Science

Secure: Major security flaw affecting millions of corporate laptops

Secure: Major security flaw affecting millions of corporate laptops”

Details of the vulnerability - which can lead to a clean device being compromised in under a minute and can bypass the BIOS password, TPM Pin, Bitlocker and login credentials - have been outlined by researchers at F-Secure.

"The security issue is nearly deceptively simple to exploit, but it has incredible destructive potential", said Harry Sintonen, senior security consultant at F-Secure, who investigated the issue after discovering it in mid-2017. But the amount of time required to execute the attack is so short that even a notebook or desktop computer left unattended for a few minutes could be compromised in what is referred to by security researchers as an "evil maid" attack-or in this case, an evil barista, co-worker, fellow airline or train passenger, or anyone else with a few minutes of unhindered access to the computer.

Meltdown and Spectre are not the only security problems Intel is facing these days.

Intel AMT is a solution for remote access monitoring and maintenance of corporate-grade personal computers, created to allow IT departments or managed service providers to better control their device fleets. The issue highlighted by F-Secure is distinct from that and other recent problems, the company confirmed, and relates to the insecure configuration and deployment of Intel AMT.

A large part of the problem is that enterprises are not following Intel's guidance in practice, said F-Secure, adding that it was going public in order to draw attention to the issue. If there's an option to disable AMT, use it.

Sintonen says that computers on which AMT has been configured without an AMT password are vulnerable.

How does the attack work? An attacker could then alter this password, giving them ongoing access to the system via AMT.

The attacker could now gain remote access to the system from both wireless and wired networks, as long as they are able to insert themselves onto the same network segment with the victim. Alternately, disable AMT on the device. IT should also go through all now deployed machines, and organize the same procedure for them.

Consider as suspect any computer that has an AMT password already set to an unknown value and initiate appropriate incident response procedures. Optionally, unlike the Intel Management Engine (ME), AMT can be disabled, an option that Sintonen also recommends in situations where AMT use is not a corporate policy.

Sintonen says he discovered the flaw in July 2017.

"We discovered the issue this summer, and since discovering it, we have found it in thousands of laptops", F-Secure told El Reg. "We agreed with Intel that we would come out with the issue in January". This guidance (PDF) was updated and reiterated last November. The technology, which is commonly found in corporate laptops, has been called out for security weaknesses in the past, but the pure simplicity of exploiting this particular issue sets it apart from previous instances. The attacker then may change the default password, enable remote access and set AMT's user opt-in to "none". However, many device manufacturers do not follow this advice.

"No other security measures like full-disk encryption, local firewall, anti-malware software or VPN technology are able to prevent exploitation of this issue", Sintonen warned.

F-Secure's video discussing the Intel AMT exploit.

Parth Shukla, a security engineer and member of Google's infrastructure protection team, delivers a presentation to the Hack.lu in Luxembourg in October 2017, about how Intel AMT can be used and abused. A similar vulnerability has also been previously pointed out by CERT-Bund but with regards to USB provisioning, Sintonen said.

"Intel has provided recommendations to system manufacturers in September 2015 to protect the Intel MEBx with the system BIOS password", it says. First rule of cyber security?

A NEW SECURITY FLAW in Intel's Active Management Technology (AMT) can be used by attackers with physical access to get around authentication processes in just 30 seconds.

Although AMT vulnerabilities are not new, the researchers say this issue is particularly severe because it affects most Intel laptops, could enable an attacker to gain remote access for later exploitation, and is particularly easy to exploit.

Intel pushed a firmware fix to OEMs, which have been releasing updated firmware to users.



Like this

Latest


12 January 2018
MSC Industrial Direct Co Inc (MSM) Increases Dividend to $0.58 Per Share
The industrial products company reported $1.07 EPS for the quarter, topping the Zacks' consensus estimate of $0.99 by $0.08. MSC Industrial Direct Co., Inc. has had 55 insider trades in the last 3 months, including 2 open market buys and 53 sells.

12 January 2018
DC Glenn Spender out at OSU
This season, the Cowboys hit a low when they lost 62-52 at home to Oklahoma behind Baker Mayfield's 598 yards passing. BC-FBC-T25-Oklahoma St-Spencer, 138 Oklahoma State fires defensive coordinator Glenn SpencerEds: APNewsNow.

12 January 2018
Arsenal boss Wenger wants to keep Greek signing Mavropanos
Mavropanos has been training with the first-team since his arrival and has impressed onlookers. He then joined Superleague Greece side PAS Giannina in January 2016. "He's not ready to play.

12 January 2018
Goodfellas actor Paul Sorvino calls out Weinstein as file passed to prosecutors
Sorvino said his "daughter is a courageous and a wonderful human being" and to be treated in such a way by a pig is "disgusting". Sorvino wrote a guest column on the Hollywood Reporter website that brutally described her torture at the hands of Weinstein .

12 January 2018
Trump, GOP congressional leaders to meet at Camp David
Now the various factions have a chance to use the January 19 deadline to force their own priorities. The GOP wants to hang onto its House and Senate majorities.

12 January 2018
American and Southwest Announce Bonuses for Employees
The airline reported $0.88 earnings per share for the quarter, topping the Zacks' consensus estimate of $0.87 by $0.01. Five research analysts have rated the stock with a hold rating and thirteen have given a buy rating to the stock.

12 January 2018
CES 2018: This freaky sexbot can actually swap faces
Pleasure Doll would be outfitted with a cutting-edge bionic penis, which, of course, will be available in all shapes and sizes. Realrobotics announced that a new generation of male sex robots is in the making.

12 January 2018
Chinese Police Dynamite Christian Megachurch
The 50,000 strong church was originally built with 17 million Yuan (around $2.5 million) of congregation contributions. Photo The authorities used dynamite and heavy machinery to raze the Protestant megachurch.

12 January 2018
Miz and Maryse Docuseries to Air on USA Network
The show will focus on the lives of Miz and Maryse as they become parents for the first time. The Miz and Maryse announced their pregnancy live on Monday Night RAW back in September.

12 January 2018
Turkish penal court orders detention of two journalists to continue
If the ruling is not implemented, it would show that the Constitution Court no longer holds ultimate jurisdiction, he said. The pair worked for newspapers shut down after the coup.