• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 7th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » Critical Intel AMT Flaw Lets Attackers Hack Laptops in Mere Seconds

Critical Intel AMT Flaw Lets Attackers Hack Laptops in Mere Seconds

January 12th, 2018 Waqas Security, Technology News 0 comments
Critical Intel AMT Flaw Lets Attackers Hack Laptops in Mere Seconds
Share on FacebookShare on Twitter

It has been a matter of days when we found out about the flaws in AMD, ARM and Intel’s computer microchips that allowed attackers to carry out Spectre and Meltdown attacks. Since these microchips are widely used in almost all desktops/laptops, smartphones and tablets, therefore, the discovery sent out shockwaves among high-profile tech giants including Microsoft, Google, Mozilla, and Amazon. Security experts rushed to churn out security updates and patch the flaw. Seem like problems for Intel are far from over because another flaw has been discovered in Intel hardware by Finnish cyber security firm F-Secure.

In its official statement released on Friday, 12th January regarding the newly identified hardware flaw, F-Secure stated that it allows hackers to remotely access corporate laptops. However, the company has categorically denied that the new discovery has any connection with Meltdown and Spectre vulnerabilities.

More: A Malware That can Bypass Windows Firewall Using Intel’s Management Tech

On the contrary, this issue has been identified in the AMT (Intel Active Management Technology) commonly used in corporate laptops. AMT vulnerability allows hackers to gain full control of a device within mere seconds (less than 30 seconds). Moreover, the problem scope is extremely wide since “millions of laptops globally” are believed to have been affected so far.

According to Harry Sintonen, F-Secure consultant and the one responsible for discovering this flaw, the issue is “shockingly” simplistic but has tremendous “destructive potential,” because it provides complete control of the affected laptop to an attacker regardless of the presence of industry’s best security practices.

It is revealed by F-Secure that to compromise a laptop an attacker would need physical access to the device and after accomplishing that, the AMT would be re-configured after which a backdoor will be created. This would eventually let the attacker connect to the same wireless network that is being used by the victim and the device could be remotely accessed. It is also possible to modify the programming of AMT so that it connects to the attacker’s server, which would eliminate the need for the attacker to connect to the same network that is being used by the victim to fulfill their malicious objectives.

In a statement, Sintonen explains: “By selecting Intel’s Management Engine BIOS Extension (MEBx), they can log in using the default password “admin,” as this hasn’t most likely be changed by the user. By changing the default password, enabling remote access and setting AMT’s user opt-in to “None”, a quick-fingered cybercriminal has effectively compromised the machine. Now the attacker can gain access to the system remotely.”

The most concerning aspect is that nothing can prevent exploitation of corporate laptops whether it is full disk encryption, VPN, anti-malware software or firewall. On the other hand, successful attack leads to complete loss of “confidentiality, integrity, and availability,” and the attacker can read and modify all the apps and data stored on the targeted laptop and any malware could be installed, explained F-Secure.

More: Flaw in WPA2 Protocol Lets Attackers Intercept & Decrypt Encrypted Data Traffic

The only thing organizations can do to prevent their systems from exploitation, according to Sintonen, is setting a stronger AMT password or completely disable AMT. The flaw is a critical one and organizations need to think of remedies quickly because a system can be compromised in less than a minute. This is something that makes this flaw much devastating and problematic than Spectre and Meltdown. Intel hasn’t yet responded to this newly discovered flaw.

Top, featured image via DepositPhotos

  • Tags
  • Computers
  • Flaw
  • hacking
  • Intel
  • internet
  • Laptop
  • security
  • VPN
  • Vulnerability
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Malware infected fake Telegram Messenger app found in Play Store
Next article Attackers Exploit Oracle WebLogic Flaw to Mine $266K in Monero
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism.

Related Posts
New privacy tool exposes which website leaves your data unprotected

New privacy tool exposes which website leaves your data unprotected

New Linux vulnerability puts VPN connections at risk of hijacking

New Linux vulnerability puts VPN connections at risk of hijacking

5 things you should never do when using anonymous operating systems

5 things you should never do when using anonymous operating systems

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
New privacy tool exposes which website leaves your data unprotected
Privacy

New privacy tool exposes which website leaves your data unprotected

130
New Linux vulnerability puts VPN connections at risk of hijacking
Privacy

New Linux vulnerability puts VPN connections at risk of hijacking

283
5 things you should never do when using anonymous operating systems
Security

5 things you should never do when using anonymous operating systems

376
Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns
Surveillance

Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns

7737

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us