Intel just can’t catch a break this year. As if Meltdown and Spectre weren’t bad enough, the company is facing yet another troubling vulnerability that puts millions of business users at risk.
In a recent press release, Finnish cyber security firm F-Secure has detailed a new security issue which is affecting a majority of Intel based corporate laptops. The company claims that ‘insecure defaults’ in Intel’s Active Management Technology (AMT) allow attackers to bypass user and BIOS passwords, along with TPM and Bitlocker PINs to gain backdoor access within seconds. The firm also clarifies that the new issue has no correlation with the Spectre and Meltdown vulnerabilities which were discovered earlier this month.
The vulnerability exists within the Active Management Technology and has the potential to affect millions of laptops around the world. In order to exploit the vulnerability, attackers need to have physical access of a machine, after which they can gain remote access of the machine. Senior Security Consultant at F-Secure, Harry Sintonen, who investigated the issue said:
“(It) is deceptively simple to exploit, but it has incredible destructive potential…In practice, it can give an attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”
While Intel’s AMT, which is a solution for remote access monitoring and maintenance of corporate computers, has previously been in the limelight for its security-based shortcomings, the sheer simplicity of this new exploit is quite different from previous instances. F-Secure claims that the vulnerability “can be exploited in mere seconds without a single line of code.“
Attackers can exploit the fact that setting a BIOS password, which is intended to prevent unauthorized access, does not, in practice, prevent unauthorized access to the AMT BIOS extension. Due to this, attackers with access to a corporate system can configure AMT to make remote exploitation possible.
The issue can be found in most laptops that support the Intel Management Engine or Intel AMT. Even though Intel explicitly recommends that “vendors require the BIOS password to provision Intel AMT”, several device manufacturers do not follow this norm, leaving the devices open to exploitation. In order to prevent the misuse of the AMT vulnerability, F-Secure says users should not to leave their corporate laptops unattended and set a strong AMT password, if they know how to access it, or disable the service if it’s not in use.