact Cases with the All-New PYMCORE SFX PSU Speedlink announces illuminated mechanical 60% gaming keyboard

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Intel Has to Deal With New Security Issue in Laptops

Intel Has to Deal With New Security Issue in Laptops

PC components Jan 12,2018 0

Security researchers claim that a Security Issue in Intel's Active Management Technology (AMT), which is commonly found in most corporate laptops, allows an attacker to take complete control over a user's device in a matter of seconds.

The issue, potentially affects millions of laptops globally, was reported by F-Secure.

Intel's Active Management Technology (AMT) is Intel's proprietary solution for remote access monitoring and maintenance of corporate-grade personal computers, created to allow IT departments or managed service providers to better control their device fleets. AMT can be found on computers with Intel vPro-enabled processors, in addition to workstation platforms based on specific Intel Xeon processers. As most corporate laptops use Intel's technology, AMT can be found on the vast majority of company endpoints.

AMT is no stranger to security weaknesses, with many other researchers finding multiple flaws within the system, but the latest discovery seems like something lifted straight from IT security officers' worst nightmares.

"The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual's work laptop, despite even the most extensive security measures," said Harry Sintonen, one of F-Secure's Senior Security Consultants.

The issue allows a local intruder to backdoor almost any corporate laptop in a matter of seconds, even if the BIOS password, TPM Pin, Bitlocker and login credentials are in place. No, we're not making this stuff up.

The setup is simple: an attacker starts by rebooting the target's machine, after which they enter the boot menu. In a normal situation, an intruder would be stopped here; as they won't know the BIOS password, they can't really do anything harmful to the computer.

In this case, however, the attacker has a workaround: AMT. By selecting Intel's Management Engine BIOS Extension (MEBx), they can log in using the default password "admin," as this hasn't most likely been changed by the user. By changing the default password, enabling remote access and setting AMT's user opt-in to "None", a quick-fingered cyber criminal has effectively compromised the machine. Now the attacker can gain access to the system remotely, as long as they're able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps).

Although the successful exploitation of the security issue requires physical proximity, this might not be as difficult for skilled attackers to organize as you might think. Sintonen lays out one probable scenario, using techniques common to cyber criminals and red teamers alike.

"Attackers have identified and located a target they wish to exploit. They approach the target in a public place - an airport, a cafe or a hotel lobby - and engage in an "evil maid" scenario. Essentially, one attacker distracts the mark, while the other briefly gains access to his or her laptop. The attack doesn't require a lot of time - the whole operation can take well under a minute to complete," Sintonen says.

Technically this is not a vulnerability, but a combination of a default password, insecure default configuration, and unexpected behaviour.

Although solid operations security is the first step (don't ever leave your laptop unwatched in an insecure location!), there are some basic safeguards all IT departments should implement. The system provisioning process needs to be updated to include setting a strong password for AMT, or disabling it completely if possible. IT should also go through all currently deployed machines, and organize the same procedure for them. Intel's own recommendations for using AMT in a secure manner follow similar logic.

Now, this might be more difficult than it sounds. IT departments might find it increasingly tricky to remediate the issue on a large scale, as the required changes may be difficult to effect remotely (ironically enough). In most cases, a mass reconfiguration effort of affected devices is the only way to deal with AMT issues - not fun for a large, global organization. Our recommendation is to query the amount of affected assets remotely, and try to narrow the list down to a more manageable number. Organizations with Microsoft environments and domain connected devices can also take advantage of the System Center Configuration Manager to provision AMT.

Most importantly: if the AMT password has been set to an unknown value on a user's laptop, consider the device suspect and initiate incident response.

Tags: IntelHacking
Previous Post
CES 2018: iBUYPOWER, MSI and ORIGIN Announce new Gaming PCs
Next Post
Google Removes Gaming Apps with Porn Malware

Related Posts

  • An Intel-HP Collaboration Delivers Next-Gen AI PCs

  • New Intel Xeon 6 CPUs to Maximize GPU-Accelerated AI Performance

  • Intel Unveils New GPUs for AI and Workstations at Computex 2025

  • G.SKILL Releases DDR5 Memory Support List for Intel 200S Boost

  • Intel and its partners release BIOS update for Intel 15th Gen to increase performance

  • Intel-AMD new motherboards announced

  • Intel at CES 2025

  • Intel Launches Arc B-Series Graphics Cards

Latest News

SAMA Expands CPU Cooling Lineup with A60 and A40 Series Air Coolers for Gaming and Creator PCs
Cooling Systems

SAMA Expands CPU Cooling Lineup with A60 and A40 Series Air Coolers for Gaming and Creator PCs

The Lockerstor 12R Pro Gen2 and 16R Pro Gen2 are Here!
Enterprise & IT

The Lockerstor 12R Pro Gen2 and 16R Pro Gen2 are Here!

TRUSTA Highlights SSD Power Efficiency for AI Servers at OCP APAC 2025
Enterprise & IT

TRUSTA Highlights SSD Power Efficiency for AI Servers at OCP APAC 2025

XPG Launches VALOR NANO Compact Cases with the All-New PYMCORE SFX PSU
Cooling Systems

XPG Launches VALOR NANO Compact Cases with the All-New PYMCORE SFX PSU

Speedlink announces illuminated mechanical 60% gaming keyboard
PC components

Speedlink announces illuminated mechanical 60% gaming keyboard

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

be quiet! Pure Base 501

be quiet! Pure Base 501

Terramaster F8-SSD

Terramaster F8-SSD

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed