Secure: Major security flaw affecting millions of corporate laptops

Kannettava tietokone etualalla ja tuntematon mies näkyy taustalla

However, the essence of this issue is that even when a BIOS password has been set, an attacker does not need it to configure AMT. Today, researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware-remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel. Weaknesses in the tech have been discovered before (examples here and here) but the latest flaw is nonetheless noteworthy because of the ease of exploitation.

That's not all. Due to insecure default configuration in BIOS and AMT's BIOS extension, an attacker with physical access can configure AMT using default password "admin".

"To exploit this, all an attacker needs to do is reboot or power up the target machine and press CTRL-P during bootup". They're still at risk of local attack, because this attack works against AMT-enabled devices with default passwords.

"The attacker can now gain remote access to the system from both wireless and wired networks, as long as they're able to insert themselves onto the same network segment with the victim", the company wrote. Access to the device may also be possible from outside the local network via an attacker-operated CIRA server.

Although the initial attack requires physical access, Sintonen explained that the speed with which it can be carried out makes it easily exploitable in a so-called "evil maid" scenario.

"If you leave your laptop in your hotel room while you go out for a drink, an attacker can break into your room and configure your laptop in less than a minute, and now he or she can access your desktop when you use your laptop in the hotel", he said. This is where a pair of attackers identify a target and while one distracts the mark, the other accesses the computer. The remote access is limited to whatever network the targeted computer connects to, but that can include wireless networks.

For more details, see F-Secure's FAQ on the flaw. A similar vulnerability, related to USB provisioning, was previously uncovered by CERT-Bund.

Imagine someone having the capability to remotely access and operate your laptop at their whim, without you being able to do anything about it.


A successful attack would lead to complete loss of confidentiality, integrity and availability, F-Secure said. "Since then we have been coordinating with laptop vendors and with Intel", F-Secure spokeswoman Melissa Michael tells ISMG.

Most importantly: if the AMT password has been set to an unknown value on a user's laptop, consider the device suspect and initiate incident response. "That is why it's important to raise public awareness".

"Intel has provided recommendations to system manufacturers in September 2015 to protect the Intel MEBx with the system BIOS password", it says. As a result, an unauthorised person with physical access to a computer in which access to MEBx is not restricted, and in which AMT is in factory default, could potentially alter its AMT settings.

Intel AMT is shipped in various states (enabled or disabled by default) depending on the laptop/desktop OEM's policy. This guidance (PDF) was updated and reiterated last November.

What is new Intel AMT flaw?

The issue affects most, if not all laptops that support Intel Management Engine / Intel AMT.

This issue has largely been under the radar of most enterprises because it has no CVE number, security update or new version available, but it affects major suppliers and a large number of laptops.

For systems with AMT built in, however, anyone who uses the PC can boot to MEBx, for which Intel has set a default password of "admin", F-Secure says.

Related News:

  • Take 5: Matchups that will determine Patriots-Titans

    Take 5: Matchups that will determine Patriots-Titans

    Also, James White and Dion Lewis (5 yards per carry) are extremely risky , not just catching the football, but running it as well. The frozen home crowd of 68,000 exhaled icicles and the Patriots went on to win their second Super Bowl in three years.
    Real Madrid vs. Villarreal live stream

    Real Madrid vs. Villarreal live stream

    Los Blancos now sit 16 points behind leaders FC Barcelona , after they drew 2-2 with Celta Vigo last weekend. Its next league game is on Saturday against sixth-place Villarreal .

    Trump's 'shithole' comments stirred anger and condemnation, but not from everyone

    Trump allegedly said after being presented with a proposal to restore protections for immigrants from the countries in question. The two men said they "do not recall the President saying those comments specifically" but also didn't deny he said them.
  • Army Chief: Army Ready To Call Pakistan's Nuke Bluff

    Army Chief: Army Ready To Call Pakistan's Nuke Bluff

    The ISPR chief said Pakistan is a responsible nuclear state with a professional army, therefore India "must not remain in illusion".
    Fortnite Battle Royale talks Map Update in new video

    Fortnite Battle Royale talks Map Update in new video

    Williamson said that the different "biomes" have been divided up more clearly, so as to help distinguish them from each other. The swamp feels swampier, the mountains feel more mountain-ey...really, the different areas of the map feel more unique.

    Dark Souls: Remastered is coming to several new platforms

    Keep your eyes locked to TiX, and you may see some Dark Souls content in the leading up to the launch of Dark Souls : Remastered . Experience the rich world of Dark Souls in Dynamic 4K resolution when playing on a PS4 Pro , Xbox One X , and PC (Steam).
  • Man Utd boss Jose Mourinho calls end to feud with Antonio Conte

    Man Utd boss Jose Mourinho calls end to feud with Antonio Conte

    There have been media narratives in the press naming Luis Enrique or Massimiliano Allegri as his possible successor. Thus, in spite of everything that Conte has accomplished, his long term future at the club is very much in doubt.

    Stock under Discussion: Teekay Offshore Partners LP (TOO)

    It is negative, as 60 investors sold CVS shares while 571 reduced holdings. 14 funds opened positions while 13 raised stakes. Arrow Investment Advisors Llc bought 198,728 shares as the company's stock declined 38.73% while stock markets rallied.

