Tuesday, 19 March 2019
Latest news
Main » Researcher finds another security flaw in Intel management firmware

Researcher finds another security flaw in Intel management firmware

13 January 2018

Intel recommends that vendors require the BIOS password to provision Intel AMT.

Harry Sintonen, the F-Secure security consultant who investigated the issue, said that the security gap was "almost deceptively simple to exploit" and noted that it could have "incredible destructive potential".

"In practice, it can give an attacker complete control over an individual's work laptop, despite even the most extensive security measures", he said in the statement.

The problem was discovered in the Active Management Technology, which provides remote access to management of settings and security of the computer.

Setting a BIOS password, which normally prevents an unauthorised user from booting up the device or making low-level changes to it, does not prevent access to the AMT BIOS extension. This allows an attacker access to configure AMT and make remote exploitation possible.

However, on AMT machines, the attacker can select Intel's Management Engine BIOS Extension (MEBx) and log in using the default password "admin".

F-Secure said once an attacker had the chance to reconfigure AMT (for which he would initially need physical access to the device in question), the device could be fully controlled remotely by connecting to the same wireless or wired network as the user.

It isn't the first time this sort vulnerability has come to light - another researcher has previously disclosed a similar attack, while CERT-BUND have previously alerted attacks which work much the same way but require USB access to the target device.

Sintonen claimed in the release that the speed in which the attack can be carried out makes it easily exploitable in a so-called "evil maid" scenario, adding that even a minute of distracting a target from their laptop - at an airport or coffee shop for example - is enough to do the damage.

Saudi women attend sports event for first time
The rest of the country's football grounds will be ready for female fans by the beginning of the next sporting season. According to the Saudi Gazette, Al-Ahli trounced Al-Batin 5-0 in the Premier League match.

"If you leave your laptop in your hotel room while you go out for a drink, an attacker can break into your room and configure your laptop in less than a minute, and now he or she can access your desktop when you use your laptop in the hotel", he said. The remote access is limited to whatever network the targeted computer connects to, but that can include wireless networks.

F-Secure's Sintonen, however, wasn't the only security researcher to unearth the problem.

The Finnish data security firm F-Secure reported on Friday about a new security issue which could affect millions of laptops used in the corporate world.

However, F-Secure believes that the "pure simplicity of exploiting this particular issue sets it apart from previous instances". The vulnerability affected devices back to the first generation of Intel Core, so not all of them were patched.

The issue allows a local intruder to backdoor nearly any corporate laptop in a matter of seconds, even if the BIOS password, TPM Pin, Bitlocker and login credentials are in place.

Sintonen recommends that companies configure an AMT password so attackers wouldn't be able to boot via MEBx and compromise the system.

When ordering new devices, consider whether to order them without AMT, AMT disabled by default, or to provision AMT before enrolment. However, many device manufacturers do not follow this advice.

If in the process of reconfiguration, a device is found with the AMT password set to an unknown value, assume the worst and initiate an incident response.

Researcher finds another security flaw in Intel management firmware