Hi-Tech

Secure: Major security flaw affecting millions of corporate laptops

January 13, 2018 13:41·
Light show performed by Intel drones

Light show performed by Intel drones

The security issue "is nearly deceptively simple to exploit, but it has incredible destructive potential", said Harry Sintonen, who investigated the issue in his role as Senior Security Consultant at F-Secure. "In practice, it can give a local attacker complete control over an individual's work laptop, despite even the most extensive security measures". It is unrelated to the recently disclosed Spectre and Meltdown vulnerabilities.

AMT offers remote-access monitoring and maintenance of corporate-grade personal computers, allowing remote management of assets. Intel says it's been shipped on more than 100 million systems over the past decade.

Logging in using default "admin" password by attacker. Optionally, unlike the Intel Management Engine (ME), AMT can be disabled, an option that Sintonen also recommends in situations where AMT use is not a corporate policy. Luckily this couldn't really happen - magic hacker tricks capable of bypassing strong passwords, firewalls and anti-malware software only exist in the movies. If OEMs do this, systems with AMT would not be at risk to this attack, it says.

Seems like 2018 is not Intel's year. Intel's entire rationale for keeping so much of its security infrastructure locked away looks less and less like the principled decision of a company keeping us safe and more like a desperate attempt to cover just how badly it treats security. If a user can't unlock the BIOS, they shouldn't be allowed to enter a password for AMT configuration (the default password is, of course, "admin"). If the password is already set to an unknown value, consider the device suspect.

That's according to F-Secure, a Helsinki-based security firm, which said in a report Friday (12 January) that default settings in Intel's Active Management Technology (AMT) were to blame. This is where a pair of attackers identify a target and while one distracts the mark, the other accesses the computer.

The attacker could then change the MEBx password, enable remote access via AMT, and set the user "opt-in" to "none" in order to compromise the machine.

Once this is done, the attacker can connect to the system if he's on the same local area network or program AMT to enable Client Initiated Remote Access (CIRA), which will connect to the attackers' servers and avoid any need for local access at all. Alternately, disable AMT on the device. IT should also go through all now deployed machines, and organize the same procedure for them.

Cow enters Indian airport, prevents flights from taking off and landing
Cows are considered sacred for India's majority-Hindu population, and are known to roam free throughout the country. The freak accident occurred around 3 a.m., according to airport sources.

Reuben Foster arrested for marijuana possession in Alabama
He then failed a mandatory drug test, which came back as dilute and, per league rules, had to be treated as positive. He started all the games that he appeared in, finishing the year with 72 tackles and a pass defended.

Woman, two children killed in Massac County crash
Killian of Marion, Illinois was northbound on Highway 45 when her vehicle went off the right side of the road. There were two survives in the Killian vehicle, a 3-year-old female, and nine-month-old male.

Never leave your laptop unwatched in an insecure location such as a public place.

"We reached out to Intel last summer". F-Secure has contacted manufacturers about the issue. "Intel has replied that they have updated their guidance for vendors, and they now recommend vendors to require the BIOS password if set, when provisioning Intel AMT". "Intel has no higher priority than our customers' security".

"Organizations with Microsoft environments and domain connected devices can also take advantage of the System Center Configuration Manager to provision AMT", said F-Secure.

F-Secure's Sintonen, however, wasn't the only security researcher to unearth the problem. Shukla couldn't be immediately reached for comment on F-Secure's research and Intel's mitigation advice. As a result, an unauthorised person with physical access to a computer in which access to MEBx is not restricted, and in which AMT is in factory default, could potentially alter its AMT settings. A similar vulnerability, related to USB provisioning, was previously uncovered by CERT-Bund.

You will not be able to protect yourself even if you have a BIOS password or anti-virus installed.

For starters, AMT has been created to require a username and password before it can be accessed.

On May 1, Intel issued an alert, warning that systems running AMT, Intel Standard Manageability or Small Business Tech firmware - versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5 or 11.6 - were at risk from the critical security flaw and needed a firmware update.

Recommended News

Join The Conversation

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.