Critical Intel AMT Flaw Lets Attackers Hack Laptops in Mere Seconds

It has been a matter of days when we found out about the flaws in AMD, ARM and Intel’s computer microchips that allowed attackers to carry out Spectre and Meltdown attacks. Since these microchips are widely used in almost all desktops/laptops, smartphones and tablets, therefore, the discovery sent out shockwaves among high-profile tech giants including Microsoft, Google, Mozilla, and Amazon. Security experts rushed to churn out security updates and patch the flaw. Seem like problems for Intel are far from over because another flaw has been discovered in Intel hardware by Finnish cyber security firm F-Secure.

In its official statement released on Friday, 12th January regarding the newly identified hardware flaw, F-Secure stated that it allows hackers to remotely access corporate laptops. However, the company has categorically denied that the new discovery has any connection with Meltdown and Spectre vulnerabilities.

More: A Malware That can Bypass Windows Firewall Using Intel’s Management Tech

On the contrary, this issue has been identified in the AMT (Intel Active Management Technology) commonly used in corporate laptops. AMT vulnerability allows hackers to gain full control of a device within mere seconds (less than 30 seconds). Moreover, the problem scope is extremely wide since “millions of laptops globally” are believed to have been affected so far.

According to Harry Sintonen, F-Secure consultant and the one responsible for discovering this flaw, the issue is “shockingly” simplistic but has tremendous “destructive potential,” because it provides complete control of the affected laptop to an attacker regardless of the presence of industry’s best security practices.

It is revealed by F-Secure that to compromise a laptop an attacker would need physical access to the device and after accomplishing that, the AMT would be re-configured after which a backdoor will be created. This would eventually let the attacker connect to the same wireless network that is being used by the victim and the device could be remotely accessed. It is also possible to modify the programming of AMT so that it connects to the attacker’s server, which would eliminate the need for the attacker to connect to the same network that is being used by the victim to fulfill their malicious objectives.

In a statement, Sintonen explains: “By selecting Intel’s Management Engine BIOS Extension (MEBx), they can log in using the default password “admin,” as this hasn’t most likely be changed by the user. By changing the default password, enabling remote access and setting AMT’s user opt-in to “None”, a quick-fingered cybercriminal has effectively compromised the machine. Now the attacker can gain access to the system remotely.”

The most concerning aspect is that nothing can prevent exploitation of corporate laptops whether it is full disk encryption, VPN, anti-malware software or firewall. On the other hand, successful attack leads to complete loss of “confidentiality, integrity, and availability,” and the attacker can read and modify all the apps and data stored on the targeted laptop and any malware could be installed, explained F-Secure.

More: Flaw in WPA2 Protocol Lets Attackers Intercept & Decrypt Encrypted Data Traffic

The only thing organizations can do to prevent their systems from exploitation, according to Sintonen, is setting a stronger AMT password or completely disable AMT. The flaw is a critical one and organizations need to think of remedies quickly because a system can be compromised in less than a minute. This is something that makes this flaw much devastating and problematic than Spectre and Meltdown. Intel hasn’t yet responded to this newly discovered flaw.

Top, featured image via DepositPhotos


Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.