the item’s been a terrible fresh-year-starting for Intel.
Researchers warn of a fresh attack which can be carried out in less than 30 seconds along with potentially affects millions of laptops globally.
As Intel was rushing to roll out patches for Meltdown along with Spectre vulnerabilities, security researchers have discovered a fresh critical security flaw in Intel hardware which could allow hackers to access corporate laptops remotely.
Finnish cyber security firm F-Secure reported unsafe along with misleading default behaviour within Intel Active Management Technology (AMT) which could allow an attacker to bypass login processes along with take complete control over a user’s device in less than 30 seconds.
AMT will be a feature which comes with Intel-based chipsets to enhance the ability of the item administrators along with managed service providers for better controlling their device fleets, allowing them to remotely manage along with repair PCs, workstations, along with servers in their organisation.
The bug allows anyone with physical access to the affected laptop to bypass the need to enter login credentials—including user, BIOS along with BitLocker passwords along with TPM pin codes—enabling remote administration for post-exploitation.
In general, setting a BIOS password prevents an unauthorised user via booting up the device or producing alterations to the boot-up process. yet This kind of will be not the case here.
The password doesn’t prevent unauthorised access to the AMT BIOS extension, thus allowing attackers access to configure AMT along with producing remote exploitation possible.
Although researchers have discovered some severe AMT vulnerabilities inside past, the recently discovered issue will be of particular concern because the item will be:
- easy to exploit without one particular line of code,
- affects most Intel corporate laptops, along with
- could enable attackers to gain remote access to the affected system for later exploitation.
“The attack will be almost deceptively simple to enact, yet the item has incredible destructive potential,” said F-Secure senior security researcher Harry Sintonen, who discovered the issue in July last year.
“In practice, the item can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”
According to the researchers, the newly discovered bug has nothing to do with the Spectre along with Meltdown vulnerabilities recently found inside microchips used in almost all PCs, laptops, smartphones along with tablets today.
Here’s How to Exploit This kind of AMT Issue
To exploit This kind of issue, all an attacker with physical access to a password (login along with BIOS) protected machine needs to do will be reboot or power-up the targeted PC along with press CTRL-P during boot-up, as demonstrated by researchers at F-Secure inside above video.
The attacker then can log into Intel Management Engine BIOS Extension (MEBx) using a default password.
Here, the default password for MEBx will be “admin,” which most likely remains unchanged on most corporate laptops.
Once logged in, the attacker can then change the default password along with enable remote access, along with even set AMT’s user opt-in to “None.”
today, since the attacker has backdoored the machine efficiently, he/she can access the system remotely by connecting to the same wireless or wired network as the victim.
Although exploiting the issue requires physical access, Sintonen explained which the speed along with time at which the item can be carried out makes the item easily exploitable, adding which even one minute of a distraction of a target via its laptop will be enough to do the damage.
“Attackers have identified along with located a target they wish to exploit. They approach the target in a public place—an airport, a café or a hotel lobby—along with engage in an ‘evil maid’ scenario,” Sintonen says.
“Essentially, one attacker distracts the mark, while the additional briefly gains access to his or her laptop. The attack doesn’t require a lot of time—the whole operation can take well under a minute to complete.“
Along with CERT-Coordination Center inside United States, F-Secure has notified Intel along with all relevant device manufacturers about the security issue along with urged them to address the item urgently.
Meanwhile, users along with the item administrators in an organisation are recommended to change the default AMT password of their device to a strong one or disable AMT if This kind of option will be available, along with never leave their laptop or PC unattended in a public place.