New Security Flaw Hits Intel, Laptops this time

13 January, 2018, 13:43 | Author: Sammy Rose
  • Light show performed by Intel drones

Insecure defaults in Intel's Active Management Technology (AMT) allow an intruder to completely bypass login credentials in most corporate laptops in 30 seconds, researchers at security firm F-Secure have warned.

The attack would bypass any other security protections in place, including a BIOS password, Trusted Platform Module PIN or Bitlocker full-disk encryption, Sintonen says.

"The issue potentially affects millions of laptops globally".

The Intel AMT is created to allow administrators to access and update PCs, even if those PCs are turned off. Weaknesses in the tech have been discovered before (examples here and here) but the latest flaw is nonetheless noteworthy because of the ease of exploitation. Since the exploit can be completed in seconds, this tactic is quite viable.

"Organizations with Microsoft environments and domain connected devices can also take advantage of the System Center Configuration Manager to provision AMT", said F-Secure.

The setup is simple: an attacker starts by rebooting the target's machine, after which they enter the boot menu. The attacker then may log into Intel Management Engine BIOS Extension (MEBx) using the default password "admin", as thi is most likely unchanged on most corporate laptops. "If the Intel MEBx default password was never changed, an unauthorized person with physical access to the system could manually provision Intel AMT via the Intel MEBx or with a USB key using the default password", Intel's AMT security document states.

"In practice, it can give an attacker complete control over an individual's work laptop, despite even the most extensive security measures", he said in the statement. "And since the computer connects to your company VPN (Virtual Private Network), the attacker can access company resources". Sintonen points out that even a minute of distracting a target from their laptop at an airport or coffee shop is enough to do the damage.

Trump calls televised immigration talks 'tremendous'
Earlier in the day, Mr Trump took aim at the country's libel laws, describing them as a "sham" and a "disgrace". Republicans who know an illegal immigrant and those who do not want to see illegal immigrants deported.


Diet Coke Launches Into 2018 With Full Brand Restage in North America
Diet Coke, known as Coca-Cola light in most global markets, is available in more than 110 countries around the world. A new Coca-Cola advert will hit screens next week, focusing on the brand's flourishing Zero Sugar variant.


Gatwick joins record-breaking year
Gatwick Airport rounded off a trio of records for London airports, announcing today it welcomed 45.6m passengers a year ago . The growth comes despite the airport's seventh biggest airline, Monarch, entering administration in October.


Sintonen and his colleagues at F-Secure have come across the issue repeatedly since early summer previous year. This is a high-level threat and you can imagine why companies would be anxious about this issue.

F-Secure said it is highlighting the issue to raise awareness so that organisations can mitigate the problem and improve security in the real world. "Despite there being information available for manufacturers on how to prevent this, manufacturers are still not following best practices, leaving vast numbers of vulnerable laptops out there". In most circumstances, this is the end of the line for an attacker because any competent IT pro would have enabled the BIOS password and the exploit could go no further. "That is why it's important to raise public awareness".

While requiring physical proximity to the target makes the attack more hard to initiate than a remote attack like a phishing email, it's not impossible that skilled attackers looking to compromise a particular target could orchestrate a scenario where they could get the brief time with the device they need. This is probably due to the level of access Intel AMT possesses. This guidance (PDF) was updated and reiterated last November.

Today, Finnish company F-Secure's researcher Harry Sintonen revealed that there is yet another vulnerability in Intel chipsets affecting a huge number of corporate PCs.

Technically, this is not a vulnerability, the researchers said, but a combination of a default password, insecure default configuration and unexpected behaviour that affects most, if not all, laptops that support Intel Management Engine or Intel AMT.

Intel recommends that vendors require the BIOS password to provision Intel AMT. However, many device manufacturers do not follow this advice.

But once they had re-configured AMT, they could effectively "backdoor" the machine and then access the device remotely, by connecting to the same wireless or wired network as the user, F-Secure said.

Recommended:

  • Carillion lines up standby administrator as crunch talks continue

    Carillion lines up standby administrator as crunch talks continue

    It said the firm remained in constructive dialogue about short term financing while "longer term discussions are continuing". It is also one of the biggest suppliers of maintenance services to Network Rail and manages schools, roads and prisons.
    Randall Beach: A timely movie about truth comes to our theaters

    Randall Beach: A timely movie about truth comes to our theaters

    Not much has changed, you think, perhaps world over, which is what makes Steven Spielberg's film inescapably timely and pertinent. At a time when "fake news" is bandied about as a way to undercut the profession, it's great to see why reporters do what they do.

    Texas Instruments Incorporated (TXN) Insider Sells $983035.60 in Stock

    Companies with higher future earnings are usually expected to issue higher dividends or have appreciating stock in the future. Fifth Third State Bank holds 0.1% of its portfolio in Texas Instruments Incorporated (NASDAQ: TXN ) for 157,861 shares.
  • Helicopter with seven onboard goes missing from Mumbai

    Helicopter with seven onboard goes missing from Mumbai

    Just 15 minutes later, it suddenly lost contact with both the Mumbai ATC and the state-run Oil and Natural Gas Corporation (ONGC). Those on board the ill-fated chopper have been identified as R Saravanan, V K Babu, Jose Anthony, Pankaj Garg, P Shrinivasan.
    Hundreds crowd Fairbanks Sam's Club as store reopens for final days

    Hundreds crowd Fairbanks Sam's Club as store reopens for final days

    Sam's Club employees and its customers were not given advance notice of the cutbacks. The store will reopen Friday before permanently closing in two weeks.

