New Intel AMT Security Issue Lets Hackers Gain Full Control of Laptops in 30 Seconds

Capturar

by  

January 12, 2018

It’s been a terrible new-year-starting for Intel.

Researchers warn of a new attack which can be carried out in less than 30 seconds and potentially affects millions of laptops globally.

As Intel was rushing to roll out patches for Meltdown and Spectre vulnerabilities, security researchers have discovered a new critical security flaw in Intel hardware that could allow hackers to access corporate laptops remotely.

Finnish cyber security firm F-Secure reported unsafe and misleading default behaviour within Intel Active Management Technology (AMT) that could allow an attacker to bypass login processes and take complete control over a user’s device in less than 30 seconds.

AMT is a feature that comes with Intel-based chipsets to enhance the ability of IT administrators and managed service providers for better controlling their device fleets, allowing them to remotely manage and repair PCs, workstations, and servers in their organization.

The bug allows anyone with physical access to the affected laptop to bypass the need to enter login credentials—including user, BIOS and BitLocker passwords and TPM pin codes—enabling remote administration for post-exploitation.

In general, setting a BIOS password prevents an unauthorized user from booting up the device or making changes to the boot-up process. But this is not the case here.

The password doesn’t prevent unauthorized access to the AMT BIOS extension, thus allowing attackers access to configure AMT and making remote exploitation possible.

Although researchers have discovered some severe AMT vulnerabilities in the past, the recently discovered issue is of particular concern because it is:

  • easy to exploit without a single line of code,
  • affects most Intel corporate laptops, and
  • could enable attackers to gain remote access to the affected system for later exploitation.

MORE:https://thehackernews.com/2018/01/intel-amt-vulnerability.html?m=1

Mais do que uma solução tecnológica, somos uma decisão estratégica para as organizações.

Nossa missão é redefinir a relação das empresas com a cibersegurança e a experiência dos usuários no processo de autenticação e acesso a ativos tecnológicos.