Secure: Major security flaw affecting millions of corporate laptops

Light show performed by Intel drones

"The attack is nearly deceptively simple to enact, but it has incredible destructive potential".

"In practice, it can give an attacker complete control over an individual's work laptop, despite even the most extensive security measures", he added.

The attack would bypass any other security protections in place, including a BIOS password, Trusted Platform Module PIN or Bitlocker full-disk encryption, Sintonen says.

F-Secure has notified Intel, all relevant device manufacturers and the CERT-Coordination Center in the United States about the security issue. The end users should read Intel's AMT guide carefully and avoid taking unnecessary risk. Intel says it's been shipped on more than 100 million systems over the past decade.

Today, Finnish company F-Secure's researcher Harry Sintonen revealed that there is yet another vulnerability in Intel chipsets affecting a huge number of corporate PCs.

Sintonen and his colleagues at F-Secure have come across the issue repeatedly since early summer past year.

If you're an individual running your own device, change the AMT password to a strong one, even if you don't plan on using AMT.

In this case, however, the attacker has a workaround: AMT.

If we talk in strict computer security terms, it's not a vulnerability. The price they pay for convenience may not be worth the lack of security and the high-risk of compromise Intel ME and AMT seem to provide. "The attack doesn't require a lot of time - the whole operation can take well under a minute to complete", Sintonen explained.

How does the attack work? Even if you think the chance of system penetration via inappropriate local access is minimal, the solution to this problem is to not allow access to the AMT until the proper BIOS password is entered. In doing so, the attacker can gain remote access to the system from both wireless and wired networks, as long as they're able to insert themselves onto the same network segment with the victim, F-Secure said.

The attackers can then log into Intel Management Engine BIOS Extension using the default "admin" password (most likely never altered) and change it to whatever they wish.

Serena reveals medical complications after childbirth
Despite a tough few months, Williams is excited about motherhood , ready to tackle new challenges and get back on the court. Tennis heavy hitters Caroline Wozniacki, Svetlana Kuznetsova and Angelique Kerber have all expressed how much she's missed.

Go through all now deployed devices and configure the AMT password or disable the functionality altogether.

"Go through all now deployed devices and configure the AMT password". While inspection, if a PC's AMT password is found to be already set to an unknown value, it should be treated with suspicion and appropriate steps should be taken.

"We discovered the issue this summer, and since discovering it, we have found it in thousands of laptops", F-Secure told El Reg. "We agreed with Intel that we would come out with the issue in January".

Intel AMT is created to enable remote access monitoring and maintenance of corporate-grade personal computers, and is typically used by IT departments or managed service providers to manage devices. The changes can be made in under a minute, according to F-Secure. In October 2017, Parth Shukla, a security researcher at Google, also detailed the flaws in a Luxembourg conference presentation.

F-Secure reports that despite all this guidance, insecure Intel AMT setups remain widespread. A similar vulnerability has also been previously pointed out by CERT-Bund but with regards to USB provisioning, Sintonen said.

When ordering new devices, consider whether to order them without AMT, AMT disabled by default, or to provision AMT before enrolment.

These are not the first AMT security problems to have been discovered. Chipzilla advises vendors to require the BIOS password when rolling out AMT.

The security flaw exists within Intel chipsets using Active Management Technology (AMT), the chip firm's hardware and software tech that enables the upkeep of (usually corporate) laptops by tech support staff remotely.

AMT has had its share of security issues in the past, but this new one is arguably the most concerning issue yet.

And more to the point, this is an easily resolved flaw.

Related News:

  • Teen Titans GO! To The Movies Trailer Pokes Fun At The DCEU

    Teen Titans GO! To The Movies Trailer Pokes Fun At The DCEU

    Here is a rundown of some of our most anticipated 2018 projects. It opens in in Australia and New Zealand on July 26, 2018. The film comes from the creatives behind the show.
    Spartans struggle again, beat Rutgers in ovetime

    Spartans struggle again, beat Rutgers in ovetime

    However, the game was tied at halftime and Rutgers trailed by only two points with eight minutes to play in regulation. There are encouraging signs, and Rutgers came move up with good home showings against Ohio State and Iowa next week.
    Swedbank Decreases Stake in Gilead Sciences, Inc. (NASDAQ:GILD)

    Swedbank Decreases Stake in Gilead Sciences, Inc. (NASDAQ:GILD)

    The stock of Northern Trust Corporation ( NASDAQ :NTRS) earned "Neutral" rating by Buckingham Research on Thursday, October 19. STOR share have plunged by -4.72% in percentage terms since the start of the year - and retreated -3.61% in the last month.
  • Ambev SA (ABEV) Moves 0.15%

    Over the last three months, the shares of the company have changed 20.45% and performed 33.61% over the last six months. Taking a broader look at the analyst consensus, brokerage firms have a price target of $3.53 on Yamana Gold (NYSE:AUY).
    National Weather Service: Potential for flooding Friday into Saturday

    National Weather Service: Potential for flooding Friday into Saturday

    Update: Friday evening, the National Weather Service canceled the flood advisory for northwestern Cuyahoga County. Ice jams become temporary dams, blocking the flow of water downstream, potentially causing flooding.
    Twitter is latest target of right-wing Project Veritas

    Twitter is latest target of right-wing Project Veritas

    Pierre also mentioned that the new AI won't ban a "mindset" but will ban "a way of talking". That is in line with Twitter's official line on the issue of banning the president.
  • Emerson Electric Company (EMR) Stake Decreased by Cullen Frost Bankers Inc

    Emerson Electric had a return on equity of 20.47% and a net margin of 9.94%. (NYSE: EMR ) on Monday, July 10 with "Hold" rating. The company has a market cap of $47,440.00, a PE ratio of 28.87, a price-to-earnings-growth ratio of 3.25 and a beta of 1.24.
    Winter Weather Advisory through 4am

