A Security Issue in Intel’s Active Management Technology

[Megalith]

F-Secure is highlighting another critical Intel security issue: according to the Finnish cyber security and privacy company, Intel’s Active Management Technology (AMT) allows local attackers to compromise and take control of work laptops in as little as 30 seconds. Due to insecure defaults, user and BIOS passwords can be completely bypassed.

The security issue "is almost deceptively simple to exploit, but it has incredible destructive potential," said Harry Sintonen, the senior security consultant at F-Secure who came across the oversight. "In practice, it can give an attacker complete control over an individual's work laptop, despite even the most extensive security measures."

 

[Spaceninja]

2018 Doesn't seem to be Intel's year.....

 

[Semantics]

The setup is simple: an attacker starts by rebooting the target’s machine, after which they enter the boot menu. In a normal situation, an intruder would be stopped here; as they won’t know the BIOS password, they can’t really do anything harmful to the computer.

In this case, however, the attacker has a workaround: AMT. By selecting Intel’s Management Engine BIOS Extension (MEBx), they can log in using the default password “admin,” as this hasn’t most likely been changed by the user. By changing the default password, enabling remote access and setting AMT’s user opt-in to “None”, a quick-fingered cyber criminal has effectively compromised the machine. Now the attacker can gain access to the system remotely, as long as they’re able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps).

Eh...more bad press than glaring security issue that must immediately be addressed. Just needs to be addressed sometime soon.

 

[DukenukemX]

2018 Doesn't seem to be Intel's year.....

It really isn't. BTW, is this the result of a default password?

 

[viper1152012]

I have an image of a backyard fire in my head, where the fire department has shown up and just when you think it's under control they dump a truck load of napalm on it.

Oh memories

 

[Elf_Boy]

This is what corporate yes men create and sell. Someone somewhere had to have mentioned something about these flaws.

 

[Galvin]

This cause intel hardware and software became too complex?

 

[griff30]

Damn, another nail in the Intel server coffin.

Jebus

 

[Kdawg]

so this is some remote connection shit?

How does this affect my 6700hq ?

it says AMT needs to be configured to stop this issue.

 

[BloodyIron]

Yes, and they were issued gag orders. I know because I've talked to some...

You think Intel didn't know this shit? Of course they do. They put it there so three letter agencies had built in malware.

And Intel will litigate the fuck out to keep Pandora's box sealed.

This is what corporate yes men create and sell. Someone somewhere had to have mentioned something about these flaws.

 

[86 5.0L]

Yes, and they were issued gag orders. I know because I've talked to some...

You think Intel didn't know this shit? Of course they do. They put it there so three letter agencies had built in malware.

And Intel will litigate the fuck out to keep Pandora's box sealed.

Guess who uses Intel CPUs? China, Russia, Iran, etc etc

 

[auntjemima]

Eh...more bad press than glaring security issue that must immediately be addressed. Just needs to be addressed sometime soon.

Oh, so it's a default password exploit. Lol, nothing to see here!

 

[thesmokingman]

Why am I not surprised at even more Intel security flaws?

 

[Dwayne]

A little Google brought up this article from 2014:

https://www.fsf.org/blogs/community/active-management-technology

Perhaps someone in the industry should have spoken up sooner? Seems like this is a known thing, and that it isn't all the new.

 

[Johan Steyn]

Oh, so it's a default password exploit. Lol, nothing to see here!

Not that simple, it is a password that many, actually most don't even know about.

How do you change a default password when you are not aware is even there. Yes it is stupid, but most people are very ignorant about these things.

Usibg default passwords are also a big problem in the corporate world.

So there is something to see here.

 

[Chebsy]

2018 Doesn't seem to be Intel's year.....

Thats just what I was thinking when I read this !!

 

[Azphira]

So it's a case of...

Forgetting to turn off range top, burning hand on rangetop, blaming Hotpoint for burns?

Forgetting to turn the sink faucet off a week ago, blaming Kohler for the high water bill?

Cutting your own throat attempting to shave with a straight razor for the first time, blaming Thiers Issard for the medical bills?

 

[alamox]

Oh, so it's a default password exploit. Lol, nothing to see here!

not really, even if the pc have random password, if you clear the Cmos the password reverts to admin/admin, it makes it harder and requires more time with the pc compared to the ones already set to default psw.
still intel cannot catch a break, weird that this started happening after ryzen, it's like ppl knew tons of exploits but didn't bother reporting them, and now that they have an alternative they started dumping them.

 

[Stimpy88]

Intel has never been a software company. They can’t write drivers for their ancient graphics chips that have been on the market largely unchanged for years, so what surprises anyone that they have a hard time with software features written into firmware?

