A NEW SECURITY FLAW in Intel's Active Management Technology (AMT) can be used by attackers with physical access to get around authentication processes in just 30 seconds.
F-Secure, the security software and services company that claims to have uncovered the flaws, attribute it to a string of insecure default settings found in Intel AMT. These enable attackers to bypass both user and BIOS passwords.
It is also possible to get around the Trusted Platform Module (TPM) and Bitlocker PINs to get backdoor access to corporate laptops in under a minute.
According to F-Secure, this issue affects most corporate laptops and PCs running Intel AMT.
Attackers don't need access to credentials to do this and, because the flaw is in AMT, millions of laptop users could be at risk around the world.
Harry Sintonen, a senior security consultant at F-Secure, led the research. He described the flaw as "almost deceptively simple to exploit, but it has incredible destructive potential".
"In practice, it can give an attacker complete control over an individual's work laptop, despite even the most extensive security measures."
Intel AMT is software designed to provide maintenance and remote access monitoring services for corporate laptop users.
It's aimed, especially, at IT departments and managed service providers to offer full control of their device fleets. However, security experts have slammed the software in the past, pointing out security weaknesses.
However, F-Secure believes that the "pure simplicity of exploiting this particular issue sets it apart from previous instances", warning: "The weakness can be exploited in mere seconds without a single line of code".
Normally, laptop users set-up BIOS passwords to prevent unauthorised users from booting up devices or making changes to the boot-up process.
To exploit the flaws highlighted by F-Secure, attackers only need to reboot or power-up the target machine and press CTRL-P during boot-up, claimed F-Secure. After that, they can log-in to Intel Management Engine BIOS Extension (MEBx) with a default password.
From there, the attacker can edit the default password and enable remote access for themselves.
"The attacker can now gain remote access to the system from both wireless and wired networks, as long as they're able to insert themselves onto the same network segment with the victim," warned F-Secure.
Sintonen added that this can be done relatively quickly - hence, exposing corporate laptops, for example, to a so-called 'evil maid' in hotels, coffee shops and other public and semi-public places.
"The attacker can break into your room and configure your laptop in less than a minute, and now he or she can access your desktop when you use your laptop in the hotel WLAN.
"And since the computer connects to your company VPN, the attacker can access company resources."
In a statement given to INQ, an Intel spokesperson said: "We appreciate the security research community calling attention to the fact that some system manufacturers have not configured their systems to protect Intel Management Engine BIOS Extension (MEBx).
"We issued guidance on best configuration practices in 2015 and updated it in November 2017, and we strongly urge OEMs to configure their systems to maximize security. Intel has no higher priority than our customers' security, and we will continue to regularly update our guidance to system manufacturers to make sure they have the best information on how to secure their data." µ
Where is your Octocat now?
After the horse has not only bolted, but sired several foals
Image suggests flagship give the Pixel 3 XL a run for its money