New Security Flaw Hits Intel, Laptops this time

13 January, 2018, 13:43 | Author: Sammy Rose
  • This boot menu could allow an attacker to get remote access to your notebook or desktop

Insecure defaults in Intel's Active Management Technology (AMT) allow an intruder to completely bypass login credentials in most corporate laptops in 30 seconds, researchers at security firm F-Secure have warned.

The attack would bypass any other security protections in place, including a BIOS password, Trusted Platform Module PIN or Bitlocker full-disk encryption, Sintonen says.

"The issue potentially affects millions of laptops globally".

The Intel AMT is created to allow administrators to access and update PCs, even if those PCs are turned off. Weaknesses in the tech have been discovered before (examples here and here) but the latest flaw is nonetheless noteworthy because of the ease of exploitation. Since the exploit can be completed in seconds, this tactic is quite viable.

"Organizations with Microsoft environments and domain connected devices can also take advantage of the System Center Configuration Manager to provision AMT", said F-Secure.

The setup is simple: an attacker starts by rebooting the target's machine, after which they enter the boot menu. The attacker then may log into Intel Management Engine BIOS Extension (MEBx) using the default password "admin", as thi is most likely unchanged on most corporate laptops. "If the Intel MEBx default password was never changed, an unauthorized person with physical access to the system could manually provision Intel AMT via the Intel MEBx or with a USB key using the default password", Intel's AMT security document states.

"In practice, it can give an attacker complete control over an individual's work laptop, despite even the most extensive security measures", he said in the statement. "And since the computer connects to your company VPN (Virtual Private Network), the attacker can access company resources". Sintonen points out that even a minute of distracting a target from their laptop at an airport or coffee shop is enough to do the damage.

Venezuelans die on boat journey made regardless of journey…
The incident comes amid heightened tensions after Maduro ordered a trade blockade with Curaçao, Aruba and Bonaire on Friday. He alleges food and other goods are being smuggled out of Venezuela to the islands, aggravating shortages.


Randall Beach: A timely movie about truth comes to our theaters
Not much has changed, you think, perhaps world over, which is what makes Steven Spielberg's film inescapably timely and pertinent. At a time when "fake news" is bandied about as a way to undercut the profession, it's great to see why reporters do what they do.


Trump Lashes Out at Feinstein for Releasing Transcript
The confidential meeting with Glenn Simpson in August previous year was part of the official Trump-Russia inquiry. As part of that research, Fusion GPS hired Steele, who had been the head of MI6's Russian Federation desk.


Sintonen and his colleagues at F-Secure have come across the issue repeatedly since early summer previous year. This is a high-level threat and you can imagine why companies would be anxious about this issue.

F-Secure said it is highlighting the issue to raise awareness so that organisations can mitigate the problem and improve security in the real world. "Despite there being information available for manufacturers on how to prevent this, manufacturers are still not following best practices, leaving vast numbers of vulnerable laptops out there". In most circumstances, this is the end of the line for an attacker because any competent IT pro would have enabled the BIOS password and the exploit could go no further. "That is why it's important to raise public awareness".

While requiring physical proximity to the target makes the attack more hard to initiate than a remote attack like a phishing email, it's not impossible that skilled attackers looking to compromise a particular target could orchestrate a scenario where they could get the brief time with the device they need. This is probably due to the level of access Intel AMT possesses. This guidance (PDF) was updated and reiterated last November.

Today, Finnish company F-Secure's researcher Harry Sintonen revealed that there is yet another vulnerability in Intel chipsets affecting a huge number of corporate PCs.

Technically, this is not a vulnerability, the researchers said, but a combination of a default password, insecure default configuration and unexpected behaviour that affects most, if not all, laptops that support Intel Management Engine or Intel AMT.

Intel recommends that vendors require the BIOS password to provision Intel AMT. However, many device manufacturers do not follow this advice.

But once they had re-configured AMT, they could effectively "backdoor" the machine and then access the device remotely, by connecting to the same wireless or wired network as the user, F-Secure said.

Recommended:

  • Trump calls televised immigration talks 'tremendous'

    Trump calls televised immigration talks 'tremendous'

    Earlier in the day, Mr Trump took aim at the country's libel laws, describing them as a "sham" and a "disgrace". Republicans who know an illegal immigrant and those who do not want to see illegal immigrants deported.
    Women Accuse James Franco off Sexual Misconduct

    Women Accuse James Franco off Sexual Misconduct

    Some of the scenarios behind Franco's art films, which some of his students participated in, were described as unprofessional. Franco was also apparently found to be messaging a teenager on Instagram and pursued her even after finding out she was 17.
    Girl, 11, Can Use Medical Marijuana at School, Judge Says

    Girl, 11, Can Use Medical Marijuana at School, Judge Says

    The law prohibits smoking the drug in school, but allows patches or tinctures, as long as it's not disruptive to classrooms. Medical marijuana helps an 11-year-old girl deal with seizures. . "And now she can think clearer and she's more alert".
  • Facebook makes friends a priority in the News Feed

    Facebook makes friends a priority in the News Feed

    We feel a responsibility to make sure our services aren't just fun to use, but also good for people's well-being. We can feel more connected and less lonely, and that correlates with long term measures of happiness and health.
    Francis Coquelin completes move to LaLiga side Valencia

    Francis Coquelin completes move to LaLiga side Valencia

    Arsene Wenger confirmed the move following Arsenal's 0-0 draw with Chelsea in their Carabao Cup semi-final first leg. Coquelin also said he harbours no regrets over swapping the Premier League for La Liga.

