Gone in 30 seconds: New Intel AMT exploit is scarier than you can ever fathom

The new AMT hack can bypass all known security measures. (Source: Anandtech)
The new AMT hack can bypass all known security measures. (Source: Anandtech)
F-Secure's security researchers discovered another flaw in Intel's Active Management Technology (AMT) that a hacker can potentially misuse to gain remote access to a system.

Intel had a pretty rough start to 2018 with a slew of security flaws in Intel CPUs rearing their ugly heads. After the whole Meltdown and Spectre debacle, there's apparently another bitter pill to swallow. F-Secure's Senior Security Consultant, Harry Sintonen, has discovered a potential security flaw in Intel's Active Management Technology (AMT) that allows hackers in physical proximity of a laptop to take control full control of the system and gain remote access, all under a minute.

F-Secure says the issue so severe that even the best protections, including BIOS passwords, will fail if the hacker knows his stuff. It is sort of surprising, given that the system cannot be accessed if the hacker cannot get past the BIOS password screen. However, by selecting the Management Engine BIOS Extension (MEBx) at boot, the hacker just simply login using the default 'admin' password. It is common that users tend to leave the default password as is. Generally, corporate laptops are enabled with AMT and vPro to enable IT admins to remotely take control and diagnose the system. On compatible systems, MEBx can be accessed by simply pressing Ctrl+P at boot time. Having gained access to the MEBx, the hacker can change the default password, enable remote access, and set the AMT's user opt-in to 'None'. The machine is now compromised. The cyber criminal can also gain remote access to the corporate network to which the compromised laptop is connected and all hell can break loose.

Intel's AMT exploits have been a cause of concern for many in the corporate world. The Intel Management Engine (ME) is a whole OS in itself complete with a TCP/IP stack that while making the lives of admins a tad bit easier, can also be exploited for nefarious activities in the wrong hands. Disabling the ME can render the system unbootable, although, a recent discovery has shown that the ME can indeed be disabled, but that requires firmware editing.

While the probability of a cyber criminal getting physical access to a corporate laptop is somewhat far fetched, Sintonen lays out a possible scenario —

Attackers have identified and located a target they wish to exploit. They approach the target in a public place – an airport, a café or a hotel lobby – and engage in an ‘evil maid’ scenario. Essentially, one attacker distracts the mark, while the other briefly gains access to his or her laptop. The attack doesn’t require a lot of time – the whole operation can take well under a minute to complete."

It is not known how Intel would respond to this discovery or what sort of updates can mitigate the issue but if you are a corporate user, it helps to be aware that such attacks do exist. In the interest of security, it is highly recommended to limit outsider access to corporate assets such as laptops and mobile phones. As the old adage goes, better be safe than sorry.

For more details, also refer to the FAQ published by F-Secure linked in the Sources section.


Read all 3 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 01 > Gone in 30 seconds: New Intel AMT exploit is scarier than you can ever fathom
Vaidyanathan Subramaniam, 2018-01-14 (Update: 2018-01-14)
Vaidyanathan Subramaniam
I am a cell and molecular biologist and computers have been an integral part of my life ever since I laid my hands on my first PC which was based on an Intel Celeron 266 MHz processor, 16 MB RAM and a modest 2 GB hard disk. Since then, I’ve seen my passion for technology evolve with the times. From traditional floppy based storage and running DOS commands for every other task, to the connected cloud and shared social experiences we take for granted today, I consider myself fortunate to have witnessed a sea change in the technology landscape. I honestly feel that the best is yet to come, when things like AI and cloud computing mature further. When I am not out finding the next big cure for cancer, I read and write about a lot of technology related stuff or go about ripping and re-assembling PCs and laptops.