New Security Flaw Hits Intel, Laptops this time

13 January, 2018, 13:43 | Author: Sammy Rose
  • Intel AMT flaw lets attackers take control of laptops in 30 seconds

Insecure defaults in Intel's Active Management Technology (AMT) allow an intruder to completely bypass login credentials in most corporate laptops in 30 seconds, researchers at security firm F-Secure have warned.

The attack would bypass any other security protections in place, including a BIOS password, Trusted Platform Module PIN or Bitlocker full-disk encryption, Sintonen says.

"The issue potentially affects millions of laptops globally".

The Intel AMT is created to allow administrators to access and update PCs, even if those PCs are turned off. Weaknesses in the tech have been discovered before (examples here and here) but the latest flaw is nonetheless noteworthy because of the ease of exploitation. Since the exploit can be completed in seconds, this tactic is quite viable.

"Organizations with Microsoft environments and domain connected devices can also take advantage of the System Center Configuration Manager to provision AMT", said F-Secure.

The setup is simple: an attacker starts by rebooting the target's machine, after which they enter the boot menu. The attacker then may log into Intel Management Engine BIOS Extension (MEBx) using the default password "admin", as thi is most likely unchanged on most corporate laptops. "If the Intel MEBx default password was never changed, an unauthorized person with physical access to the system could manually provision Intel AMT via the Intel MEBx or with a USB key using the default password", Intel's AMT security document states.

"In practice, it can give an attacker complete control over an individual's work laptop, despite even the most extensive security measures", he said in the statement. "And since the computer connects to your company VPN (Virtual Private Network), the attacker can access company resources". Sintonen points out that even a minute of distracting a target from their laptop at an airport or coffee shop is enough to do the damage.

Carillion lines up standby administrator as crunch talks continue
It said the firm remained in constructive dialogue about short term financing while "longer term discussions are continuing". It is also one of the biggest suppliers of maintenance services to Network Rail and manages schools, roads and prisons.


Donald Trump's 'shithole' remark: How some USA media handled president's comment
Durbin, the only Democrat in the room when President Trump made the comments, condemned it as "hate-filled, vile and racist ". Several countries called in U.S. ambassadors for an explanation and to remonstrate with them over the President's language.


Manufacturers Life Insurance Company Invests $24539000 in United Continental Holdings, Inc. (UAL)
Disciplined Growth Investors Inc decreased Ethan Allen Interiors Inc Com (ETH) stake by 1.27% reported in 2017Q3 SEC filing. Ethan Allen Interiors Inc. (NASDAQ:PCYG) has risen 33.37% since January 12, 2017 and is uptrending.


Sintonen and his colleagues at F-Secure have come across the issue repeatedly since early summer previous year. This is a high-level threat and you can imagine why companies would be anxious about this issue.

F-Secure said it is highlighting the issue to raise awareness so that organisations can mitigate the problem and improve security in the real world. "Despite there being information available for manufacturers on how to prevent this, manufacturers are still not following best practices, leaving vast numbers of vulnerable laptops out there". In most circumstances, this is the end of the line for an attacker because any competent IT pro would have enabled the BIOS password and the exploit could go no further. "That is why it's important to raise public awareness".

While requiring physical proximity to the target makes the attack more hard to initiate than a remote attack like a phishing email, it's not impossible that skilled attackers looking to compromise a particular target could orchestrate a scenario where they could get the brief time with the device they need. This is probably due to the level of access Intel AMT possesses. This guidance (PDF) was updated and reiterated last November.

Today, Finnish company F-Secure's researcher Harry Sintonen revealed that there is yet another vulnerability in Intel chipsets affecting a huge number of corporate PCs.

Technically, this is not a vulnerability, the researchers said, but a combination of a default password, insecure default configuration and unexpected behaviour that affects most, if not all, laptops that support Intel Management Engine or Intel AMT.

Intel recommends that vendors require the BIOS password to provision Intel AMT. However, many device manufacturers do not follow this advice.

But once they had re-configured AMT, they could effectively "backdoor" the machine and then access the device remotely, by connecting to the same wireless or wired network as the user, F-Secure said.

Recommended:

  • Trump calls televised immigration talks 'tremendous'

    Trump calls televised immigration talks 'tremendous'

    Earlier in the day, Mr Trump took aim at the country's libel laws, describing them as a "sham" and a "disgrace". Republicans who know an illegal immigrant and those who do not want to see illegal immigrants deported.
    Girl, 11, Can Use Medical Marijuana at School, Judge Says

    Girl, 11, Can Use Medical Marijuana at School, Judge Says

    The law prohibits smoking the drug in school, but allows patches or tinctures, as long as it's not disruptive to classrooms. Medical marijuana helps an 11-year-old girl deal with seizures. . "And now she can think clearer and she's more alert".
    Gatwick joins record-breaking year

    Gatwick joins record-breaking year

    Gatwick Airport rounded off a trio of records for London airports, announcing today it welcomed 45.6m passengers a year ago . The growth comes despite the airport's seventh biggest airline, Monarch, entering administration in October.
  • Occidental Petroleum Corporation (NYSE:OXY)

    The company reported the earnings of $0.18/Share in the last quarter where the estimated EPS by analysts was $0.11/share. The difference between the expected and actual EPS was $0.07/share, which represents an Earnings surprise of 63.6%.