    Occidental Petroleum Corporation (NYSE:OXY)

    The company reported the earnings of $0.18/Share in the last quarter where the estimated EPS by analysts was $0.11/share. The difference between the expected and actual EPS was $0.07/share, which represents an Earnings surprise of 63.6%.
  • Xiaomi suspends Android Oreo update for Mi A1 smartphone

    Xiaomi suspends Android Oreo update for Mi A1 smartphone

    If your device meets the prerequisites, you simply need to root it and flash a custom recovery like TWRP to do the installation. As promised during the launch of the device, Xiaomi had rolled out the Android 8.0 Oreo update to Mi A1 on 31 December.
    Helicopter with seven onboard goes missing from Mumbai

    Helicopter with seven onboard goes missing from Mumbai

    Just 15 minutes later, it suddenly lost contact with both the Mumbai ATC and the state-run Oil and Natural Gas Corporation (ONGC). Those on board the ill-fated chopper have been identified as R Saravanan, V K Babu, Jose Anthony, Pankaj Garg, P Shrinivasan.
    Khalil Tate: I didn't come to Arizona to run the triple option

    Khalil Tate: I didn't come to Arizona to run the triple option

    Tate was named Pac-12 Offensive Player of the Week for four consecutive weeks in 2017, which set a conference record. The dual-threat quarterback passed for 1,591 yards and 14 touchdowns and 9 interceptions in his sophomore season.
  • Winter Storm Warning in WLKY viewing area

    Winter Storm Warning in WLKY viewing area

    The National Weather Service in Pittsburgh is warning people about possible flooding and severe weather in the next several days. The very cold air will stick around through Friday before temperatures jump to near freezing for Saturday .
    Supreme Court to hear SD online tax dispute

    Supreme Court to hear SD online tax dispute

    Wayfair, Overstock and Newegg said the court should reject the appeal and leave it to Congress to set the rules for online taxes. Kristi Noem, R-South Dakota, is also a sponsor of a measure meant to clear a path for simple online taxation.

    Texas Instruments Incorporated (TXN) Insider Sells $983035.60 in Stock

    Companies with higher future earnings are usually expected to issue higher dividends or have appreciating stock in the future. Fifth Third State Bank holds 0.1% of its portfolio in Texas Instruments Incorporated (NASDAQ: TXN ) for 157,861 shares.


Popular

Nadal, Halep high Australian Open seedings
Federer went on to win Wimbledon for his 19th major and finished the year ranked No. 2 behind Nadal, who won the French and U.S. He said it got to the point where the pain on his serve was becoming unbearable, with a sustained period of rest the only cure.

Carillion lines up standby administrator as crunch talks continue
It said the firm remained in constructive dialogue about short term financing while "longer term discussions are continuing". It is also one of the biggest suppliers of maintenance services to Network Rail and manages schools, roads and prisons.

Dahanu boat capsize: 32 students rescued, search ops on
As per the reports, the students of KL Ponda School in Dahanu went for the beach picnic at Parnaka beach on Saturday morning. Local BJP MLA Manisha Choudhary claimed that the boat was ferrying around 40 children.

Antonio Brown misses Friday practice with illness ahead of Jaguars-Steelers rematch
They are coming off a ragged 10-3 win over the Buffalo Bills , a game in which quarterback Blake Bortles threw for just 87 yards. His most productive game of the season came in Week 17 against Cleveland when he racked up eight tackles and two sacks.

Death toll rises in wake of mudslides
This follows last month's wildfires in Southern California , which were intensified by the Santa Ana winds. Highway 101 were shut down and could remain closed until Monday , officials said.

NC Gerrymandered Map Ruled Unconstitutional By Panel Of Judges
This marks the first time that a federal court has overturned congressional district maps because of partisan gerrymandering. House, Republicans have dominated, winning 13 of the state's 18 seats in each of the last three elections.

Trump's immigration remarks lambasted from left and right
White House Principal Deputy Press Secretary Raj Shah defended Trump afterward and not deny the comments were said. For the record, Barack Obama was born in Hawaii, and produced the birth certificate to go with it.

Placing the Spotlight on EM Local Bond ETF Barclays Capital SPDR (EBND)
With the stock market trading at current levels, investors may be tossing around ideas about how to trade the next few quarters. Used as a coincident indicator, the CCI reading above +100 would reflect strong price action which may signal an uptrend.

Hundreds crowd Fairbanks Sam's Club as store reopens for final days
Sam's Club employees and its customers were not given advance notice of the cutbacks. The store will reopen Friday before permanently closing in two weeks.

China FX regulator weighs in on USA bond-buying story
Significant strength was also visible among energy stocks, which benefited from a continued increase by the price of crude oil. After coming under pressure early in the session, stocks regained ground over the course of the trading day on Wednesday.