The Hack

The flaw is in Intel's Active Management Technology. IT News reports that all the attacker needs to do is to restart the computer and hold Ctrl-P during bootup. This enables access to the Intel Management Engine Bios Extension using the default password admin. In turn this enables the attacker to change the default password, enable remote access and gain access to corporate network.

The attack was discovered last year by both F-Secure and Google. 

How to protect

  • Disable AMT or add a strong password to it.

AMT is accessed differently in different systems.

To disable AMT go to  BIOS Advanced Settings.

Some users have reported problems with removing AMT that it appears to remain running and only external access to it is removed.

Sources

https://www.itnews.com.au/news/new-intel-flaw-leaves-corporate-laptops-wide-open-481082?eid=1&edate=20180115&utm_source=20180115_AM&utm_medium=newsletter&utm_campaign=daily_newsletter

https://business.f-secure.com/intel-amt-security-issue

https://news.ycombinator.com/item?id=14253442

https://software.intel.com/en-us/blogs/2007/11/08/strong-amt-me-passwords-and-other-shades-of-gray/

https://www.intel.com.au/content/www/au/en/architecture-and-technology/intel-active-management-technology.html

https://software.intel.com/en-us/blogs/2008/01/09/setting-the-amt-manageability-engine-password-back-to-factory-defaults

http://support.radmin.com/index.php?/Knowledgebase/Article/View/9/9/how-to-set-up-intel-amt-features

 


© 2022 Design Out Crime and CPTED Centre. All Rights Reserved.