Story image

Corporate users warned Intel AMT flaw has 'destructive' potential

17 Jan 2018

Intel technology has been thrown in the spotlight again after security researchers found a potentially ‘destructive’ vulnerability in its AMT solution, commonly deployed in corporate devices.

Australian cybersecurity watchdog Stay Smart Online issued an alert yesterday that details a new flaw in Intel’s Active Management Technology, also known as AMT.

The vulnerability allows attackers who gain physical access to a device to bypass BIOS and Bitlocker passwords. The attacker could then gain remote access to the compromised machine.

AMT is software that provides IT teams maintenance and remote access monitoring in order to control device fleets.

The vulnerability was discovered by security firm F-Secure. The company says that anyone who gains physical access to a machine could create a backdoor in less than 30 seconds.

According to F-Secure security consultant Harry Sintonen, the backdoor is simple to exploit and wields destructive potential.

“In practice, it can give an attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”

F-Secure explains that an attacker just need to reboot or turn on the machine and press CTRL-P during the boot up process.

“The attacker then may log into Intel Management Engine BIOS Extension (MEBx) using the default password, “admin,” as this default is most likely unchanged on most corporate laptops.”

“The attacker then may change the default password, enable remote access and set AMT’s user opt-in to 'None.' The attacker can now gain remote access to the system from both wireless and wired networks, as long as they’re able to insert themselves onto the same network segment with the victim. Access to the device may also be possible from outside the local network via an attacker-operated CIRA server.”

Stay Smart Online says that if users do not need AMT, they should disable it in their device’s BIOS immediately.
 
“If you do need it, change the default ‘admin’ password to something that is hard to guess.”

F-Secure adds that organisations should analyse all deployed devices and configure the AMT password. If the password is unknown, the device may be compromised.

“We also recommend corporate laptops are never left out of a user's sight, especially in public places such as airports.”

Sintonen further explains how a potential attack could work:

“You leave your laptop in your hotel room while you go out for a drink. The attacker breaks into your room and configures your laptop in less than a minute, and now he or she can access your desktop when you use your laptop in the hotel WLAN. And since the computer connects to your company VPN, the attacker can access company resources.”

Earlier this month vulnerabilities dubbed ‘Meltdown’ and ‘Spectre’ put AMD, ARM and Intel processors in digital devices including computers, mobile phones, TVs, tablets and routers at risk. The vulnerabilities are not related to the AMT vulnerability.

CERT NZ warned that all devices must be updated to mitigate the vulnerabilities and protect against attacks, which could steal personal information and passwords.

At a CES keynote, Intel CEO Brian Kraznich said that the level of collaboration between industry to address the vulnerabilities has been ‘remarkable’.  

“The best thing users can do to make sure your data remains safe is to apply any updates from your operating system vendor and system manufacturer as soon as they become available,” he said.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.