While Intel has been busy rolling out to patch Meltdown and Spectre vulnerabilities, a Finnish cyber security firm, F-Secure reported unsafe and misleading behavior within Intel Active Management Technology (AMT) that could give an attacker the ability to bypass login process and take control of a user’s device in less than a minute.
The concern here is that this exploit is easy to do without using a single line of code. It affects most Intel corporate laptops and could enable attackers to gain remote access to the compromised system for later exploitation.
“The attack is almost deceptively simple to enact, but it has incredible destructive potential,” said F-Secure senior security researcher Harry Sintonen, who discovered the issue in July last year.
“In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”
The newly discovered bug has nothing to do with the Meltdown and Spectre vulnerabilities but it is usually found on corporate laptops.
To execute the exploit, the attacker needs physical access to a password (login and BIOS) protected machine and reboot or turn-on the targeted PC and press CTRL-P . This will bring him to the Intel Management Engine BIOS Extension (MEBx) with a default password, which is “admin”, and is most likely to remain unchanged on most corporate laptops.
Once logged in, the attacker an now change the default password and set up remote access, and even set theAMT’s user opt-in to “None”.
Although the exploit issue requires physical access, an attacker just need to distract a user for a minute or two to carry out the attack.
Users and IT Administrators in an organization are recommended to change the default AMT passwords of their device or disable the AMT totally, and never leave their laptops unattended in a public place.