Intel AMT Security Issue Lets Attackers Bypass BIOS and BitLocker Passwords

Finnish firm detects Intel security flaw of ‘almost shocking simplicity

Intel AMT Security Issue Lets Attackers Bypass BIOS and BitLocker Passwords

In a matter of seconds, an attacker can gain access to an Intel AMT-enabled laptop, even if there's a BIOS password in place. The issue, which can only be exploited given physical access to targeted laptop, is unrelated to the recent Spectre and Meltdown vulnerabilities.

F-Secure said it has encountered this issue time and time again, and it needs to be addressed urgently because it is locally exploitable in practical situations, even when laptops have otherwise been completely hardened. Weaknesses in the tech have been discovered before (examples here and here) but the latest flaw is nonetheless noteworthy because of the ease of exploitation. Since the exploit can be completed in seconds, this tactic is quite viable. Standard password of Intels Management Engine BIOS Extension are rarely changed and can invoke business laptops vulnerable to unauthorized remote access, claims F-Secure.

AMT is Intel's proprietary solution to allow IT admins remote access monitoring and maintenance of corporate-grade systems.

An attacker starts by rebooting a target's machine, and then entering the boot menu.

This would allow any attacker to log into Intel Management Engine BIOS Extension (MEBx) using the default password "admin", as this default is probably unchanged on most corporate laptops.

Cricketers are ready for the IPL 2018 Player Auction
Hashim Amla, Kagiso Rabada, Faf du Plessis and Morne Morkel are the few South Africans who are also part of the list. While Australia (58) leads the country-wise breakdown of registered cricketers, South Africa (57) is a close second.

As of now, the only ways of mitigating the danger is to change the AMT password from its default "admin" setting to something harder to guess - or to just disable the feature entirely. The attacker can now gain remote access to the system from both wireless and wired networks, as long as they're able to insert themselves onto the same network segment with the victim.

"The attack is nearly deceptively simple to enact, but it has incredible destructive potential".

"In practice, it can give an attacker complete control over an individual's work laptop, despite even the most extensive security measures", he stressed.

"You leave your laptop in your hotel room while you go out for a drink", he said.

"Essentially, one attacker distracts the mark, while the other briefly gains access to his or her laptop". The attacker can then access the device remotely, by connecting to the same wireless or wired network as the user.

FY2017 EPS Estimates for GoPro Inc (GPRO) Cut by Wedbush
GoPro, Inc . (NASDAQ: GPRO ) touched its 1-Year High price of $11.89 on 09/27/17 and its 1-Year Low price of $ 5.04 on 01/08/18. The market capitalization (Stock Price Multiply by Total Number of Outstanding Shares) for the company is reported at $903.62M.

For more information on the issue, download our FAQ below! A similar vulnerability has also been previously pointed out by CERT-Bund but with regards to USB provisioning, Sintonen said.

Details of the vulnerability - which can lead to a clean device being compromised in under a minute and can bypass the BIOS password, TPM Pin, Bitlocker and login credentials - have been outlined by researchers at F-Secure. However, most users don't set one. "That is why it's important to raise public awareness". As a result, an unauthorised person with physical access to a computer in which access to MEBx is not restricted, and in which AMT is in factory default, could potentially alter its AMT settings. This centers on either ensuring that AMT has a strong password or disabling AMT altogether. This guidance (PDF) was updated and reiterated last November. Shukla couldn't be immediately reached for comment on F-Secure's research and Intel's mitigation advice.

The issue affects most, if not all, laptops that support Intel Management Engine/Intel AMT.

For starters, AMT has been created to require a username and password before it can be accessed. In most cases, a mass reconfiguration effort of affected devices is the only way to deal with AMT issues - not fun for a large, global organization.

Although Intel recommends that suppliers require the BIOS password to provision Intel AMT and has produced a Q&A about security best practices for AMT, F-Secure said this and other Intel guides on AMT security have not had the desired effect on the real-world security of corporate laptops.

Writing a 'to do list' before bed helps ease anxiety
They were divided into two randomly selected groups and given five-minute writing assignments before going to bed. With that method, researchers monitor electrical brain activity using electrodes.

Últimas notícias