Secure: Major security flaw affecting millions of corporate laptops

Finnish firm detects new Intel security flaw

"In practice this flaw could give a hacker complete control over the affected laptop despite the best security measures."More

Following on the heels of the revelations of the Meltdown and Spectre vulnerabilities plaguing decades of Intel's processors, a new flaw in the Active Management Technology (AMT) has left Intel in even more hot water among the cybersecurity community.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

Physical access is needed to the computer, but to exploit the Intel AMT vulnerability all an attacker needs to do is power up the target machine and press CTRL-P during boot-up.

Harry Sintonen, one of F-Secure's senior security consultants, describes using the "evil maid" scenario.

"In practice, it can give an attacker complete control over an individual's work laptop, despite even the most extensive security measures", he said in the statement.

While setting a BIOS password normally prevents an unauthorised user from booting the device or making low-level changes to it, it doesn't prevent access to the AMT BIOS extension, allowing an attacker to reconfigure AMT and enable remote exploitation possible if the default password hasn't been changed. What he has essentially done here is set up the machine to allow remote access without the user's knowledge that the computer is being exploited.

The setup is simple: an attacker starts by rebooting the target's machine, after which they enter the boot menu. The attacker then may log into Intel Management Engine BIOS Extension (MEBx) using the default password, "admin", as this default is most likely unchanged on most corporate laptops.

From there, the attacker can edit the default password and enable remote access for themselves. In certain cases, the assailant can also program AMT to connect to their own server, which negates the necessity of being in the same network segment as the victim.

Ironwood Pharmaceuticals, Inc. (IRWD), Chicago Bridge & Iron Company NV (CBI)
The firm owned 37,104 shares of the construction company's stock after purchasing an additional 28,126 shares during the quarter. It is negative, as 53 investors sold FB shares while 618 reduced holdings. 22 funds opened positions while 48 raised stakes.

"The attacker can break into your room and configure your laptop in less than a minute, and now he or she can access your desktop when you use your laptop in the hotel WLAN".

Intel AMT is the software that sits on top of the Intel Management Engine (ME) and is supposed to allow IT administrators to gain out-of-band remote access to computers in a network.

Sintonen and his colleagues at F-Secure have come across the issue repeatedly since early summer past year.

Although Intel recommends that suppliers require the BIOS password to provision Intel AMT and has produced a Q&A about security best practices for AMT, F-Secure said this and other Intel guides on AMT security have not had the desired effect on the real-world security of corporate laptops.

However, F-Secure believes that the "pure simplicity of exploiting this particular issue sets it apart from previous instances". For this reason, it's especially important that organizations know about the unsafe default so they can fix it before it begins to be exploited.

Sintonen recommends that companies configure an AMT password so attackers wouldn't be able to boot via MEBx and compromise the system.

Late last month, Intel to prevent these and other types of AMT-based attacks on PCs. Alternately, disable AMT on the device. "If the password is already set to an unknown value consider the device suspect and initiate incident response procedure", it says. And they could also install malware on the device, even at the firmware level.

Never leave your laptop unwatched in an insecure location such as a public place.

Latest News