Following on the heels of the revelations of the Meltdown and Spectre vulnerabilities plaguing decades of Intel's processors, a new flaw in the Active Management Technology (AMT) has left Intel in even more hot water among the cybersecurity community.
The new flaw targets laptops, especially those powered by Intel's enterprise-focused vPro processors, and exploits the remote access monitoring and maintenance tools provided by AMT to gain total control over the machine. Relatively easy to implement, the attack is also not impeded in any way by BIOS or BitLocker passwords, TPM pins, or login credentials.
In order to carry out the attack, an individual would need physical access to the machine. The way it works is by rebooting the machine and entering the boot menu. While you would normally need the BIOS password in order to perform any hijinks at this point, using Intel's Managment Engine BIOS Extension (MEBx) can allow an attacker to login in with a simple 'admin' login that is the default.
The attacker can then proceed by, "changing the default password, enabling remote access and setting AMT’s user opt-in to 'None'" to effectively compromise the machine, according to F-Security researcher Harry Sintonen. He continues, "Now the attacker can gain access to the system remotely, as long as they’re able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)."
The ease with which the attack can be carried out is of particular concern, with Sintonen warning users,
"The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures."
That physical access to the system is required is also not a large hindrance since the target of the attack are laptops, which are mobile by their nature and therefore easily accessible outside of secure environments. The process also takes under a minute, meaning the shortest of distractions could be enough for someone to tamper with your laptop.
As of now, the only ways of mitigating the danger is to change the AMT password from its default 'admin' setting to something harder to guess - or to just disable the feature entirely.
30 Comments - Add comment