Researchers at F-Secure have discovered a flaw in Intel Advanced Management Technology (AMT) implementation which allows attackers remote access to most of the corporate laptops
Researchers at F-Secure have discovered a flaw in Intel Advanced Management Technology (AMT) implementation which allows attackers remote access to most of the corporate laptops.The flaw can be exploited by attackers to bypass logins and place a backdoor in almost any corporate laptops in less than a minute.
Read more on: Meltdown and Spectre Flaw Affect almost Every Processor Since 1995The attacker needs physical access to the affected system to bypass login authentication which includes user, BIOS and BitLocker passwords, TPM pin code and enabling remote administration for post exploitation.It is possible to access the AMT BIOS extension even though the BIOS is protected with a password and allowing attackers to configure AMT.The working of attack is simple that the attacker needs to reboot the victim's machine and enter into the boot menu.Then the attacker needs to login into Intel’s Management Engine BIOS Extension (MEBx) using the default password ‘admin’ which will be same on most of the laptops.After logging in, the attacker needs to enable remote access and change the default password and can even set AMT’s user opt-in to “None.”That's it, you have effectively compromised the system and can connect to the system remotely as long as you are on the same network as the victim.“Although the successful exploitation of the security issue requires physical proximity, this might not be as difficult for skilled attackers to organize as you might think. Sintonen lays out one probable scenario, using techniques common to cyber criminals and red teamers alike.”“Attackers have identified and located a target they wish to exploit. They approach the target in a public place – an airport, a café or a hotel lobby – and engage in an ‘evil maid’ scenario. Essentially, one attacker distracts the mark, while the other briefly gains access to his or her laptop. The attack doesn’t require a lot of time – the whole operation can take well under a minute to complete,” said F-Secure researcher Harry Sintonen.Users and organizations are advised to change the default password and set a strong password for AMT or disable it completely if possible.For more details you can watch the demonstration video given below: [embedyt] https://www.youtube.com/watch?v=aSYlzgVacmw[/embedyt]
Read more on: Vulnerability in AMD Secure Processor Disclosed Online