F-Secure report that almost all secure business laptops can be hacked in 30 seconds. The hack bypasses all corporate security measures including Bit-locker encryption.

The Hack

The flaw is in Intel's Active Management Technology. IT News reports that all the attacker needs to do is to restart the computer and hold Ctrl-P during bootup. This enables access to the Intel Management Engine Bios Extension using the default password admin. In turn this enables the attacker to change the default password, enable remote access and gain access to corporate network.

The attack was discovered last year by both F-Secure and Google. 

How to protect

Disable AMT or add a strong password to it.

AMT is accessed differently in different systems. Typically access is via Bios advanced settings. Some users report problems with removing AMT and it appears it remains running, just that external access to it is removed.

Sources

https://www.itnews.com.au/news/new-intel-flaw-leaves-corporate-laptops-wide-open-481082?eid=1&edate=20180115&utm_source=20180115_AM&utm_medium=newsletter&utm_campaign=daily_newsletter

https://business.f-secure.com/intel-amt-security-issue

https://news.ycombinator.com/item?id=14253442

https://software.intel.com/en-us/blogs/2007/11/08/strong-amt-me-passwords-and-other-shades-of-gray/

https://www.intel.com.au/content/www/au/en/architecture-and-technology/intel-active-management-technology.html

https://software.intel.com/en-us/blogs/2008/01/09/setting-the-amt-manageability-engine-password-back-to-factory-defaults

http://support.radmin.com/index.php?/Knowledgebase/Article/View/9/9/how-to-set-up-intel-amt-features