A NEW SECURITY FLAW in Intel’s Active Management Technology (AMT) can be used by attackers with physical access to get around authentication processes in just 30 seconds.
F-Secure, the security software and services company that claims to have uncovered the flaws, attribute it to a string of insecure default settings found in Intel AMT. These enable attackers to bypass both user and BIOS passwords.
It is also possible to get around the Trusted Platform Module (TPM) and Bitlocker PINs to get backdoor access to corporate laptops in under a minute.
According to F-Secure, this issue affects most corporate laptops and PCs running Intel AMT.
Attackers don’t need access to credentials to do this and, because the flaw is in AMT, millions of laptop users could be at risk around the world.
Harry Sintonen, a senior security consultant at F-Secure, led the research. He described the flaw as “almost deceptively simple to exploit, but it has incredible destructive potential”.
“In practice, it can give an attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”
Intel AMT is software designed to provide maintenance and remote access monitoring services for corporate laptop users.
It’s aimed, especially, at IT departments and managed service providers to offer full control of their device fleets. However, security experts have slammed the software in the past, pointing out security weaknesses.
However, F-Secure believes that the “pure simplicity of exploiting this particular issue sets it apart from previous instances”, warning: “The weakness can be exploited in mere seconds without a single line of code”.
Normally, laptop users set-up BIOS passwords to prevent unauthorised users from booting up devices or making changes to the boot-up process.
To exploit the flaws highlighted by F-Secure, attackers only need to reboot or power-up the target machine and press CTRL-P during boot-up, claimed F-Secure. After that, they can log-in to Intel Management Engine BIOS Extension (MEBx) with a default password.
From there, the attacker can edit the default password and enable remote access for themselves.
“The attacker can now gain remote access to the system from both wireless and wired networks, as long as they’re able to insert themselves onto the same network segment with the victim,” warned F-Secure.
Sintonen added that this can be done relatively quickly – hence, exposing corporate laptops, for example, to a so-called ‘evil maid‘ in hotels, coffee shops and other public and semi-public places.
“The attacker can break into your room and configure your laptop in less than a minute, and now he or she can access your desktop when you use your laptop in the hotel WLAN.
“And since the computer connects to your company VPN, the attacker can access company resources.” µ
Source : Inquirer