Finnish company finds security issue in Intel Active Management Technology (AMT)
Finnish cyber security is reporting F-secure reported that it has found a serious vulnerability that allows attackers to open a back door in less than 30 seconds.
If an attacker has physical access to Intel Active Management Technology (AMT) administration interface, they can bypass the BIOS password and login credentials. This means the malicious party can gain unrestricted access to the computer. AMT is widely used in corporate laptops.
Later attackers can access the compromised machines remotely. The vulnerability was discovered by senior consultant Harry Sintonen, who states that computers are in danger even if the machine is up to date and behind sufficient firewalls using default settings:
To exploit this, all an attacker needs to do is reboot or power up the target machine and press CTRL-P during bootup. The attacker then may log into Intel Management Engine BIOS Extension (MEBx) using the default password, “admin,” as this default is most likely unchanged on most corporate laptops.
As shown a vulnerable computer is trivial to perform, but it has a potential to cause large damage in enterprise environments where AMT is widely deployed. F-Secure recommends to keep close watch on laptops so nobody has physicall access to devices. Disabling AMT is recommended, but at minimum users should set a strong password to AMT.
Learn more details on the Press Release from F-Secure: Intel AMT security issue lets attackers bypass login credentials in corporate laptops