New Security Flaw Hits Intel, Laptops this time
F-Secure has reported another serious flaw in Intel hardware, which could enable hackers to access corporate laptops. Standard password of Intels Management Engine BIOS Extension are rarely changed and can invoke business laptops vulnerable to unauthorized remote access, claims F-Secure.
Intels Management Engine BIOS Extension, or MEBx, contains the standard log-in combination 'admin', 'admin' and because many users simply do not change it, according to F-Secure this opens the door to an easy to set-up attack. Attackers can open the BIOS Extension during startup with Ctrl + P, even if the user has set a bios password. Then they can manage settings of the Management Engine, reports dw.com.
"The issue potentially affects millions of laptops globally," said F-Secure consultant Harry Sintonen, who discovered the flaw. "It's of an almost shocking simplicity, but its destructive potential is unbelievable."
F-Secure said once an attacker had the chance to reconfigure AMT (for which he would initially need physical access to the device in question), the device could be fully controlled remotely by connecting to the same wireless or wired network as the user.
"No other security measures like full-disk encryption, local firewall, anti-malware software or VPN technology are able to prevent exploitation of this issue," Sintonen warned.
A successful attack would lead to complete loss of confidentiality, integrity and availability, with the attacker able to read and modify all of the data and applications users have access to on their computers, even at the firmware level.
Senior Member
Posts: 260
Joined: 2017-09-25
Cr*p, did they even patched last hole in AMT
Senior Member
Posts: 260
Joined: 2017-09-25
Hardly,lawsuits in USA has already begun, in any way this "blunders" is going to cost them dearly
Senior Member
Posts: 3987
Joined: 2003-11-15
This isn't a ploy
Ploys usually don't involve ruining your reputation for years to come.
Senior Member
Posts: 14010
Joined: 2004-05-16
This isn't a flaw in Intel hardware also I'm not sure why you posted this article and not the original F-Secure press release. This article states that it requires physical access, which is true - but it also requires the company to not disable AMT and/or change the default username/password for AMT - which is a configuration problem, not a hardware flaw.
The F-Secure article specifically states this:
Technically this is not a vulnerability, but a combination of a default password, insecure default configuration, and unexpected behaviour.
This issue has no CVE number, security update or new version available, yet it affects major vendors and large numbers of laptops. AMT has gained popularity over the past few years, and only the latest security guides from Intel highlight the importance of requiring a BIOS password for local provisioning. We have encountered this issue time and time again, and it is locally exploitable in practical situations even when laptops have otherwise been completely hardened. In other words, while Intel has written extensive guides on AMT, they have not had the desired impact on the real world security of corporate laptops. With this announcement our goal is to raise awareness so organizations can have the opportunity to mitigate the issue and improve security in the real world.
Intel can fix this by simply updating the default configuration - but companies could also be avoiding this by following best practices for AMT provisioning.
Why can't they just have been discovered just now? Problems with speculative execution have been known for a while:
https://hackaday.com/2018/01/08/speculative-execution-was-a-troublemaker-for-xbox-360/
But the security aspects of those flaws haven't. Like I keep reading people saying "Intel knew about the backdoor but wanted the performance" or whatever - but what about ARM/Apple/IBM/Microsoft/Linux Kernel devs that are also shipping meltdown affected parts and/or knew about speculative execution issues? Or the various security companies that audit this hardware rather frequently?
It was clearly overlooked.
Senior Member
Posts: 1338
Joined: 2009-08-19
So these recent vulnerabilities have been around for the past 10 years. Surely they can't have just been discovered only now. Which begs the question - is this all just a ploy to get people to upgrade to Intel 9th gen processors later this year? Processors which will no doubt be assured by Intel to be much safer and immune to these vulnerabilities? Just think - all those old pentiums and celerons that have been inside business computers (still working just fine) yet now needing to be swapped out and upgraded to ensure full safety on a hardware level. Such a plan could backfire and switch people over to AMD. But then AMD isn't without its vulnerabilities now either... is it? Seems a very convenient way to get people to upgrade if you think about it. And over the last 10 years, how many times has your PC been hacked at hardware level?