Intel has not had the best press recently. After Meltdown and Spectre, F-Secure specialists discovered (already in July 2017 and now only announced) yet another security issue. It concerns the Active Management Technology (AMT) firmware, which is installed in over 100 million Intel-processor computers, primarily in corporate laptops.
How does the mechanism work?
It turns out that all that is required is physical access to a computer with AMT configuration unchanged after installation. It is then possible to set AMT in a mode enabling remote access to that computer. The reconfiguration is possible even in a few minutes, and can happen regardless of whether BIOS is password-protected or whether TPM or Bitlocker are used. All you have to do is simply press Ctrl+P on the BIOS screen when booting the computer. This way you can access the BIOS AMT extension called Management Engine BIOS Extension (MEBx). And then, via this extension, you can gain access to the AMT protected (?!) with a default ‘admin’ password.
AMT enables remote access to the drive or RAM or booting an external operating system even with a powered off computer. The potential ramifications of taking over the AMT on your computer are serious. AMT functions are described at https://www.symantec.com/connect/articles/why-must-intel-amt-be-configured-and-what-required .
The moral of this story is as always: change your default passwords and do not allow unauthorized physical access to your computer, even when it is turned off.
Source: http://securityaffairs.co/wordpress/67671/hacking/intel-active-management-technology-issue.html
—
Do you need cybersecurity solutions for your company – contact us.
