Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable

Discussion in 'Hardware Components and Aftermarket Upgrades' started by Dr. AMK, Nov 21, 2017.

  1. Dr. AMK

    Dr. AMK Notebook Evangelist

    Reputations:
    635
    Messages:
    565
    Likes Received:
    1,242
    Trophy Points:
    156
    For installing security updates, simply head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.
     
  2. Starlight5

    Starlight5 So what if I'm crazy? The best people are.

    Reputations:
    242
    Messages:
    2,270
    Likes Received:
    838
    Trophy Points:
    131
    Uninstall your antivirus, update Windows via Windows update, reinstall the antivirus.
     
  3. Dr. AMK

    Dr. AMK Notebook Evangelist

    Reputations:
    635
    Messages:
    565
    Likes Received:
    1,242
    Trophy Points:
    156
    New Intel AMT Security Issue Lets Hackers Gain Full Control of Laptops in 30 Seconds
    [​IMG]

    It's been a terrible new-year-starting for Intel.

    Researchers warn of a new attack which can be carried out in less than 30 seconds and potentially affects millions of laptops globally.

    As Intel was rushing to roll out patches for Meltdown and Spectre vulnerabilities, security researchers have discovered a new critical security flaw in Intel hardware that could allow hackers to access corporate laptops remotely.

    Finnish cyber security firm F-Secure reported unsafe and misleading default behaviour within Intel Active Management Technology (AMT) that could allow an attacker to bypass login processes and take complete control over a user's device in less than 30 seconds.

    AMT is a feature that comes with Intel-based chipsets to enhance the ability of IT administrators and managed service providers for better controlling their device fleets, allowing them to remotely manage and repair PCs, workstations, and servers in their organisation.


    The bug allows anyone with physical access to the affected laptop to bypass the need to enter login credentials—including user, BIOS and BitLocker passwords and TPM pin codes—enabling remote administration for post-exploitation.

    In general, setting a BIOS password prevents an unauthorised user from booting up the device or making changes to the boot-up process. But this is not the case here.

    The password doesn't prevent unauthorised access to the AMT BIOS extension, thus allowing attackers access to configure AMT and making remote exploitation possible.

    Although researchers have discovered some severe AMT vulnerabilities in the past, the recently discovered issue is of particular concern because it is:

    • easy to exploit without a single line of code,
    • affects most Intel corporate laptops, and
    • could enable attackers to gain remote access to the affected system for later exploitation.
    "The attack is almost deceptively simple to enact, but it has incredible destructive potential," said F-Secure senior security researcher Harry Sintonen, who discovered the issue in July last year."In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures."According to the researchers, the newly discovered bug has nothing to do with the Spectre and Meltdownvulnerabilities recently found in the microchips used in almost all PCs, laptops, smartphones and tablets today.

    Here's How to Exploit this AMT Issue


    To exploit this issue, all an attacker with physical access to a password (login and BIOS) protected machine needs to do is reboot or power-up the targeted PC and press CTRL-P during boot-up, as demonstrated by researchers at F-Secure in the above video.

    The attacker then can log into Intel Management Engine BIOS Extension (MEBx) with a default password.


    Here, the default password for MEBx is "admin," which most likely remains unchanged on most corporate laptops.

    Once logged in, the attacker can then change the default password and enable remote access, and even set AMT's user opt-in to "None."

    Now, since the attacker has backdoored the machine efficiently, he/she can access the system remotely by connecting to the same wireless or wired network as the victim.

    Although exploiting the issue requires physical access, Sintonen explained that the speed and time at which it can be carried out makes it easily exploitable, adding that even one minute of a distraction of a target from its laptop is enough to do the damage.
    "Attackers have identified and located a target they wish to exploit. They approach the target in a public place—an airport, a café or a hotel lobby—and engage in an 'evil maid' scenario," Sintonen says."Essentially, one attacker distracts the mark, while the other briefly gains access to his or her laptop. The attack doesn't require a lot of time—the whole operation can take well under a minute to complete."Along with CERT-Coordination Center in the United States, F-Secure has notified Intel and all relevant device manufacturers about the security issue and urged them to address it urgently.

    Meanwhile, users and IT administrators in an organisation are recommended to change the default AMT password of their device to a strong one or disable AMT if this option is available, and never leave their laptop or PC unattended in a public place.
     
    Last edited: Jan 12, 2018
    Vasudev likes this.
  4. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    3,854
    Messages:
    14,120
    Likes Received:
    16,831
    Trophy Points:
    931
    This has been known for years by corporations, and it is usually set just like the administrator BIOS lockout password. This isn't new.

    Most laptops aren't set up with this, it's limited to laptops destined for corporations, and they know about this - or should - if they don't it's an exceptional lapse, but then that corporation is likely missing other things too.

    It would look new to people that don't administer corporate laptops that need this remote access / control of their assets, but it has been this way for many years.

    The current security frenzy is such that things like this will make the news where normally someone would catch it and say "hey man, this isn't new" :)
     
  5. Dr. AMK

    Dr. AMK Notebook Evangelist

    Reputations:
    635
    Messages:
    565
    Likes Received:
    1,242
    Trophy Points:
    156
    I think you are right, the new thing is only that many people don't know about it, including me :).
     
    Vasudev and hmscott like this.
  6. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    3,854
    Messages:
    14,120
    Likes Received:
    16,831
    Trophy Points:
    931
    Vasudev and Dr. AMK like this.
  7. TANWare

    TANWare Just This Side of Senile, I think. Moderator

    Reputations:
    2,167
    Messages:
    8,531
    Likes Received:
    3,168
    Trophy Points:
    431
    The using of a bios to lock out authorized users is well known. This can happen with ANY system not already secured.
     
    Vasudev, hmscott and Dr. AMK like this.
  8. Phoenix

    Phoenix Colonel

    Reputations:
    9,212
    Messages:
    15,543
    Likes Received:
    20,102
    Trophy Points:
    931
  9. Papusan

    Papusan BGABOOKS = That sucks!! STAHP! Dont buy FILTH...

    Reputations:
    7,452
    Messages:
    15,918
    Likes Received:
    21,562
    Trophy Points:
    931
    Vasudev and Dr. AMK like this.
Loading...

Share This Page