AMT Flaw in Intel Chips Allows Attacker to Create a Backdoor


Intel can’t get a break from the security flaws that plague its chips.

F-Secure researchers have found a way to exploit the security flaw in AMT that allows a local attacker to backdoor almost any corporate laptop in a matter of seconds, even if the BIOS password, TPM Pin, Bitlocker and login credentials are in place. Once the system is compromised, the attacker can control it remotely.

“The attack is almost deceptively simple to enact, but it has incredible destructive potential,” said Harry Sintonen, F-Secure’s Senior Security Consultant. “In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures,” Sintonen says.

F-Secure detailed how the exploit may work. All you need to do is reboot the system and enter the boot menu. Typically, you can’t go beyond that point as there is BIOS password. That’s where AMT comes to the rescue. An attacker can log into Intel’s Management Engine BIOS Extension (MEBx), using the default password ‘admin’, which is not changed in most cases. An attacker can now change the default password, enable remote access and set AMT’s user opt-in to ’None’. Behold, the system is compromised. Now the attacker can gain access to the system, remotely.

Most people would dismiss such flaw as a real threat because it does require ‘physical’ access to the target device. Sintonen said it’s not that hard. Once the attackers identify the victim, they approach the victim in a public place like an airport, cafe or hotel lobby and engage in the ‘evil maid’ scenario. One attacker distracts the target while other attacker quickly gains access to the laptop. The whole operation can be done in under a minute, said Sintonen.

It may sound like an episode from Mr. Robot, but it’s actually not. To mitigate all such risks, organization should either disable AMT or set a strong password for it.


Related content

comments powered by Disqus