    Winter Weather Advisory through 4am

    Rain will change to snow with a period of freezing rain and sleet possible, according to the National Weather Service . Gusty winds are possible in wind prone areas producing localized blowing and drifting snow and reduced visibility.
    Dark Souls: Remastered On PS4 Pro Will Not Feature HDR Lighting

    Dark Souls: Remastered On PS4 Pro Will Not Feature HDR Lighting

    Dark Souls Remastered Switch - What do we Know? The Nintendo Switch version will, however, run at 1080p and 30fps. The Dark Souls website has revealed that they're also releasing the Dark Souls Trilogy box set on May 24th.
  • Win Butler & other musicians respond to Trump's "shithole countries" comments

    The mood quickly changed when some reporters started shouting about the president's reported "shithole" comment from Thursday. Some lawmakers took a hard line against Trump's statement, while others were more forgiving. "Made up by Dems", Trump wrote.

    Haiti 'shocked and outraged' over reported Trump remarks

    Trump tweets: "Never said anything derogatory about Haitians other than Haiti is, obviously, a very poor and troubled country". Trump also said the United States should admit more people from places like Norway, an overwhelmingly white country .
    Wall St. hits new highs on bank earnings, economic optimism

    Wall St. hits new highs on bank earnings, economic optimism

    The Labor Department's Consumer Price Index, which excludes the volatile food and energy components, rose 0.3 percent last month. Advancing issues outnumbered decliners on the NYSE by 2,103 to 762.


Most liked

NRI held for molesting United States woman at Taj hotel
The Delhi Police have arrested a 25-year-old NRI for allegedly molesting a USA national at a five-star hotel in Chanakyapuri. On January 10, she approached police alleging that Kharbanda, a resident of California, had molested her.

Aetna Inc (NYSE:AET) Institutional Investor Sentiment
Pggm Investments decreased its stake in Aetna Inc New Com (AET) by 5% based on its latest 2017Q3 regulatory filing with the SEC. Finally, Phocas Financial Corp. acquired a new stake in shares of Aetna during the 2nd quarter worth approximately $182,000.

European Union unveils plan for Euro 1 bln investment in high-performance computing
It predicts that with the use of a supercomputer, vehicle production cycles could be reduced "from 60 months to 24 months". The EU Commission sees this investment as crucial for the EU's competitiveness and independence in the data economy.

Dissecting the Insider Trading Patterns of Twenty-First Century Fox, Inc. (FOXA)
Candriam Luxembourg S.C.A. lifted its position in shares of Twenty-First Century Fox by 76.8% during the third quarter. Northland Capital maintained Paylocity Holding Corporation (NASDAQ:PCTY) on Friday, September 8 with "Buy" rating .

African countries demand Trump apology
President Donald Trump on Friday for reportedly using vulgar language to describe Haiti and countries in Africa. She said the ANC was not in a position to stop any president from any country from saying anything they wished.

Ivanka Trump's #timesup tweet beyond the pale
People were quick to point out that Donald Trump has been accused of sexual harassment and misconduct by as many as 17 women. In response, Trump said, "Look, I'm not in every interaction my father has, but he's not a groper".

Dark Souls coming to Nintendo Switch
Instead, there was just a cinematic with foreboding music playing in the background while the camera slowly panned up to a pyre. It includes Dark Souls Remastered , Dark Souls 2: Scholar of the First Sin , and Dark Souls 3: The Fire Fades Edition.

Pennsylvania Real Estate Investment Trust (PEI)
After a recent check, the current stock price divided by the 52-week high for shares of Wheeler Real Estate Investment Trust, Inc. It dived, as 66 investors sold LLY shares while 386 reduced holdings. 23 funds opened positions while 63 raised stakes.

Republican legislators unveil new U.S. immigration Bill
Congress has to make a budget deal by January 19 or face shutting down the federal government - except for essential services. And, Alsup added, the Trump Administration can still keep DACA recipients from re-entering the U.S if they leave the country.

Adobe Systems (ADBE) Downgraded by Zacks Investment Research to "Hold"
The stock of Adobe Systems Incorporated (NASDAQ:ADBE) has "Buy" rating given on Thursday, October 19 by Bank of America. Central Bank & Trust Co decreased Adobe Systems Incorporated ( ADBE ) stake by 4.46% reported in 2017Q3 SEC filing.

CVS plans to keep Aetna's headquarters in CT
At that point, many in CT believed that Aetna might stay after all. "Aetna staying CT is good for both us and them", said Murphy. CVS confirmed to Channel 3 that the company has "no plans to relocate Aetna's operations from Hartford".

Pokemon Go Features Surfing Pikachu In Its First Community Day Event
This day's event session will take place at a different time dependent on each trainer's region of the world. This bonuses include increased XP or Stardust, and lure modules will last three hours during it.

Revision in Analysts' Earnings Estimates: Mondelez International, Inc. (MDLZ)
The stock of The Boeing Company (NYSE:BA) has "Overweight" rating given on Thursday, October 6 by Barclays Capital. Nbt Natl Bank N A holds 33,212 shares or 0.22% of its portfolio. 15,630 were accumulated by Gamble Jones Counsel.

What caused Greater Vancouver condo prices to soar heading into 2018?
Meanwhile single family home prices across the region climbed by about 12 per cent to $1.5 million. The median price of a two-storey home increased 6.6 per cent year-over-year to $1,586,991.

Jordan Spieth six off the lead after late quadruple-bogey — Sony Open
He is three shots behind clubhouse leader Chris Kirk , who posted a flawless 63, including five birdies on the back nine. Johnson admitted his round was a pleasant surprise, after a bout of flu cost him some pre-season practice time.