F-Secure Reveals Another Intel Security Flaw Involving AMT
Ron Perillo / 1 year ago
While Intel is feeling the brunt of criticisms for the Meltdown and Spectre security flaws revealed recently, their problems are not over yet. Security researchers from F-Secure has discovered another flaw. This time involving Intel’s Active Management Technology (AMT) allowing attackers “access to the backdoor in less than 30 seconds”. The issue even allows the attacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation.
Intel AMT Problem
Intel’s AMT is a solution for remote access monitoring and maintenance of corporate-grade personal computers. The original intention is for allowing IT departments or managers to better control their device fleets. The technology is commonly found in corporate laptops. It has even been called out for security weaknesses in the past. However, the pure simplicity of exploiting this particular issue sets it apart from previous instances. Attackers can take advantage of the exploit in mere seconds without a single line of code.
To exploit this, all an attacker needs to do is reboot the target machine and press CTRL-P during bootup. The attacker may then log into Intel Management Engine BIOS Extension (MEBx) using the default password, “admin,” as this default on most corporate laptops. After which, the attacker may change the password to their preference, enable remote access and set AMT’s user opt-in to “None.”
The attacker now gains remote access to the system from both wireless and wired networks. As long as they’re able to insert themselves onto the same network segment with the victim. F-Secure has even released a video on YouTube explaining the issue:
Intel has sent the following response via Ars Technica about the issue:
We appreciate the security research community calling attention to the fact that some system manufacturers have not configured their systems to protect Intel Management Engine BIOS Extension (MEBx). (Intel) issued guidance on best configuration practices in 2015 and updated it in November 2017. We strongly urge OEMs to configure their systems to maximize security. Intel has no higher priority than our customers’ security. And we will continue to regularly update our guidance to system manufacturers to make sure they have the best information on how to secure their data.