INTEL AMT LOOPHOLE ALLOWS HACKERS TO GAIN CONTROL OF SOME PCS IN UNDER A MINUTE
Researchers have found a loophole in Intel processors that allow an attacker to bypass logins and place backdoors on laptops, allowing adversaries remote access to laptops. Researchers at F-Secure, that first identified the attack strategy, say the loophole can be exploited in less than one minute.
The technique requires attackers to have physical access to computers and also assumes the target has not configured their system to protect the Intel Management Engine BIOS Extension (MEBx) account on PCs that support Intel’s Active Management Technology (AMT).
AMT is Intel’s remote maintenance feature used on Intel vPro-enabled and Xeon processors. MEBx is a BIOS extension used to manually configuring the AMT service. When configured properly, MEBx is password protected.
Researchers at F-Secure, who outlined their research in blog post Friday, said typically users don’t change the MEBx password from the default password “admin”.
“The issue allows a local intruder to backdoor almost any corporate laptop in a matter of seconds, even if the BIOS password, TPM Pin, Bitlocker and login credentials are in place,” F-Secure wrote.
The attack starts with a reboot the target’s laptop into the PC’s boot menu. Typically, an adversary would not be able to bypass a BIOS password, stopping the attack in its tracks, said researchers.
Source | threatpost