Intel has exposed a high-risk AMT vulnerability. The password must be modified !, Intel-level amt Vulnerability

Intel has exposed a high-risk AMT vulnerability. The password must be modified !, Intel-level amt Vulnerability

When Intel was busy launching the "fusing" and "ghost" vulnerabilities, Finnish Network Security Company F-Secure released a report on January 12, 2018 saying that Intel's active management technology (AMT) was found) the vulnerability allows hackers to bypass the logon process and completely control the target device within 30 seconds. This vulnerability may affect millions of laptops around the world.

Intel AMT

Intel AMT (Active Management Technology) is Intel's Active Management Technology. It is essentially an embedded system integrated into the chipset and does not depend on a specific operating system. This technology allows IT administrators to remotely manage and repair networked computer systems, and the implementation process is completely transparent to service objects, thus saving users' time and computer maintenance costs.

How can attackers exploit this vulnerability?

To successfully exploit this vulnerability, attackers need to perform physical access to the affected laptop. After the system is intruded, the AMT will be reconfigured, leaving one and a backdoor, then, attackers can bypass the requirements of entering logon creden。 (including usernames, BIOS, BitLocker passwords, and TPM passwords) to obtain remote access for subsequent exploitation.

The essence of this security vulnerability is to set the BIOS password. Generally, setting the BIOS password prevents unauthorized users from starting the device or changing the startup Item, however, it does not prevent unauthorized users from accessing the amt bios extension, which allows attackers to access and configure the AMT and make remote exploitation possible.

Attackers only need to restart or start the target device, press the CTRL-P at startup, and then use the default password (usually "admin", which is unlikely to be modified in general) log on to the intel Management Engine BIOS extension (MEBx ). Then, attackers can modify the default password, enable remote access, and set "User Opt-in" of AMT to "None ". In this way, attackers can remotely access the system from wireless and wired networks as long as they are in the same network segment as the victim. Attackers can also access the target device from a place outside the LAN through their CIRA server (Transit server.

Harry sintrun, security researcher at F-Secure, said the vulnerability was simple but potentially destructive. An Intel spokesman said that the best configuration Practice Guide was released in 2015, which was updated in November 2017. But in fact, even the best security operation cannot prevent local attackers from completely controlling the target laptop.

According to the researchers, the new vulnerability has nothing to do with the recently exposed "fusing" and "ghost" vulnerabilities.

F-Secure recommends that you modify the default AMT password for your laptop, set a password with a higher password level, or directly disable AMT. Do not place your laptop in an unattended public place.