A flaw in Intel AMT can leave your laptop exposed to attackers

January 12, 2018 – 8:44 PM

Following on the heels of the revelations of the Meltdown and Spectre vulnerabilities plaguing decades of Intel’s processors, a new flaw in the Active Management Technology (AMT) has left Intel in even more hot water among the cybersecurity community.

The new flaw targets laptops, especially those powered by Intel’s enterprise-focused vPro processors, and exploits the remote access monitoring and maintenance tools provided by AMT to gain total control over the machine. Relatively easy to implement, the attack is also not impeded in any way by BIOS or BitLocker passwords, TPM pins, or login credentials.

In order to carry out the attack, an individual would need physical access to the machine. The way it works is by rebooting the machine and entering the boot menu. While you would normally need the BIOS password in order to perform any hijinks at this point, using Intel’s Managment Engine BIOS Extension (MEBx) can allow an attacker to login in with a simple ‘admin’ login that is the default.

The attacker can then proceed by, “changing the default password, enabling remote access and setting AMT’s user opt-in to ‘None'” to effectively compromise the machine, according to F-Security researcher Harry Sintonen. He continues, “Now the attacker can gain access to the system remotely, as long as they’re able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps).”


You must be logged in to post a comment.