Secure: Major security flaw affecting millions of corporate laptops

Kannettava tietokone etualalla ja tuntematon mies näkyy taustalla

However, the essence of this issue is that even when a BIOS password has been set, an attacker does not need it to configure AMT. Today, researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware-remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel. Weaknesses in the tech have been discovered before (examples here and here) but the latest flaw is nonetheless noteworthy because of the ease of exploitation.

That's not all. Due to insecure default configuration in BIOS and AMT's BIOS extension, an attacker with physical access can configure AMT using default password "admin".

"To exploit this, all an attacker needs to do is reboot or power up the target machine and press CTRL-P during bootup". They're still at risk of local attack, because this attack works against AMT-enabled devices with default passwords.

"The attacker can now gain remote access to the system from both wireless and wired networks, as long as they're able to insert themselves onto the same network segment with the victim", the company wrote. Access to the device may also be possible from outside the local network via an attacker-operated CIRA server.

Although the initial attack requires physical access, Sintonen explained that the speed with which it can be carried out makes it easily exploitable in a so-called "evil maid" scenario.

"If you leave your laptop in your hotel room while you go out for a drink, an attacker can break into your room and configure your laptop in less than a minute, and now he or she can access your desktop when you use your laptop in the hotel", he said. This is where a pair of attackers identify a target and while one distracts the mark, the other accesses the computer. The remote access is limited to whatever network the targeted computer connects to, but that can include wireless networks.

For more details, see F-Secure's FAQ on the flaw. A similar vulnerability, related to USB provisioning, was previously uncovered by CERT-Bund.

Imagine someone having the capability to remotely access and operate your laptop at their whim, without you being able to do anything about it.


A successful attack would lead to complete loss of confidentiality, integrity and availability, F-Secure said. "Since then we have been coordinating with laptop vendors and with Intel", F-Secure spokeswoman Melissa Michael tells ISMG.

Most importantly: if the AMT password has been set to an unknown value on a user's laptop, consider the device suspect and initiate incident response. "That is why it's important to raise public awareness".

"Intel has provided recommendations to system manufacturers in September 2015 to protect the Intel MEBx with the system BIOS password", it says. As a result, an unauthorised person with physical access to a computer in which access to MEBx is not restricted, and in which AMT is in factory default, could potentially alter its AMT settings.

Intel AMT is shipped in various states (enabled or disabled by default) depending on the laptop/desktop OEM's policy. This guidance (PDF) was updated and reiterated last November.

What is new Intel AMT flaw?

The issue affects most, if not all laptops that support Intel Management Engine / Intel AMT.

This issue has largely been under the radar of most enterprises because it has no CVE number, security update or new version available, but it affects major suppliers and a large number of laptops.

For systems with AMT built in, however, anyone who uses the PC can boot to MEBx, for which Intel has set a default password of "admin", F-Secure says.

Related News:

  • Lincoln National Corp Has $2.03 Million Stake in McDonald's Co. (NYSE:MCD)

    Paloma Prns Mgmt stated it has 25,202 shares or 0.05% of all its holdings. 31 funds opened positions while 136 raised stakes. The fast-food giant reported $1.76 EPS for the quarter, beating the Thomson Reuters' consensus estimate of $1.75 by $0.01.
    Amazon's Alexa is coming to Toyota and Lexus cars

    Amazon's Alexa is coming to Toyota and Lexus cars

    The Vuzix Blade Augmented Reality Smart Glasses, as the company calls it, will set interested consumers back a hefty $1,000. With Alexa's entry to Windows 10 devices, the digital assistant now poses a greater threat to Siri and Google Assistant.
    Liam Neeson says there is a

    Liam Neeson says there is a "witch hunt" in sexual misconduct allegations

    Dustin Hoffman has been accused of sexual assault by multiple women , of exposing himself to a minor and of sexual harassment. During his appearence on last night's Late Late Show , he also stated that "the focus was on Hollywood" at the moment.
  • Stock under Discussion: Teekay Offshore Partners LP (TOO)

    It is negative, as 60 investors sold CVS shares while 571 reduced holdings. 14 funds opened positions while 13 raised stakes. Arrow Investment Advisors Llc bought 198,728 shares as the company's stock declined 38.73% while stock markets rallied.

    Dark Souls: Remastered is coming to several new platforms

    Keep your eyes locked to TiX, and you may see some Dark Souls content in the leading up to the launch of Dark Souls : Remastered . Experience the rich world of Dark Souls in Dynamic 4K resolution when playing on a PS4 Pro , Xbox One X , and PC (Steam).

