New Intel flaw leaves corporate laptops wide open
Attackers need only 30 seconds to get in.
A flaw in Intel technology allows attackers to bypass authentication mechanisms on millions of laptops, security researchers have discovered.
It’s a painful blow to a company still reeling from the massive Meltdown and Spectre flaws revealed last week.
Over the weekend, Finnish security vendor F-Secure revealed Intel’s Active Management Technology (AMT) can be used to bypass device lock-down features such as BIOS passwords and Bitlocker disk encryption credentials.
It can also be used to get around hardware security solutions such as Trusted Platform Module personal identification numbers, F-Secure said.
The vulnerability is “almost deceptively easy to exploit” and gives an attacker complete control over laptops, bypassing all corporate security measures.
“To exploit this, all an attacker needs to do is reboot or power up the target machine and press CTRL-P during bootup,” F-Secure researcher Harry Sintonen wrote.
The attacker can may log into Intel Management Engine BIOS Extension (MEBx) using the default password “admin”, as this default is most likely unchanged on most corporate laptops.
They are then able to change the default password, enable remote access, and set AMT’s user opt-in to “none”, Sintonen said.
The ease with which the vulnerability can be exploited means an attacker could backdoor a computer in less than 30 seconds and gain access to corporate network resources through the compromised machine.
Sintonen said he found the issue in July last year. Google separately discovered it in October 2017.
F-Secure recommended users and administrators either disable AMT or ensure the password for the management feature is complex and hard to guess.
It similarly suggested corporate laptops are never left our of a user’s sight, especially in public places such as airports.
Intel recommends that hardware vendors require the BIOS password to provision the AMT tool, but many do not follow this advice.