    Cisco Systems Inc (NASDAQ:CSCO) Institutional Investor Sentiment Trend

    Garmin Ltd. had 30 analyst reports since July 30, 2015 according to SRatingsIntel. (NASDAQ:CSCO) or 121,390 shares. The stock has a market cap of $202,050.00, a PE ratio of 21.18, a P/E/G ratio of 3.57 and a beta of 1.19.
  • Antonio Brown misses Friday practice with illness ahead of Jaguars-Steelers rematch

    Antonio Brown misses Friday practice with illness ahead of Jaguars-Steelers rematch

    They are coming off a ragged 10-3 win over the Buffalo Bills , a game in which quarterback Blake Bortles threw for just 87 yards. His most productive game of the season came in Week 17 against Cleveland when he racked up eight tackles and two sacks.

    Placing the Spotlight on EM Local Bond ETF Barclays Capital SPDR (EBND)

    With the stock market trading at current levels, investors may be tossing around ideas about how to trade the next few quarters. Used as a coincident indicator, the CCI reading above +100 would reflect strong price action which may signal an uptrend.

    Manufacturers Life Insurance Company Invests $24539000 in United Continental Holdings, Inc. (UAL)

    Disciplined Growth Investors Inc decreased Ethan Allen Interiors Inc Com (ETH) stake by 1.27% reported in 2017Q3 SEC filing. Ethan Allen Interiors Inc. (NASDAQ:PCYG) has risen 33.37% since January 12, 2017 and is uptrending.
  • Winter Storm Warning in WLKY viewing area

    Winter Storm Warning in WLKY viewing area

    The National Weather Service in Pittsburgh is warning people about possible flooding and severe weather in the next several days. The very cold air will stick around through Friday before temperatures jump to near freezing for Saturday .
    Xiaomi suspends Android Oreo update for Mi A1 smartphone

    Xiaomi suspends Android Oreo update for Mi A1 smartphone

    If your device meets the prerequisites, you simply need to root it and flash a custom recovery like TWRP to do the installation. As promised during the launch of the device, Xiaomi had rolled out the Android 8.0 Oreo update to Mi A1 on 31 December.
    Analysts Set The Coca-Cola Co (KO) PT at $48.44

    Analysts Set The Coca-Cola Co (KO) PT at $48.44

    First National Bank Of Mount Dora Trust Investment Services sold 7,459 shares as the company's stock rose 6.48% with the market. Almanack Investment Partners LLC. purchased a new stake in shares of The Coca-Cola in the second quarter worth about $142,000.


Popular

Nadal, Halep high Australian Open seedings
Federer went on to win Wimbledon for his 19th major and finished the year ranked No. 2 behind Nadal, who won the French and U.S. He said it got to the point where the pain on his serve was becoming unbearable, with a sustained period of rest the only cure.

Dahanu boat capsize: 32 students rescued, search ops on
As per the reports, the students of KL Ponda School in Dahanu went for the beach picnic at Parnaka beach on Saturday morning. Local BJP MLA Manisha Choudhary claimed that the boat was ferrying around 40 children.

Venezuelans die on boat journey made regardless of journey…
The incident comes amid heightened tensions after Maduro ordered a trade blockade with Curaçao, Aruba and Bonaire on Friday. He alleges food and other goods are being smuggled out of Venezuela to the islands, aggravating shortages.

Women Accuse James Franco off Sexual Misconduct
Some of the scenarios behind Franco's art films, which some of his students participated in, were described as unprofessional. Franco was also apparently found to be messaging a teenager on Instagram and pursued her even after finding out she was 17.

Francis Coquelin completes move to LaLiga side Valencia
Arsene Wenger confirmed the move following Arsenal's 0-0 draw with Chelsea in their Carabao Cup semi-final first leg. Coquelin also said he harbours no regrets over swapping the Premier League for La Liga.

Rory McIlroy tells Telegraph of heart irregularity after China virus scare
Let's just say that between now and when I signed off previous year , I feel way more optimistic, focused, motivated, purposeful. I don't feel I need to compare myself to anyone else, because I know what I can do.

Occidental Petroleum Corporation (NYSE:OXY)
The company reported the earnings of $0.18/Share in the last quarter where the estimated EPS by analysts was $0.11/share. The difference between the expected and actual EPS was $0.07/share, which represents an Earnings surprise of 63.6%.

Donald Trump's 'shithole' remark: How some USA media handled president's comment
Durbin, the only Democrat in the room when President Trump made the comments, condemned it as "hate-filled, vile and racist ". Several countries called in U.S. ambassadors for an explanation and to remonstrate with them over the President's language.

Trump's immigration remarks lambasted from left and right
White House Principal Deputy Press Secretary Raj Shah defended Trump afterward and not deny the comments were said. For the record, Barack Obama was born in Hawaii, and produced the birth certificate to go with it.

Trump's private lawyer sues BuzzFeed over Russian Federation file
Trump has slammed the dossier as "bogus" and denies his campaign colluded with Russian Federation . The material wasn't classified, and Feinstein said Wednesday that she didn't do anything illegal.