    Trump's immigration remarks lambasted from left and right

    White House Principal Deputy Press Secretary Raj Shah defended Trump afterward and not deny the comments were said. For the record, Barack Obama was born in Hawaii, and produced the birth certificate to go with it.
    Trump's private lawyer sues BuzzFeed over Russian Federation  file

    Trump's private lawyer sues BuzzFeed over Russian Federation file

    Trump has slammed the dossier as "bogus" and denies his campaign colluded with Russian Federation . The material wasn't classified, and Feinstein said Wednesday that she didn't do anything illegal.
  • Antonio Brown misses Friday practice with illness ahead of Jaguars-Steelers rematch

    Antonio Brown misses Friday practice with illness ahead of Jaguars-Steelers rematch

    They are coming off a ragged 10-3 win over the Buffalo Bills , a game in which quarterback Blake Bortles threw for just 87 yards. His most productive game of the season came in Week 17 against Cleveland when he racked up eight tackles and two sacks.

    Placing the Spotlight on EM Local Bond ETF Barclays Capital SPDR (EBND)

    With the stock market trading at current levels, investors may be tossing around ideas about how to trade the next few quarters. Used as a coincident indicator, the CCI reading above +100 would reflect strong price action which may signal an uptrend.
    Khalil Tate: I didn't come to Arizona to run the triple option

    Khalil Tate: I didn't come to Arizona to run the triple option

    Tate was named Pac-12 Offensive Player of the Week for four consecutive weeks in 2017, which set a conference record. The dual-threat quarterback passed for 1,591 yards and 14 touchdowns and 9 interceptions in his sophomore season.
  • Facebook makes friends a priority in the News Feed

    Facebook makes friends a priority in the News Feed

    We feel a responsibility to make sure our services aren't just fun to use, but also good for people's well-being. We can feel more connected and less lonely, and that correlates with long term measures of happiness and health.
    Analysts Set The Coca-Cola Co (KO) PT at $48.44

    Analysts Set The Coca-Cola Co (KO) PT at $48.44

    First National Bank Of Mount Dora Trust Investment Services sold 7,459 shares as the company's stock rose 6.48% with the market. Almanack Investment Partners LLC. purchased a new stake in shares of The Coca-Cola in the second quarter worth about $142,000.

    Cisco Systems Inc (NASDAQ:CSCO) Institutional Investor Sentiment Trend

    Garmin Ltd. had 30 analyst reports since July 30, 2015 according to SRatingsIntel. (NASDAQ:CSCO) or 121,390 shares. The stock has a market cap of $202,050.00, a PE ratio of 21.18, a P/E/G ratio of 3.57 and a beta of 1.19.


Popular

Dahanu boat capsize: 32 students rescued, search ops on
As per the reports, the students of KL Ponda School in Dahanu went for the beach picnic at Parnaka beach on Saturday morning. Local BJP MLA Manisha Choudhary claimed that the boat was ferrying around 40 children.

Xiaomi suspends Android Oreo update for Mi A1 smartphone
If your device meets the prerequisites, you simply need to root it and flash a custom recovery like TWRP to do the installation. As promised during the launch of the device, Xiaomi had rolled out the Android 8.0 Oreo update to Mi A1 on 31 December.

Francis Coquelin completes move to LaLiga side Valencia
Arsene Wenger confirmed the move following Arsenal's 0-0 draw with Chelsea in their Carabao Cup semi-final first leg. Coquelin also said he harbours no regrets over swapping the Premier League for La Liga.

Supreme Court to hear SD online tax dispute
Wayfair, Overstock and Newegg said the court should reject the appeal and leave it to Congress to set the rules for online taxes. Kristi Noem, R-South Dakota, is also a sponsor of a measure meant to clear a path for simple online taxation.

Martin Luther King Jr
The event will feature works from local school students and their interpretation of this year's theme. Abigayle Lawson, victor of the 2018 MLK Oratorical Contest, will recite the "I Have a Dream" speech.

Diet Coke Launches Into 2018 With Full Brand Restage in North America
Diet Coke, known as Coca-Cola light in most global markets, is available in more than 110 countries around the world. A new Coca-Cola advert will hit screens next week, focusing on the brand's flourishing Zero Sugar variant.

NC Gerrymandered Map Ruled Unconstitutional By Panel Of Judges
This marks the first time that a federal court has overturned congressional district maps because of partisan gerrymandering. House, Republicans have dominated, winning 13 of the state's 18 seats in each of the last three elections.

Hundreds crowd Fairbanks Sam's Club as store reopens for final days
Sam's Club employees and its customers were not given advance notice of the cutbacks. The store will reopen Friday before permanently closing in two weeks.

Trump Lashes Out at Feinstein for Releasing Transcript
The confidential meeting with Glenn Simpson in August previous year was part of the official Trump-Russia inquiry. As part of that research, Fusion GPS hired Steele, who had been the head of MI6's Russian Federation desk.

Texas Instruments Incorporated (TXN) Insider Sells $983035.60 in Stock
Companies with higher future earnings are usually expected to issue higher dividends or have appreciating stock in the future. Fifth Third State Bank holds 0.1% of its portfolio in Texas Instruments Incorporated (NASDAQ: TXN ) for 157,861 shares.