This site may earn affiliate commissions from the links on this folio. Terms of apply.

477461-intel-6th-gen-chips

Security researchers have pinpointed another major security hole in Intel processors, in improver to the security holes in the Intel Management Engine and the Meltdown flaw that hits Intel CPUs uniquely hard. This time, it'southward an upshot with Intel's Active Management Engineering (AMT), a feature typically reserved for systems that support Intel vPro or workstation platforms with certain Xeon CPUs.

The Intel AMT is designed to allow administrators to access and update PCs, even if those PCs are turned off. All they need is an internet connection and a wall socket and they tin be updated. That'due south a useful tool for large multinational firms with far-flung employees, but it's likewise a potential security risk. F-Secure has published data highlighting how hands an attacker with even brief local access tin gain total access to an entire machine. Here'due south how they describe the problem:

A BIOS countersign normally prevents an unauthorized user from making low-level changes to a device. However, the essence of this event is that even when a BIOS password has been set up, an attacker does not need information technology to configure AMT. Not only that, due to insecure defaults in the BIOS and AMT'southward BIOS extension (MEBx) configuration, an aggressor with concrete admission can effectively backdoor a auto by provisioning AMT using the default password. The attacker can and then access the device remotely, by connecting to the same wireless or wired network equally the user. In certain cases, the assailant can also program AMT to connect to their own server, which negates the necessity of being in the same network segment as the victim.

In short, setting a BIOS password won't help and once someone has access, you can't kick them out. The researchers note that no other security measures, including local firewalls, BIOS passwords, anti-malware software, or use of a VPN can preclude a compromised system from leaking data, considering it's been compromised outside of the Windows surround, in a split OS that's completely shielded from whatsoever attempt to inspect or control the data flowing out of or into it.

From here, the possibilities are countless. Even firmware-based malware can be easily uploaded to the system with no adventure of detection. And while local access might seem a tough barrier to crack, it's not as difficult as it seems. The changes tin can be made in under a minute, according to F-Secure. Information technology may not be the kind of set on that gets deployed beyond thousands of systems on a corporate local network — at least non without additional steps — but it'southward exactly the kind of targeted attack a government agency might use. And more to the point, information technology illustrates that Intel CPUs are once again vulnerable to set of management capabilities that Intel decided to sandbox entirely from the primary operating organization.

And more to the point, this is an hands resolved flaw. Even if you lot think the chance of organization penetration via inappropriate local access is minimal, the solution to this problem is to non allow access to the AMT until the proper BIOS password is entered. If a user can't unlock the BIOS, they shouldn't be allowed to enter a countersign for AMT configuration (the default password is, of class, "admin"). Well-nigh AMT-capable devices, F-Secure notes, don't employ the characteristic in the first identify. They're still at risk of local attack, considering this attack works confronting AMT-enabled devices with default passwords. And once inside AMT (reached by hit Ctrl-P during kicking), the assaulter can log in using "admin," input a new remote password, configure AMT to suppress notifications that the laptop has been connected to remotely (thereby preventing users from knowing what's happened), and also configure it to let wireless remote management in improver to wired management.

Once this is done, the attacker can connect to the system if he'due south on the same local area network or program AMT to enable Customer Initiated Remote Access (CIRA), which will connect to the attackers' servers and avoid any need for local access at all.

Not a bang-up look on a company that's already beingness hammered by other security flaws. Intel's entire rationale for keeping so much of its security infrastructure locked away looks less and less like the principled decision of a company keeping us rubber and more than like a desperate attempt to cover only how badly it treats security. Considering folks, expect, this is non a sophisticated attack. This is not some crazy idea. In fact, it's i of the first things I would expect an attacker to try, if said person had even a basic concept of what functions similar AMT and the Intel Management Engine can be configured to practice.