New Intel AMT Security Flaw Allows Hackers to Take Full Control of Laptops in Just 30 Seconds

New Security Flaw in Intel Hardware Poses Major Risks for Corporate Laptops

Intel faces significant scrutiny as researchers uncover a critical vulnerability that jeopardizes millions of laptops globally. The flaw, identified by Finnish cybersecurity firm F-Secure, enables attackers to remotely access corporate devices in less than 30 seconds, raising alarms among IT administrators.

This newly discovered vulnerability lies within Intel’s Active Management Technology (AMT), a feature designed to empower IT personnel. AMT allows for the remote management of devices, enabling updates and repairs without physical presence. However, the researchers revealed that the default settings for AMT are misleadingly insecure, allowing an attacker with physical access to bypass all necessary login credentials—including BIOS, BitLocker, and TPM pin codes—thereby gaining full control of the device.

In typical scenarios, setting a BIOS password should prevent unauthorized access, safeguarding the system even from initial boot-up. However, the password measures do not extend to the AMT BIOS extension, creating a pathway for attackers to exploit AMT configurations, thus facilitating remote operations post-exploitation.

The security community is particularly concerned about this recent vulnerability, as it embodies a trifecta of alarming attributes: it is easily exploitable with no code involved, it affects a broad range of Intel corporate laptops, and it can enable remote access for further exploitation. F-Secure’s senior security researcher, Harry Sintonen, characterizes the attack as “deceptively simple,” yet laden with potential for major disruption.

The attack’s mechanism involves gaining physical access to the targeted device, where an attacker, upon rebooting the system, can invoke the Intel Management Engine BIOS Extension (MEBx) by pressing CTRL-P. The default password for MEBx, often left unchanged, is typically “admin,” allowing further manipulation of the system settings. Once logged in, an attacker can make critical changes, including disabling security features and enabling persistent remote access.

The risk escalates given that, although physical access is initially required, the speed with which an attacker can execute the exploit means even a brief distraction of a target in a public space can jeopardize the security of the device. Exploiting the vulnerability could unfold swiftly during scenarios such as a café or airport visit, underscoring the ease with which insecure laptops can be compromised.

As of now, F-Secure, in collaboration with the CERT Coordination Center, has informed Intel and relevant manufacturers to urgently address this security flaw. Users and IT departments are advised to immediately change default AMT passwords to robust alternatives or consider disabling the technology altogether. Furthermore, the importance of never leaving laptops unattended, especially in public locations, is essential for mitigating risk.

This vulnerability does not pertain to known issues such as the Meltdown and Spectre exploits affecting many microchips but highlights another facet of Intel’s complex security landscape. Understanding the implications of this vulnerability could assist in appraising both initial access and privilege escalation tactics present within the MITRE ATT&CK framework, stressing the need for vigilance against such exploits in today’s increasingly digital workplace.

Source link