Published: Sat, January 13, 2018
Research | By Jody Lindsey

Critical Flaw Found in Intel Processors May Surrender Complete Control of Laptop

Critical Flaw Found in Intel Processors May Surrender Complete Control of Laptop

Even if your device is setup with proper security mechanism including a password in BIOS and BitLocker, the vulnerability bypasses the BIOS security and grants the attacker access to the system.

Although the successful exploitation of the security issue requires physical proximity, this might not be as hard for skilled attackers to organize as you might think. The vulnerability affected devices back to the first generation of Intel Core, so not all of them were patched.

Last month, Intel issued a 4-page PDF, Security Best Practices of Intel Active Management Technology Q&A, that addresses the MEBx default password problem, amongst other security risks. Weaknesses in the tech have been discovered before (examples here and here) but the latest flaw is nonetheless noteworthy because of the ease of exploitation. The weakness can be exploited in mere seconds without a single line of code. By changing the default password, enabling remote access and setting AMT's user opt-in to "None", a quick-fingered cyber criminal has effectively compromised the machine. What he has essentially done here is set up the machine to allow remote access without the user's knowledge that the computer is being exploited. Even if you think the chance of system penetration via inappropriate local access is minimal, the solution to this problem is to not allow access to the AMT until the proper BIOS password is entered.

However, as this feature comes enabled by default even on consumer devices, it has anxious privacy activists that it can be used as a backdoor or to allow attackers remote access to victims' machines. He continues, "Now the attacker can gain access to the system remotely, as long as they're able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)". Once the attack succeeds, the machines could be controlled remotely.

The security issue "is nearly deceptively simple to exploit, but it has incredible destructive potential", said Harry Sintonen, who investigated the issue in his role as Senior Security Consultant at F-Secure.

(NASDAQ:SBUX) Shares Sold by New York State Teachers Retirement System
It worsened, as 60 investors sold CVS shares while 571 reduced holdings. 72 funds opened positions while 246 raised stakes. The coffee company reported $0.55 EPS for the quarter, meeting the Thomson Reuters' consensus estimate of $0.55.

He warned: "It can give an attacker complete control over an individual's work laptop".

Although the initial attack requires physical access, the speed at which it can be carried out makes it easily exploitable, said Sintonen.

"You leave your laptop in your hotel room while you go out for a drink", he said. The attacker breaks into your room and configures your laptop in less than a minute, and now he or she can access your desktop when you use your laptop on the hotel (wireless system). This is where a pair of attackers identify a target and while one distracts the mark, the other accesses the computer.

F-Secure has notified all relevant OEMs and Intel about the issue. A similar vulnerability has also been previously pointed out by CERT-Bund but with regards to USB provisioning, Sintonen said. It is unrelated to the recently disclosed Spectre and Meltdown vulnerabilities. And more to the point, it illustrates that Intel CPUs are once again vulnerable to set of management capabilities that Intel chose to sandbox entirely from the primary operating system. "That is why it's important to raise public awareness". An Intel spokesperson told IBTimes UK: "We appreciate the security research community calling attention to the fact that some system manufacturers have not configured their systems to protect Intel Management Engine BIOS Extension (MEBx)". The company also said that IT departments should either set strong passwords for AMT or, if possible, completely disable it. This guidance (PDF) was updated and reiterated last November.

"The issue potentially affects millions of laptops globally", said F-Secure consultant Harry Sintonen, who discovered the flaw. Chipzilla advises vendors to require the BIOS password when rolling out AMT.

Like this: