The proverb, “Misfortune never comes alone” could not be better illustrates the beginning of this year for Intel.
In addition to the discovered at the beginning of the year of the vulnerabilities Meltdown and the Spectre, F-Secure, specializing in computer security, found in Intel’s serious security issue in Intel Active Management Technology (AMT). This technology is part of Intel vPro, and consequently for the corporate segment of the market, and it is intended for the remote monitoring and control of corporate PCs.
This problem affects most laptops enterprise-class, and allows the attacker who has physical access to the device, to create the backdoor in just half a minute. Moreover, even if the PC is password-protected BIOS, TPM uses a Pin, Bitlocker, and password for the account and against it is not insured.
The procedure is simple: if you start or restart the target system, then enter in the boot menu. Under normal circumstances, all will stop at this step because you will need a password to BIOS, but selecting the Intel Management Engine BIOS Extension (MEBx), he can log in using the default password “admin”, since it usually does not change. Changing the password, enabling remote access and disabling user access to the AMT, the attacker gets full unimpeded remote access to the system if it can connect to the local network (wireless access requires additional steps).
As explained by the experts, although the attack requires physical access to the computer, the speed with which it can be pretended to life and makes it readily available for exploitation by skilled cyber criminals. To fix the problem is quite simple: only need to change the default password for the AMT. Although for large companies this can be very difficult. Perhaps Intel will also release an updated firmware in which access to the settings, the AMT will be impossible to obtain without the password BIOS.