The vulnerability fiasco continues for Intel with new bug

Jan 12, 2018 10:15 GMT  ·  By

As if the Meltdown and Spectre bugs weren’t enough trouble for Intel already, security researcher Harry Sintonen working for Finnish company F-Secure discovered another vulnerability that potentially affects millions of corporate laptops.

This time, the security bug exists in Intel’s Active Management Technology (AMT) and can be exploited by hackers to take complete control of a vulnerable device “in a matter of seconds,” as the researcher explains.

What’s important to note from the very beginning is that unlike Meltdown and Spectre, a successful exploit of this vulnerability (which doesn’t yet have a name) requires physical access to the device. But this is still a critical flaw, Sintonen points out, as a hacker can compromise a system in less than a minute and then remotely control it by connecting to the same network.

The vulnerability can be exploited even if other security measures are in place, including here a BIOS password, BitLocker, TPM Pin, or a traditional antivirus.

Full access to the compromised device

Sintonen says that while a BIOS password would normally block malicious actors, Intel’s AMT opens the door to an alternative attack which in the end provides the attacker with remote access to the system.

“By selecting Intel’s Management Engine BIOS Extension (MEBx), they can log in using the default password “admin,” as this hasn’t most likely been changed by the user. By changing the default password, enabling remote access and setting AMT’s user opt-in to “None”, a quick-fingered cyber criminal has effectively compromised the machine. Now the attacker can gain access to the system remotely,” he explains in an in-depth analysis of the vulnerability.

Having full access to a compromised system provides a hacker with rights to read and modify data, but also to deploy malware on the device despite any security solutions that might be enabled.

“The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures,” Sintonen says.

Intel hasn’t yet responded to this new vulnerability, but the security company recommends always keeping an eye on corporate laptops, a well as strong passwords for AMT or even disabling this feature completely.