Secure: Major security flaw affecting millions of corporate laptops

Kannettava tietokone etualalla ja tuntematon mies näkyy taustalla

However, the essence of this issue is that even when a BIOS password has been set, an attacker does not need it to configure AMT. Today, researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware-remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel. Weaknesses in the tech have been discovered before (examples here and here) but the latest flaw is nonetheless noteworthy because of the ease of exploitation.

That's not all. Due to insecure default configuration in BIOS and AMT's BIOS extension, an attacker with physical access can configure AMT using default password "admin".

"To exploit this, all an attacker needs to do is reboot or power up the target machine and press CTRL-P during bootup". They're still at risk of local attack, because this attack works against AMT-enabled devices with default passwords.

"The attacker can now gain remote access to the system from both wireless and wired networks, as long as they're able to insert themselves onto the same network segment with the victim", the company wrote. Access to the device may also be possible from outside the local network via an attacker-operated CIRA server.

Although the initial attack requires physical access, Sintonen explained that the speed with which it can be carried out makes it easily exploitable in a so-called "evil maid" scenario.

"If you leave your laptop in your hotel room while you go out for a drink, an attacker can break into your room and configure your laptop in less than a minute, and now he or she can access your desktop when you use your laptop in the hotel", he said. This is where a pair of attackers identify a target and while one distracts the mark, the other accesses the computer. The remote access is limited to whatever network the targeted computer connects to, but that can include wireless networks.

For more details, see F-Secure's FAQ on the flaw. A similar vulnerability, related to USB provisioning, was previously uncovered by CERT-Bund.

Imagine someone having the capability to remotely access and operate your laptop at their whim, without you being able to do anything about it.


A successful attack would lead to complete loss of confidentiality, integrity and availability, F-Secure said. "Since then we have been coordinating with laptop vendors and with Intel", F-Secure spokeswoman Melissa Michael tells ISMG.

Most importantly: if the AMT password has been set to an unknown value on a user's laptop, consider the device suspect and initiate incident response. "That is why it's important to raise public awareness".

"Intel has provided recommendations to system manufacturers in September 2015 to protect the Intel MEBx with the system BIOS password", it says. As a result, an unauthorised person with physical access to a computer in which access to MEBx is not restricted, and in which AMT is in factory default, could potentially alter its AMT settings.

Intel AMT is shipped in various states (enabled or disabled by default) depending on the laptop/desktop OEM's policy. This guidance (PDF) was updated and reiterated last November.

What is new Intel AMT flaw?

The issue affects most, if not all laptops that support Intel Management Engine / Intel AMT.

This issue has largely been under the radar of most enterprises because it has no CVE number, security update or new version available, but it affects major suppliers and a large number of laptops.

For systems with AMT built in, however, anyone who uses the PC can boot to MEBx, for which Intel has set a default password of "admin", F-Secure says.

Related News:

  • Hyundai/Grab to enhance future mobility services in Southeast Asia

    Hyundai/Grab to enhance future mobility services in Southeast Asia

    Young Cho Chi, chief innovation officer and head of Strategy & Technology Division at Hyundai. That means Grab could possibly tap into whatever that partnership delivers.
    Trump issues ultimatum to fix Iran nuclear deal

    Trump issues ultimatum to fix Iran nuclear deal

    Trump has repeatedly criticized the accord, while Iran has accused the USA of failing to comply with it. In return, decades of worldwide and U.S. nuclear-related sanctions were suspended.
    Sanchez future uncertain as United, City circle

    Sanchez future uncertain as United, City circle

    Manchester United manager Jose Mourinho describes Alexis Sanchez as a "phenomenal player" and offers a hint that the Arsenal forward is on his radar.
  • $0.13 EPS Expected for Cabot Oil & Gas Co. (COG) This Quarter

    Analysts are turning out to be more optimistic than before, with 10 of analysts who cover Dave & Buster's Entertainment, Inc. Bradley Foster & Sargent Inc increased Cabot Oil & Gas Corp Cl A (COG) stake by 13.7% reported in 2017Q3 SEC filing.
    What Are Analysts Report About Teva Pharmaceutical Industries Limited (TEVA)

    What Are Analysts Report About Teva Pharmaceutical Industries Limited (TEVA)

    It has underperformed by 58.40% the S&P500.The move comes after 9 months positive chart setup for the $20.36 billion company. The stock, as of last close, traded 76.22% away to its 52 week low and was at a distance of -49.60% from its 52 week high.
    Suu Kyi Says Rohingya Mass Grave Investigation 'Positive'

    Suu Kyi Says Rohingya Mass Grave Investigation 'Positive'

    National police spokesman Thet Naing said he was not aware of the murder complaint. Also, they have been long persecuted by the Buddhists and the security forces.
  • Florida monkeys are excreting an infectious disease fatal to humans

    Florida monkeys are excreting an infectious disease fatal to humans

    Macaques were introduced to the Sunshine State's Silver Springs State Park as a tourist attraction nearly 100 years ago. They draw people to the state's parks and have become notorious for their interactions with humans.
    Man Utd boss Jose Mourinho calls end to feud with Antonio Conte

    Man Utd boss Jose Mourinho calls end to feud with Antonio Conte

    There have been media narratives in the press naming Luis Enrique or Massimiliano Allegri as his possible successor. Thus, in spite of everything that Conte has accomplished, his long term future at the club is very much in doubt.