    Verizon Communications Inc. (VZ) Position Cut by Private Asset Management Inc

    As per Monday, January 25, the company rating was maintained by RBC Capital Markets. (NASDAQ:SYNC) rating on Tuesday, October 18. The cell phone carrier reported $0.98 earnings per share (EPS) for the quarter, meeting the consensus estimate of $0.98.
  • $0.13 EPS Expected for Cabot Oil & Gas Co. (COG) This Quarter

    Analysts are turning out to be more optimistic than before, with 10 of analysts who cover Dave & Buster's Entertainment, Inc. Bradley Foster & Sargent Inc increased Cabot Oil & Gas Corp Cl A (COG) stake by 13.7% reported in 2017Q3 SEC filing.
    Life Time fitness center removes cable news channels from its screens

    Life Time fitness center removes cable news channels from its screens

    Big-screen TVs throughout the clubs "now air US , A&E, Discovery and HGTV, in addition to local stations and ESPN", she said. McCall Gosselin, a spokeswoman for fitness chain Planet Fitness, said the issue had "never come up".
    Spartak Moscow Condemned By Anti-Racism Groups For Offensive Twitter Post

    Spartak Moscow Condemned By Anti-Racism Groups For Offensive Twitter Post

    Leonid Mironov, the club's youth-team captain, was last month charged with racist behaviour towards Liverpool's Rhian Brewster during a UEFA Youth League match.


Most liked

What's Propelling Progress Software Corporation (PRGS) to Reach 52-Week High?
Simple BUY signals occur when prices close above the moving average; SELL signals occur when prices fall below the moving average. Alpha Windward Ltd Liability Company owns 0.34% invested in Progress Software Corporation (NASDAQ:PRGS) for 14,220 shares.

No trip to London since embassy site is a 'bad deal'
In January past year , Mrs May was the first foreign leader to visit Mr Trump in the White House. He was scheduled to visit the British capital next month to open the new facility.

Sicart Associates LLC Takes Position in Patterson-UTI Energy, Inc. (PTEN)
As per Friday, October 27, the company rating was maintained by Nomura. (NYSE:JPM) on Tuesday, January 17 to "Mkt Perform" rating. The analysts are organized by industry, giving them deep insight into developments that may affect profits and stock performance.

(INTC) Shares Bought by Westpac Banking Corp
Following the completion of the transaction, the insider now owns 1,536 shares in the company, valued at approximately $71,777.28. It is flat, as 52 investors sold INTC shares while 663 reduced holdings. only 127 funds opened positions while 608 raised stakes.

Lincoln National Corp Has $2.03 Million Stake in McDonald's Co. (NYSE:MCD)
Paloma Prns Mgmt stated it has 25,202 shares or 0.05% of all its holdings. 31 funds opened positions while 136 raised stakes. The fast-food giant reported $1.76 EPS for the quarter, beating the Thomson Reuters' consensus estimate of $1.75 by $0.01.

Panthers claiming Cam Newton had knee injury, not concussion
My helmet had came down low enough over my eyelid and it got pressed by the player's stomach I believe. The NFL learned about the injury while interviewing Panthers officials over the phone this week.

Trump issues ultimatum to fix Iran nuclear deal
Trump has repeatedly criticized the accord, while Iran has accused the USA of failing to comply with it. In return, decades of worldwide and U.S. nuclear-related sanctions were suspended.

Kohli, Pujara slip in ICC Test rankings
Pujara's scores of 26 and four resulted in his total falling by 25 points, as he slipped from third to fifth. It feels great to be playing alongside these veterans", Rabada was quoted as saying by The Indian Express .

Financial Advisory Group Holds Position in Baxter International Inc. (BAX)
The company holds a market cap of 37.29B with a P/E of 36.91 indicating whether its share price properly reflects its performance. Finally, IFM Investors Pty Ltd purchased a new position in Baxter International during the second quarter valued at $831,000.

Sex Offender Allowed To Finish College Before Continuing Sentence
Neurauter, 21, pleaded guilty to one count of sexual interference and was sentenced last week to 89 days in jail. Giving evidence, the girl said at one point Neurauter choked her before handing over a bra as a gift.

Gamer, 28, kills mom after blaming her for broken headset, police say
The suspect fled to his sister's house in Riverbank after his 81-year-old father, Loren Nicholson, wrestled the gun from him. Matthew Nicholson had only driven five kilometres away, and police pulled him over near a relative's home in Riverbank.

Suu Kyi Says Rohingya Mass Grave Investigation 'Positive'
National police spokesman Thet Naing said he was not aware of the murder complaint. Also, they have been long persecuted by the Buddhists and the security forces.

Ryan Giggs Set For Big Managerial Job, Interview Done
Giggs and Bradley both interviewed for the Swansea job previous year before the American was appointed manager on October 3. Another former pro being considered is ex-Newcastle and Manchester City striker Craig Bellamy .

Liam Neeson says there is a "witch hunt" in sexual misconduct allegations
Dustin Hoffman has been accused of sexual assault by multiple women , of exposing himself to a minor and of sexual harassment. During his appearence on last night's Late Late Show , he also stated that "the focus was on Hollywood" at the moment.

Southwest Airlines (NYSE:LUV) Cut to "Hold" at ValuEngine
Peapack Gladstone Financial Corp raised its holdings in shares of Southwest Airlines by 2.5% during the 2nd quarter. A number of institutional investors and hedge funds have recently added to or reduced their stakes in the stock.