 

[Pieter3dnow]

Intel has never been a software company. They can’t write drivers for their ancient graphics chips that have been on the market largely unchanged for years, so what surprises anyone that they have a hard time with software features written into firmware?

Basically Intel ignored all the warnings where you would have to protect your customer in favour of functions which might help them?
As it turns out now it is one of the worst features Intel made for their cpu.

 

[auntjemima]

Not that simple, it is a password that many, actually most don't even know about.

How do you change a default password when you are not aware is even there. Yes it is stupid, but most people are very ignorant about these things.

Usibg default passwords are also a big problem in the corporate world.

So there is something to see here.

Most people are very ignorant about the password on their router login as well, but this place wouldn't hesitate to berate them should someone log into it with the default password.

I guess Intel doesn't get a pass because they are the bitch of the month.

 

[iamjanco]

"By design" could be another way of saying "well, we knew early on back in the heyday that China would become our biggest customer, but they stipulated requirements for multiple backdoors that could be used to keep an eye on their consumers, so we had to come up with architecture that could be used anywhere and improved upon."

 

[Stimpy88]

These latest "vulnerabilities" found in Intel CPUs is actually the exposure of built-in backdoors for government use.

 

[MrDeaf]

It says "local attack", which I would assume, means the attacker has direct access to the PC.

Still, 30s is pretty quick, I have to say.

 

[DeathFromBelow]

Most people are very ignorant about the password on their router login as well, but this place wouldn't hesitate to berate them should someone log into it with the default password.

I guess Intel doesn't get a pass because they are the bitch of the month.

Routers have documentation of such key features and warnings to change your password. Where are Intel's instructions about this feature? Would the average user even have known about it?

Won't somebody please think of the poor multibillion-dollar monopoly. They only lied a little bit!

 

[auntjemima]

Routers have documentation of such key features and warnings to change your password. Where are Intel's instructions about this feature? Would the average user even have known about it?

Won't somebody please think of the poor multibillion-dollar monopoly. They only lied a little bit!

So, to you, their value makes a difference when it comes to lying? Gotcha.

 

[griff30]

Time to buy AMD stock!

 

[kirbyrj]

I'm just waiting for Shintel and juanrga to come in here proclaim this as a "feature."

 

[BloodyIron]

Also note it's illegal to ship encryption technology to those countries. Hence why you will never find a SoC or computer coming from China with AES-NI. (Much to my chagrin)

Guess who uses Intel CPUs? China, Russia, Iran, etc etc

 

[Pieter3dnow]

These latest "vulnerabilities" found in Intel CPUs is actually the exposure of built-in backdoors for government use.

It has to do with processor design rather then backdoors put in for any government agency to be used why else would ARM suffer the same problems (look up arm on wikipedia).


https://www.theregister.co.uk/2015/04/10/us_intel_china_ban/
https://tech.thaivisa.com/china-bans-apple-intel-cisco-and-other-companies-for-state-purchases/5716/

China was not so keen on the Intel chips for a good while now maybe they knew some things already (from By Staff Writer on 2015-02-27 )

 

[Elf_Boy]

Should we all chip in and send Intel one of those extra large containers of lube from amazon?

 

[katanaD]

FTFA:

The setup is simple: an attacker starts by rebooting the target’s machine, after which they enter the boot menu. In a normal situation, an intruder would be stopped here; as they won’t know the BIOS password, they can’t really do anything harmful to the computer.

so, you first have to have physical access long enough to reboot the machine. if you can reboot the machine you can boot it up via a flash drive and also bypass any security, so this is really a mute issue. If i have physical access to your computer, your screwed. end of story

 

[Elf_Boy]

The article I read suggests it is a bigger deal then that.

Yes, physical access is required. The attack would bypass encryption (based on the first article I read on this) and that is a big deal.

 

[krotch]

Routers have documentation of such key features and warnings to change your password. Where are Intel's instructions about this feature? Would the average user even have known about it?

Won't somebody please think of the poor multibillion-dollar monopoly. They only lied a little bit!

https://software.intel.com/en-us/ar...ement-technology-start-here-guide-intel-amt-9

Also buy an Intel board, it comes with plenty of documentation for it and provides links for further information. Intel has also recommended that AMT should be disabled if not used and if used, that the default password be changed or it needs to be provisioned.

Other manufacturers using Intel's products should be the ones handling their own documentation of what features they have on their products and what state those features are set by default.

 

[OrangeKhrush]

don't worry a firmware will be out soon to magically fix silicon level short cuts. the normal rhetoric is "but they may have it to" but it looks like all the nasty stuff is Intel sided and it looks like AMD will suffer the Linux/Windows blanket patching that will nerf how their CPU's run by imposing Intel hard limits. The issue though is dwarfed by the impending Legal consequences of violations of personal information, every country has such legislation and the penalties are severe.