    Verizon Communications Inc. (VZ) Position Cut by Private Asset Management Inc

    As per Monday, January 25, the company rating was maintained by RBC Capital Markets. (NASDAQ:SYNC) rating on Tuesday, October 18. The cell phone carrier reported $0.98 earnings per share (EPS) for the quarter, meeting the consensus estimate of $0.98.
  • No trip to London since embassy site is a 'bad deal'

    No trip to London since embassy site is a 'bad deal'

    In January past year , Mrs May was the first foreign leader to visit Mr Trump in the White House. He was scheduled to visit the British capital next month to open the new facility.
    Man Utd boss Jose Mourinho calls end to feud with Antonio Conte

    Man Utd boss Jose Mourinho calls end to feud with Antonio Conte

    There have been media narratives in the press naming Luis Enrique or Massimiliano Allegri as his possible successor. Thus, in spite of everything that Conte has accomplished, his long term future at the club is very much in doubt.
    Steelers WR expected to play Sunday despite illness

    Steelers WR expected to play Sunday despite illness

    Head coach Mike Tomlin says he kept Brown away from Friday's practice to prevent his illness from spreading to other players. But, he's officially listed as questionable on the injury report and has missed the last couple of weeks.
  • (INTC) Shares Bought by Westpac Banking Corp

    Following the completion of the transaction, the insider now owns 1,536 shares in the company, valued at approximately $71,777.28. It is flat, as 52 investors sold INTC shares while 663 reduced holdings. only 127 funds opened positions while 608 raised stakes.
    Panthers claiming Cam Newton had knee injury, not concussion

    Panthers claiming Cam Newton had knee injury, not concussion

    My helmet had came down low enough over my eyelid and it got pressed by the player's stomach I believe. The NFL learned about the injury while interviewing Panthers officials over the phone this week.
    Fortnite Battle Royale talks Map Update in new video

    Fortnite Battle Royale talks Map Update in new video

    Williamson said that the different "biomes" have been divided up more clearly, so as to help distinguish them from each other. The swamp feels swampier, the mountains feel more mountain-ey...really, the different areas of the map feel more unique.


Most liked

Hyundai/Grab to enhance future mobility services in Southeast Asia
Young Cho Chi, chief innovation officer and head of Strategy & Technology Division at Hyundai. That means Grab could possibly tap into whatever that partnership delivers.

Iran calls fresh USA sanctions illegal, hostile
Additionally, the Treasury Department imposed new measures that target Iranian businesses and individuals for human rights abuses. In the absence of such an agreement, the United States will not again waive sanctions in order to stay in the Iran nuclear deal.

Florida monkeys are excreting an infectious disease fatal to humans
Macaques were introduced to the Sunshine State's Silver Springs State Park as a tourist attraction nearly 100 years ago. They draw people to the state's parks and have become notorious for their interactions with humans.

Take 5: Matchups that will determine Patriots-Titans
Also, James White and Dion Lewis (5 yards per carry) are extremely risky , not just catching the football, but running it as well. The frozen home crowd of 68,000 exhaled icicles and the Patriots went on to win their second Super Bowl in three years.

Samsung Unveils The Wall
In contrast, QLED TVs lacked impressive advancements compared to their AMOLED counterparts, leading to lower-than-expected sales. What's more, unlike OLEDs, MicroLEDs can potentially go brighter and exhibit immunity to ageing and burn in issues.

$0.13 EPS Expected for Cabot Oil & Gas Co. (COG) This Quarter
Analysts are turning out to be more optimistic than before, with 10 of analysts who cover Dave & Buster's Entertainment, Inc. Bradley Foster & Sargent Inc increased Cabot Oil & Gas Corp Cl A (COG) stake by 13.7% reported in 2017Q3 SEC filing.

CES 2018 Had a Blackout and The Tweets Are Hilarious
Intel tweeted , "Introducing Blackout TM: The biggest thing to hit #CES2018 since #5G". "[CES] Central Hall electricity went out". The CES logo is seen during CES 2018 at the Las Vegas Convention Center on January 10, 2018 in Las Vegas , Nevada.

Army Chief: Army Ready To Call Pakistan's Nuke Bluff
The ISPR chief said Pakistan is a responsible nuclear state with a professional army, therefore India "must not remain in illusion".

Trump issues ultimatum to fix Iran nuclear deal
Trump has repeatedly criticized the accord, while Iran has accused the USA of failing to comply with it. In return, decades of worldwide and U.S. nuclear-related sanctions were suspended.

What Are Analysts Report About Teva Pharmaceutical Industries Limited (TEVA)
It has underperformed by 58.40% the S&P500.The move comes after 9 months positive chart setup for the $20.36 billion company. The stock, as of last close, traded 76.22% away to its 52 week low and was at a distance of -49.60% from its 52 week high.

Life Time fitness center removes cable news channels from its screens
Big-screen TVs throughout the clubs "now air US , A&E, Discovery and HGTV, in addition to local stations and ESPN", she said. McCall Gosselin, a spokeswoman for fitness chain Planet Fitness, said the issue had "never come up".

Sanchez future uncertain as United, City circle
Manchester United manager Jose Mourinho describes Alexis Sanchez as a "phenomenal player" and offers a hint that the Arsenal forward is on his radar.

Gamer, 28, kills mom after blaming her for broken headset, police say
The suspect fled to his sister's house in Riverbank after his 81-year-old father, Loren Nicholson, wrestled the gun from him. Matthew Nicholson had only driven five kilometres away, and police pulled him over near a relative's home in Riverbank.

Spartak Moscow Condemned By Anti-Racism Groups For Offensive Twitter Post
Leonid Mironov, the club's youth-team captain, was last month charged with racist behaviour towards Liverpool's Rhian Brewster during a UEFA Youth League match.

(NASDAQ:SBUX) Holdings Cut by IPG Investment Advisors LLC
Walter & Keenan Fincl Consulting Company Mi Adv invested in 31,800 shares or 0.79% of the stock. (NYSE:HON) for 761,678 shares. It improved, as 36 investors sold ADSK shares while 132 reduced holdings. 99 funds opened positions while 465 raised stakes.