The bug allows anyone with physical access to the affected laptop to bypass the need to enter login credentials—including user, BIOS and BitLocker passwords and TPM pin codes—enabling remote administration for post-exploitation.
In general, setting a BIOS password prevents an unauthorised user from booting up the device or making changes to the boot-up process. But this is not the case here.
The password doesn’t prevent unauthorised access to the AMT BIOS extension, thus allowing attackers access to configure AMT and making remote exploitation possible.
Although researchers have discovered some severe AMT vulnerabilities in the past, the recently discovered issue is of particular concern because it is:
easy to exploit without a single line of code,
affects most Intel corporate laptops, and
could enable attackers to gain remote access to the affected system for later exploitation.
I was unable to duplicate this. Pressing CTRL-P at boot got me nowhere, and I tried several times. The article mentions corporate laptops, whereas I’m using a Kaby Lake gaming laptop. Is my consumer grade hardware more secure than a corporate laptop?
I have an old business class laptop at home that I’ll try once I get off work.
On most business manufacturers hardware this has to be enabled explicitly in the BIOS, then a password has to be set before this is enabled. Even then, it looks like it’s only exploitable with local resources access.
Not a good vulnerability, but still, not bad. Enabling AMT has a host of other exploitable issues that trump this one.
All it will take is successive stories like these to erode public confidence.
Whether or not that will end up pushing people to amd is up for debate, personally I think the ‘sheep’ are more likely to just assume its a windows thing and end up buying a mac… unaware that has the same intel issues.
One of the most asked questions from mac people during meltdown was 'but my mac is safe right?"
Finnish cyber security firm F-Secure reported unsafe and misleading default behaviour within Intel Active Management Technology (AMT) that could allow an attacker to bypass login processes and take complete control over a user’s device in less than 30 seconds.
AMT is a feature that comes with Intel-based chipsets to enhance the ability of IT administrators and managed service providers for better controlling their device fleets, allowing them to remotely manage and repair PCs, workstations, and servers in their organisation.
The bug allows anyone with physical access to the affected laptop to bypass the need to enter login credentials—including user, BIOS and BitLocker passwords and TPM pin codes—enabling remote administration for post-exploitation.
“The attack is almost deceptively simple to enact, but it has incredible destructive potential,” said F-Secure senior security researcher Harry Sintonen, who discovered the issue in July last year.
“In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”
this requires physical access to the machine. with physical access (and enough time) you will be owned (in spite of all the other security measures) even without this bug.
IE pull the drive, usb adapter to another machine under the attackers control, install remote control/key logger etc program and/or image the drive for later hacking, reinstall the the drive and walk away.
the machine without a drive is of no interest to an attacker, generally. its the data on the hard drive thats of interest.
the fact that “enough time” is less than one minute in this case means the attack could be carried out while the owner is (e.g.) in the restroom, even if the machine itself is physically chained to their desk.
A lot of people do not realized that Intel is still fighting the litigation by AMD of unfair practices. Intel was proven to be in the wrong but yet can just keep delaying payment indefinitely by keeping it in court. That is just criminal.
