Finnish company finds security issue in Intel Active Management Technology (AMT)

Finnish cyber security is reporting F-secure reported that it has found a serious vulnerability that allows attackers to open a back door in less than 30 seconds.

If an attacker has physical access to Intel Active Management Technology (AMT) administration interface, they can bypass the BIOS password and login credentials. This means the malicious party can gain unrestricted access to the computer. AMT is widely used in corporate laptops.

Later attackers can access the compromised machines remotely. The vulnerability was discovered by senior consultant Harry Sintonen, who states that computers are in danger even if the machine is up to date and behind sufficient firewalls using default settings:

To exploit this, all an attacker needs to do is reboot or power up the target machine and press CTRL-P during bootup. The attacker then may log into Intel Management Engine BIOS Extension (MEBx) using the default password, “admin,” as this default is most likely unchanged on most corporate laptops.

As shown a vulnerable computer is trivial to perform, but it has a potential to cause large damage in enterprise environments where AMT is widely deployed. F-Secure recommends to keep close watch on laptops so nobody has physicall access to devices. Disabling AMT is recommended, but at minimum users should set a strong password to AMT.

Just last week the American technology company Intel made headlines when fundamental security issues were found in it's processors. The Meltdown and Spectre vulnerabilities were later identified to affect processors from other manufacturers as well - these are especially malicious since they can be exploited via web browsers using JavaScript.

Learn more details on the Press Release from F-Secure: Intel AMT security issue lets attackers bypass login credentials in corporate laptops

Written by Janita on Friday January 12, 2018

Permalink -