    Dark Souls: Remastered is coming to several new platforms

    Keep your eyes locked to TiX, and you may see some Dark Souls content in the leading up to the launch of Dark Souls : Remastered . Experience the rich world of Dark Souls in Dynamic 4K resolution when playing on a PS4 Pro , Xbox One X , and PC (Steam).
  • Samsung Unveils The Wall

    Samsung Unveils The Wall

    In contrast, QLED TVs lacked impressive advancements compared to their AMOLED counterparts, leading to lower-than-expected sales. What's more, unlike OLEDs, MicroLEDs can potentially go brighter and exhibit immunity to ageing and burn in issues.
    Spartak Moscow Condemned By Anti-Racism Groups For Offensive Twitter Post

    Spartak Moscow Condemned By Anti-Racism Groups For Offensive Twitter Post

    Leonid Mironov, the club's youth-team captain, was last month charged with racist behaviour towards Liverpool's Rhian Brewster during a UEFA Youth League match.

    Southwest Airlines (NYSE:LUV) Cut to "Hold" at ValuEngine

    Peapack Gladstone Financial Corp raised its holdings in shares of Southwest Airlines by 2.5% during the 2nd quarter. A number of institutional investors and hedge funds have recently added to or reduced their stakes in the stock.


Most liked

What's Propelling Progress Software Corporation (PRGS) to Reach 52-Week High?
Simple BUY signals occur when prices close above the moving average; SELL signals occur when prices fall below the moving average. Alpha Windward Ltd Liability Company owns 0.34% invested in Progress Software Corporation (NASDAQ:PRGS) for 14,220 shares.

Iran calls fresh USA sanctions illegal, hostile
Additionally, the Treasury Department imposed new measures that target Iranian businesses and individuals for human rights abuses. In the absence of such an agreement, the United States will not again waive sanctions in order to stay in the Iran nuclear deal.

Sicart Associates LLC Takes Position in Patterson-UTI Energy, Inc. (PTEN)
As per Friday, October 27, the company rating was maintained by Nomura. (NYSE:JPM) on Tuesday, January 17 to "Mkt Perform" rating. The analysts are organized by industry, giving them deep insight into developments that may affect profits and stock performance.

CES 2018 Had a Blackout and The Tweets Are Hilarious
Intel tweeted , "Introducing Blackout TM: The biggest thing to hit #CES2018 since #5G". "[CES] Central Hall electricity went out". The CES logo is seen during CES 2018 at the Las Vegas Convention Center on January 10, 2018 in Las Vegas , Nevada.

Senator calls false missile alert 'inexcusable'
It's unclear why the alert went out . "It was a false alarm based on a human error". "There is no missile threat", he tweeted. Tulsi Gabbard (D-Hawaii) also tried to calm their constituents in the message, calling it a "false alarm".

Lincoln National Corp Has $2.03 Million Stake in McDonald's Co. (NYSE:MCD)
Paloma Prns Mgmt stated it has 25,202 shares or 0.05% of all its holdings. 31 funds opened positions while 136 raised stakes. The fast-food giant reported $1.76 EPS for the quarter, beating the Thomson Reuters' consensus estimate of $1.75 by $0.01.

Panthers claiming Cam Newton had knee injury, not concussion
My helmet had came down low enough over my eyelid and it got pressed by the player's stomach I believe. The NFL learned about the injury while interviewing Panthers officials over the phone this week.

Steelers WR expected to play Sunday despite illness
Head coach Mike Tomlin says he kept Brown away from Friday's practice to prevent his illness from spreading to other players. But, he's officially listed as questionable on the injury report and has missed the last couple of weeks.

After Logan Paul incident, Google Preferred YouTube videos will face further vetting
The news comes as YouTube released a statement confirming that Paul would be punished for his misdeeds. It adds that it was taking steps to ensure similar videos are never circulated again.

Life Time fitness center removes cable news channels from its screens
Big-screen TVs throughout the clubs "now air US , A&E, Discovery and HGTV, in addition to local stations and ESPN", she said. McCall Gosselin, a spokeswoman for fitness chain Planet Fitness, said the issue had "never come up".

Stock under Discussion: Teekay Offshore Partners LP (TOO)
It is negative, as 60 investors sold CVS shares while 571 reduced holdings. 14 funds opened positions while 13 raised stakes. Arrow Investment Advisors Llc bought 198,728 shares as the company's stock declined 38.73% while stock markets rallied.

Financial Advisory Group Holds Position in Baxter International Inc. (BAX)
The company holds a market cap of 37.29B with a P/E of 36.91 indicating whether its share price properly reflects its performance. Finally, IFM Investors Pty Ltd purchased a new position in Baxter International during the second quarter valued at $831,000.

Real Madrid vs. Villarreal live stream
Los Blancos now sit 16 points behind leaders FC Barcelona , after they drew 2-2 with Celta Vigo last weekend. Its next league game is on Saturday against sixth-place Villarreal .

Amazon's Alexa is coming to Toyota and Lexus cars
The Vuzix Blade Augmented Reality Smart Glasses, as the company calls it, will set interested consumers back a hefty $1,000. With Alexa's entry to Windows 10 devices, the digital assistant now poses a greater threat to Siri and Google Assistant.

(NASDAQ:SBUX) Holdings Cut by IPG Investment Advisors LLC
Walter & Keenan Fincl Consulting Company Mi Adv invested in 31,800 shares or 0.79% of the stock. (NYSE:HON) for 761,678 shares. It improved, as 36 investors sold ADSK shares while 132 reduced holdings. 99 funds opened positions while 465 raised stakes.