Intel AMT security loophole could allow hackers to seize control of laptops

Sheri Evans
January 13, 2018

Finnish cybersecurity specialist F-Secure has reported another serious flaw in Intel hardware.

Although AMT vulnerabilities are not new, the researchers say this issue is particularly severe because it affects most Intel laptops, could enable an attacker to gain remote access for later exploitation, and is particularly easy to exploit. Optionally, unlike the Intel Management Engine (ME), AMT can be disabled, an option that Sintonen also recommends in situations where AMT use is not a corporate policy.

Harry Sintonen, the F-Secure security consultant who investigated the issue, said that the security gap was "almost deceptively simple to exploit" and noted that it could have "incredible destructive potential". "In practice, it can give a local attacker complete control over an individual's work laptop, despite even the most extensive security measures".

Intel AMT is a solution for remote access monitoring and maintenance of corporate-grade personal computers, created to allow IT departments or managed service providers to better control their device fleets.

Normally, laptop users set-up BIOS passwords to prevent unauthorised users from booting up devices or making changes to the boot-up process. What he has essentially done here is set up the machine to allow remote access without the user's knowledge that the computer is being exploited. And once inside AMT (reached by hitting Ctrl-P during boot), the attacker can log in using "admin", input a new remote password, configure AMT to suppress notifications that the laptop has been connected to remotely (thereby preventing users from knowing what's happened), and also configure it to allow wireless remote management in addition to wired management. "This allows an attacker access to configure AMT and make remote exploitation possible", F-Secure said.

The issue permits an attacker with physical access to a laptop to bypass having to enter passwords and to access and remotely exploit the laptop later, the company said.

London Family Could Derail New £1 Billion Stamford Bridge
As per the BBC , Chelsea offered the family £50,000 of legal advice and further compensation but they turned down this proposal. Nicholas and Lucinda Crosthwaite live next door to the stadium in a cottage where their family members have lived for 50 years.

New Delhi opens door for foreign investment in Air India
Vistara CEO Leslie Thng had last week said the airline's promoters had an open mind for AI if it made business sense. Singapore Airlines will keep options open on disinvestment of Air India.

First Solar, Inc. (FSLR)
Wellington Shields & Company bought 18,000 shares as the company's stock rose 4.31% with the market. (NASDAQ: FSLR ). The firm earned "Underperform" rating on Wednesday, February 22 by Credit Suisse. (NASDAQ: FSLR ) for 7,857 shares.

"If you leave your laptop in your hotel room while you go out for a drink, an attacker can break into your room and configure your laptop in less than a minute, and now he or she can access your desktop when you use your laptop in the hotel", he said.

F-Secure's Sintonen, however, wasn't the only security researcher to unearth the problem.

"Now the attacker can gain access to the system remotely", F-Secure's release noted, "as long as they're able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)". For this reason, it's especially important that organizations know about the unsafe default so they can fix it before it begins to be exploited.

F-Secure said in a statement that the flaw had nothing to do with the "Spectre" and "Meltdown" vulnerabilities recently found in the micro-chips that are used in nearly all computers, tablets and smartphones today.

Sintonen recommends that companies configure an AMT password so attackers wouldn't be able to boot via MEBx and compromise the system.

Intel AMT is commonly found on computers using Intel vPro-enabled processors as well as platforms based on some Intel Xeon processors. However, many device manufacturers do not follow this advice. "If the password is already set to an unknown value consider the device suspect and initiate incident response procedure", it says.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER