Finnish cyber security company F-Secure on Monday has claimed it has found a security flaw in Intel's Active Management Technology (AMT) which can allow a hacker to compromise a work laptop within seconds.
AMT is Intel's proprietary solution which allows IT administrators in an organisation to manage, control and monitor company-issued laptops that are authorised to the employees.
Also Read: Flaw In Intel Chip Might Threaten Your Computer’s Security
The company said that in July 2017 Harry Sintonen, one of F-Secure's Senior Security Consultants, discovered unsafe and misleading default behaviour within Intel's AMT.
AMT is no stranger to security weaknesses, with many other researchers finding multiple flaws within the system, but Sintonen’s discovery even surprised himF-Secure blog post
The attack is deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual’s work laptop, despite the most extensive security measuresHarry Sintonen, Senior Security Consultant, F-Secure
The issue allows a local intruder to backdoor almost any corporate laptop in a matter of seconds, even if the BIOS password, TPM Pin, Bitlocker and login credentials are in place.
Also Read: FAQ: What Are Meltdown and Spectre Bugs and How Do They Affect PCs
An attacker can reboot the target's machine and enter the boot menu. In a normal situation, an intruder would be stopped here, as they won't know the BIOS password, and they can't really do anything harmful to the computer.
In this case, however, the attacker has a workaround: AMT. By selecting Intel’s Management Engine BIOS Extension (MEBx), they can log in using the default password ‘admin’, as it is quite likely that it hasn’t been changed by the user.F-Secure blog post
By changing the default password, enabling remote access and setting AMT's user opt-in to "None", a quick-fingered cyber criminal has effectively compromised the machine.
Now the attacker can gain access to the system remotely, as long as they are able to work in the same network segment with the victim. Having said that, to successfully exploit the security issue, the hacker needs to be in physical proximity to the system.
The security firm has listed out a few to-do’s for users to make sure they don’t fall prey to this flaw.
How to Prevent Attack
- Never leave the laptop unattended in a public place
- Contact your deputed IT administrator to manage the device
- Either turn off AMT settings on the laptop or set a strong password to prevent intrusion.
(We Indians have much to talk about these days. But what would you tell India if you had the chance? Pick up the phone and write or record your Letter To India. Don’t be silent, tell her how you feel. Mail us your letter at lettertoindia@thequint.com. We’ll make sure India gets your message)
(With inputs from IANS)
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)