New Security Flaw Hits Intel, Laptops this time

New Security Flaw Hits Intel, Laptops this time

F-Secure made a number of recommendations.

"The attack is nearly deceptively simple to enact, but it has incredible destructive potential". But the amount of time required to execute the attack is so short that even a notebook or desktop computer left unattended for a few minutes could be compromised in what is referred to by security researchers as an "evil maid" attack-or in this case, an evil barista, co-worker, fellow airline or train passenger, or anyone else with a few minutes of unhindered access to the computer.

Intel AMT is software created to provide maintenance and remote access monitoring services for corporate laptop users.

A hacker trying to gain access to a computer can enter the Intel Management Engine BIOS menu when the device is booted, using a password that is usually set by default, and then configure for itself remote access.

"This allows an attacker access to configure AMT and makes remote exploitation possible", said Sintonen. And once inside AMT (reached by hitting Ctrl-P during boot), the attacker can log in using "admin", input a new remote password, configure AMT to suppress notifications that the laptop has been connected to remotely (thereby preventing users from knowing what's happened), and also configure it to allow wireless remote management in addition to wired management. While you would normally need the BIOS password in order to perform any hijinks at this point, using Intel's Managment Engine BIOS Extension (MEBx) can allow an attacker to login in with a simple "admin" login that is the default.

Even if your device is setup with proper security mechanism including a password in BIOS and BitLocker, the vulnerability bypasses the BIOS security and grants the attacker access to the system.

Читайте также: Qatar, UAE clash over airspace violation

From there, the attacker can change the default password, enable remote access and set the AMT's user opt-in to "none" enabling remote access to the device without knowledge or input from the user - so long as they can put themselves on the same network as the victim.

It isn't the first time this sort vulnerability has come to light - another researcher has previously disclosed a similar attack, while CERT-BUND have previously alerted attacks which work much the same way but require USB access to the target device.

Although the initial attack requires physical access, the speed at which it can be carried out makes it easily exploitable, said Sintonen. "And since the computer connects to your company VPN (Virtual Private Network), the attacker can access company resources".

"Essentially, one attacker distracts the mark, while the other briefly gains access to his or her laptop".

F-Secure's Sintonen, however, wasn't the only security researcher to unearth the problem. If the Meltdown and Spectre weren't enough trouble for users, this new vulnerability could be exploited by hackers to take control of unpatched systems.

Harry Sintonen, a senior security consultant at F-Secure, describes the AMT default password vulnerability. The system provisioning process needs to be updated to include setting a strong password for AMT, or disabling it completely if possible. This is what prompted some Linux computer vendors to start disabling this functionality, along with the whole Intel ME, on their consumer devices. However, many device manufacturers do not follow this advice. If the password is already set to an unknown value, consider the device suspect.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2019 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

  • Trump lawyer sues BuzzFeed for publishing Russia dossier

    Trump lawyer sues BuzzFeed for publishing Russia dossier

    When it published the dossier, Buzzfeed noted it contained allegations that were unverified and had some "clear errors". The statement added Cohen will seek "maximum damages" against the defendants.

    EPS for Chevron Corporation (CVX) Expected At $1.19

    Shine Investment Advisory Services Inc. acquired a new position in Chevron in the 2nd quarter valued at approximately $106,000. Citigroup Inc stated it has 0% of its portfolio in Weibo Corporation (NASDAQ:WB). 30,754 are held by Taurus Asset Limited Com.
    Are Bella Hadid and Los Angeles Basketballer Jordan Clarkson Together?

    Are Bella Hadid and Los Angeles Basketballer Jordan Clarkson Together?

    Gigi and Bella Hadid have taken to social media to call attention to the devastating storm that swept their hometown. So - as any mum would be- Yolanda Hadid was feeling pretty damn chuffed yesterday.
  • Oprah would beat Trump

    The person emphasised that Winfrey has not made up her mind about running. "At the same time, politics is ridiculous right now". However, her longtime partner Stedman Graham said " she would absolutely do it ", according to The Los Angeles Times .
    Ice cream recalled over listeria fears

    Ice cream recalled over listeria fears

    On Tuesday, the company expanded the recall to include all products made at its Dunkirk, New York, plant in 2017. Consumers who have purchased these products are urged to return them to the place of purchase for a full refund.

    Constellation Brands (NYSE:STZ) Releases FY18 Earnings Guidance

    The company reported $2.00 earnings per share for the quarter, beating the Thomson Reuters' consensus estimate of $1.87 by $0.13. Gifford Combs increased its stake in Tarena Intl Inc (TEDU) by 45.79% based on its latest 2017Q3 regulatory filing with the SEC.
  • Price T Rowe Group Inc (NASDAQ:TROW) Institutional Investor Sentiment Is 0.91

    Rowe Price Group by 1.2% during the second quarter. (NASDAQ: TROW ) has declined 4.22% since January 11, 2017 and is downtrending. Barclays Capital has "Equal-Weight" rating and $76 target. (NASDAQ:TROW) on Thursday, September 3 with "Positive" rating.
    Schiff: US better off if Trump 'were watching cartoons in the morning'

    Schiff: US better off if Trump 'were watching cartoons in the morning'

    Committee aides stressed that it is the first government report to comprehensively lay out the size and scope of the threat.
    Meghan Markle's Family Drama Escalates Just in Time for the Royal Wedding

    Meghan Markle's Family Drama Escalates Just in Time for the Royal Wedding

    In an interview with Glamour in 2016, Markle hadn't met Harry yet, but she had wedding dresses on the brain. When you're becoming a royal , a full skirt feels apropos, if not a requirement.
  • Guggenheim Reaffirms Buy Rating for DTE Energy (DTE)

    Guggenheim Reaffirms Buy Rating for DTE Energy (DTE)

    Amer Natl Registered Invest Advisor Inc invested in 0.35% or 14,700 shares. 20 funds opened positions while 41 raised stakes. Oregon Employees Retirement Fund holds 0.03% or 19,213 shares in its portfolio. 1,075 are owned by Bessemer Group Inc.
    Hewlett Packard Enterprise Company (HPE)- Outshines Stocks with Rosy Performance Scores

    Hewlett Packard Enterprise Company (HPE)- Outshines Stocks with Rosy Performance Scores

    Archford Capital Strategies LLC raised its position in shares of Hewlett Packard Enterprise by 6,858.7% during the 2nd quarter. US stock index futures pointed to a higher open on Tuesday, boosted by the positive trading sentiment seen in global markets.

    Massac crash kills woman, two children

    After the head-on collision, an SUV driven by 62-year-old Cathy Ulen of Ullin rear-ended Reichert's vehicle . Police said the 9-month-old boy in Killian's vehicle was properly restrained in a child seat.