It’s been a terrible new-year-starting for Intel.
As Intel was rushing to roll out patches for Meltdown and Spectre vulnerabilities, security researchers have discovered a new critical security flaw in Intel hardware that could allow hackers to access corporate laptops remotely.
Finnish cyber security firm F-Secure reported unsafe and misleading default behaviour within Intel Active Management Technology (AMT) that could allow an attacker to bypass login processes and take complete control over a user’s device in less than 30 seconds.
AMT is a feature that comes with Intel-based chipsets to enhance the ability of IT administrators and managed service providers for better controlling their device fleets, allowing them to remotely manage and repair PCs, workstations, and servers in their organization.
In general, setting a BIOS password prevents an unauthorized user from booting up the device or making changes to the boot-up process. But this is not the case here.
The password doesn’t prevent unauthorized access to the AMT BIOS extension, thus allowing attackers access to configure AMT and making remote exploitation possible.
Although researchers have discovered some severe AMT vulnerabilities in the past, the recently discovered issue is of particular concern because it is:
- easy to exploit without a single line of code,
- affects most Intel corporate laptops, and
- could enable attackers to gain remote access to the affected system for later exploitation.