Science

Secure: Major security flaw affecting millions of corporate laptops

Secure: Major security flaw affecting millions of corporate laptops”

Details of the vulnerability - which can lead to a clean device being compromised in under a minute and can bypass the BIOS password, TPM Pin, Bitlocker and login credentials - have been outlined by researchers at F-Secure.

"The security issue is nearly deceptively simple to exploit, but it has incredible destructive potential", said Harry Sintonen, senior security consultant at F-Secure, who investigated the issue after discovering it in mid-2017. But the amount of time required to execute the attack is so short that even a notebook or desktop computer left unattended for a few minutes could be compromised in what is referred to by security researchers as an "evil maid" attack-or in this case, an evil barista, co-worker, fellow airline or train passenger, or anyone else with a few minutes of unhindered access to the computer.

Meltdown and Spectre are not the only security problems Intel is facing these days.

Intel AMT is a solution for remote access monitoring and maintenance of corporate-grade personal computers, created to allow IT departments or managed service providers to better control their device fleets. The issue highlighted by F-Secure is distinct from that and other recent problems, the company confirmed, and relates to the insecure configuration and deployment of Intel AMT.

A large part of the problem is that enterprises are not following Intel's guidance in practice, said F-Secure, adding that it was going public in order to draw attention to the issue. If there's an option to disable AMT, use it.

Sintonen says that computers on which AMT has been configured without an AMT password are vulnerable.

How does the attack work? An attacker could then alter this password, giving them ongoing access to the system via AMT.

The attacker could now gain remote access to the system from both wireless and wired networks, as long as they are able to insert themselves onto the same network segment with the victim. Alternately, disable AMT on the device. IT should also go through all now deployed machines, and organize the same procedure for them.

Consider as suspect any computer that has an AMT password already set to an unknown value and initiate appropriate incident response procedures. Optionally, unlike the Intel Management Engine (ME), AMT can be disabled, an option that Sintonen also recommends in situations where AMT use is not a corporate policy.

Sintonen says he discovered the flaw in July 2017.

"We discovered the issue this summer, and since discovering it, we have found it in thousands of laptops", F-Secure told El Reg. "We agreed with Intel that we would come out with the issue in January". This guidance (PDF) was updated and reiterated last November. The technology, which is commonly found in corporate laptops, has been called out for security weaknesses in the past, but the pure simplicity of exploiting this particular issue sets it apart from previous instances. The attacker then may change the default password, enable remote access and set AMT's user opt-in to "none". However, many device manufacturers do not follow this advice.

"No other security measures like full-disk encryption, local firewall, anti-malware software or VPN technology are able to prevent exploitation of this issue", Sintonen warned.

F-Secure's video discussing the Intel AMT exploit.

Parth Shukla, a security engineer and member of Google's infrastructure protection team, delivers a presentation to the Hack.lu in Luxembourg in October 2017, about how Intel AMT can be used and abused. A similar vulnerability has also been previously pointed out by CERT-Bund but with regards to USB provisioning, Sintonen said.

"Intel has provided recommendations to system manufacturers in September 2015 to protect the Intel MEBx with the system BIOS password", it says. First rule of cyber security?

A NEW SECURITY FLAW in Intel's Active Management Technology (AMT) can be used by attackers with physical access to get around authentication processes in just 30 seconds.

Although AMT vulnerabilities are not new, the researchers say this issue is particularly severe because it affects most Intel laptops, could enable an attacker to gain remote access for later exploitation, and is particularly easy to exploit.

Intel pushed a firmware fix to OEMs, which have been releasing updated firmware to users.



Like this

Latest


12 January 2018
Tech's Edmunds brothers declare for NFL Draft
The trio played together in college one year in 2015, often lining up next to one another on the Hokies' kickoff coverage team. He is ranked as the No. 64 overall prospect in the draft by NFLDraftScout.com , and is ranked No. 4 among outside linebackers.

12 January 2018
Active Stocks in Review: Wingstop Inc. (WING), Hornbeck Offshore Services, Inc. (HOS)
Shares of Hornbeck Offshore Services (NYSE: HOS ) traded up 3.59% during mid-day trading on Tuesday, hitting $7.51. (NASDAQ:III). The Price Range of Hornbeck Offshore Services, Inc . (NASDAQ:SIGM) has "Buy" rating given on Monday, November 2 by Lake Street.

12 January 2018
Insider Activity of Knight Transportation Inc. (KNX)
In other news, Director Michael Garnreiter sold 2,500 shares of the business's stock in a transaction on Wednesday, November 15th. They just need to take the company's market capitalization and divide it by the company's total sales over the past 12 months.

12 January 2018
Pioneer Natural Resources (PXD) Shares Bought by Trust Co
Motco invested in 15 shares. (NYSE:QUAD) by 26,897 shares to 107,696 shares, valued at $2.44M in 2017Q3, according to the filing. The stock of Pioneer Natural Resources Company (NYSE: PXD ) earned "Strong Buy" rating by Raymond James on Tuesday, December 1.

12 January 2018
LSU running back Derrius Guice declares for 2018 NFL Draft
He missed one game and parts of others but had a breakout showing against Ole Miss with 22 carries for 276 yards and a touchdown. He immediately profiles as high as the second-highest graded runner in the draft behind Penn State's Saquon Barkley.

12 January 2018
Supreme Court To Review Sexual Harassment Protections For Court Employees
Chief Justice Roberts said he had assembled a task force to examine whether the court system's procedures for addressing inappropriate conduct were adequate.

12 January 2018
Chinese Police Dynamite Christian Megachurch
The 50,000 strong church was originally built with 17 million Yuan (around $2.5 million) of congregation contributions. Photo The authorities used dynamite and heavy machinery to raze the Protestant megachurch.

12 January 2018
FY2017 EPS Estimates for Watsco Inc Boosted by Analyst (WSO)
Its up 0.08, from 0.44 in 2017Q2. 8 funds opened positions while 6 raised stakes. 19,248 were accumulated by Prudential Financial. The Jones Collombin Investment Counsel Inc holds 110,180 shares with $7.09M value, up from 18,310 last quarter. (NYSE:WSO).

12 January 2018
CI Investments Inc. Has $48.06 Million Position in QUALCOMM, Inc. (QCOM)
The stock of QUALCOMM Incorporated (NASDAQ: QCOM ) has "Buy" rating given on Thursday, November 2 by Northland Capital. The wireless technology company reported $0.92 EPS for the quarter, beating the consensus estimate of $0.70 by $0.22.

12 January 2018
Q3 Sentiment Bank Of America Corp (NYSE:BAC)
New Jersey-based Systematic Financial Management Limited Partnership has invested 0.26% in Bank of America Corporation (NYSE:BAC). BidaskClub raised Bank of America from a "buy" rating to a "strong-buy" rating in a research report on Monday, October 23rd.



Recommended