1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Intel AMT security hole lets hackers take control of corporate laptops

By Cal Jeffrey ยท 10 replies
Jan 12, 2018
Post New Reply
  1. Intel is off to a rough start in 2018 with yet another security issue found impacting their products. Coming fast on the heels of Spectre and Meltdown is a security vulnerability in Intel’s Active Management Technology (AMT). The Intel Core processor with vPro feature is intended to help IT staff manage networked assets. Ironically, it is supposed to help administrators protect devices. This security risk flushes all that down the toilet.

    According to researchers at F-Secure, “The issue allows a local intruder to backdoor almost any corporate laptop in a matter of seconds, even if the BIOS password, TPM Pin, Bitlocker and login credentials are in place. No, we’re not making this stuff up.”

    This flaw has a high destructive potential and can be executed very quickly. The attacker does need to have physical access to the laptop but there are several scenarios where this could prove to be a trivial issue.

    Harry Sintonen, one of F-Secure’s senior security consultants, describes using the “evil maid” scenario. This is where a pair of attackers identify a target and while one distracts the mark, the other accesses the computer. Since the exploit can be completed in seconds, this tactic is quite viable.

    "AMT is no stranger to security weaknesses, with many other researchers finding multiple flaws within the system, but Sintonen’s discovery surprised even him."

    The way the attack is accomplished is by rebooting the computer and then entering the boot menu. In most circumstances, this is the end of the line for an attacker because any competent IT pro would have enabled the BIOS password and the exploit could go no further.

    However, on AMT machines, the attacker can select Intel’s Management Engine BIOS Extension (MEBx) and log in using the default password “admin.” They can then change the password, enable remote access and set the user’s opt-in to “None.” What he has essentially done here is set up the machine to allow remote access without the user’s knowledge that the computer is being exploited.

    To remote in, the attacker does have to be on the same network segment. However, Sintonen says that wireless access can be achieved with only a few extra steps.

    Dealing with the problem can be a pain, especially for large companies with vast numbers of mobile assets. In most cases, the individual machines must be physically accessed and have the AMT default password changed or have the suite disabled altogether.

    "The security issue seems like something lifted straight from IT security officers’ worst nightmares."

    F-Secure advises that large companies first try to determine the number of affected devices remotely to find a more manageable number. There is no sense wasting time on laptops that do not have AMT.

    “Organizations with Microsoft environments and domain connected devices can also take advantage of the System Center Configuration Manager to provision AMT,” said F-Secure. If in the process of reconfiguration, a device is found with the AMT password set to an unknown value, assume the worst and initiate an incident response. “First rule of cybersecurity? Never take unnecessary risks.” For more details, see F-Secure's FAQ on the flaw.

    Permalink to story.

     
    Last edited by a moderator: Jan 12, 2018
  2. senketsu

    senketsu TS Guru Posts: 817   +544

    This (lack of security in seemingly everything) is getting to the point where I am at a loss for words.
     
  3. psycros

    psycros TS Evangelist Posts: 2,312   +1,925

    When every company builds in backdoors to spy on users, guess what? Hackers exploit those backdoors. Real security means nobody has remote access unless a device has been configured to be part of a managed network and/or you have user consent (with total transparency). There is NO excuse for this monster Intel has created when you have multiple bare-metal remote deployment solutions on the market that will let you fully secure new PCs across the wire. And all done completely in software. Intel could have taken the same approach but they wanted to spy on everyone. I'm sure the NSA appreciated that greatly, probably in the form of large payouts.
     
  4. Evernessince

    Evernessince TS Evangelist Posts: 3,179   +2,418

    To me it seems like an advertisement for open sourcing the security management of these processors.
     
  5. Puiu

    Puiu TS Evangelist Posts: 3,133   +1,561

    Open source is indeed a good way to prevent intentional backdoors or find some of the weird bugs fast, but it also opens up other problems. It's hard to say which solution is better.
     
  6. SamuraiSamson

    SamuraiSamson TS Booster Posts: 50   +33

    To me, this seems more like a **** up rather than a back door. If it was a back-door this seems like a poor job as it affects only corporate devices where one would require physical access. Moreover, this can be used by seemingly anyone. I would imagine a backdoor to be more insidious like the NIST Dual EC DRBG, where only the NSA would be able to use it.
     
  7. tonylukac

    tonylukac TS Evangelist Posts: 1,375   +71

    You know it seems like gloom and doom, but in many cases why do you want to be locked out of your own computer anyway? People must be up to incredible bullsh-t if they need such protection.
     
  8. ike301

    ike301 TS Rookie

    When the bottom line is the only objective, security will always be an afterthought.
     
    Capaill likes this.
  9. petert

    petert TS Maniac Posts: 289   +117

    Plain incompetence ... these intel guys ... they are a bit special aren't they?
     
  10. dj2017

    dj2017 TS Addict Posts: 130   +113

    All security holes discovered/disclosed in a period of about 6 months. It would be interesting if Intel's next architecture is immune to all of these threats. In that case we all know what the marketing campaign will be saying.
     
  11. Joe Blow

    Joe Blow TS Addict Posts: 244   +77

    These "holes" were engineered by guess who? That's right. The U.S. government. Why? Surreptitious snooping. That's pretty much what all of Big I.T. is. One huge data harvesting operation designed around steering and controlling the population. Oh yeah! That and weeding out their political enemies.
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...