Critical Intel AMT Flaw Lets Attackers Hack Laptops in Mere Seconds

Haythem Elmir

It has been a matter of days when we found out about the flaws in AMD, ARM and Intel’s computer microchips that allowed attackers to carry out Spectre and Meltdown attacks. Since these microchips are widely used in almost all desktops/laptops, smartphones and tablets, therefore, the discovery sent out shockwaves among high-profile tech giants including Microsoft, Google, Mozilla, and Amazon. Security experts rushed to churn out security updates and patch the flaw. Seem like problems for Intel are far from over because another flaw has been discovered in Intel hardware by Finnish cyber security firm F-Secure.

In its official statement released on Friday, 12th January regarding the newly identified hardware flaw, F-Secure stated that it allows hackers to remotely access corporate laptops. However, the company has categorically denied that the new discovery has any connection with Meltdown and Spectre vulnerabilities.

On the contrary, this issue has been identified in the AMT (Intel Active Management Technology) commonly used in corporate laptops. AMT vulnerability allows hackers to gain full control of a device within mere seconds (less than 30 seconds). Moreover, the problem scope is extremely wide since “millions of laptops globally” are believed to have been affected so far.

According to Harry Sintonen, F-Secure consultant and the one responsible for discovering this flaw, the issue is “shockingly” simplistic but has tremendous “destructive potential,” because it provides complete control of the affected laptop to an attacker regardless of the presence of industry’s best security practices.

It is revealed by F-Secure that to compromise a laptop an attacker would need physical access to the device and after accomplishing that, the AMT would be re-configured after which a backdoor will be created. This would eventually let the attacker connect to the same wireless network that is being used by the victim and the device could be remotely accessed. It is also possible to modify the programming of AMT so that it connects to the attacker’s server, which would eliminate the need for the attacker to connect to the same network that is being used by the victim to fulfill their malicious objectives.

In a statement, Sintonen explains: “By selecting Intel’s Management Engine BIOS Extension (MEBx), they can log in using the default password “admin,” as this hasn’t most likely be changed by the user. By changing the default password, enabling remote access and setting AMT’s user opt-in to “None”, a quick-fingered cybercriminal has effectively compromised the machine. Now the attacker can gain access to the system remotely.”

To read the original article:

Laisser un commentaire

Next Post

Police distributed malware infected USBs as cybersecurity quiz prizes

The Police are supposed to protect and serve but Taiwanese police in the news for distributing malware-infected USB sticks to the winners of a cybersecurity-related quiz during a conference hosted by the Presidential Office in December 2017. According to reports, the National Police – the Criminal Investigation Bureau (CBI) awarded 250 USB sticks with 8GB of […]