Only laptops and machines on which Intel AMT has been configured are vulnerable, according to F-Secure security researcher Harry Sintonen, the one who claims to have found the issue last July.
Intel AMT is a feature of Intel CPUs that leaves system administrators of larger systems to offer remote out-of-band management of personal computers in order to monitor, manage, update, or perform upgrades from afar, without a physical path to devices.
Attackers can boot via MEBx and bypass other login systems
Sintonen says that Computers on which AMT has been configured externally the AMT signal are vulnerable.
He says a malicious actor with a way to the design can press CTRL+P during the boot-up process and choose the Intel Management Engine BIOS Extension (MEBx) for the boot-up routine, effectively avoiding any previous BIOS, BitLocker, or TPM logins.
A MEBx key is required, but Sintonen says that in most cases organizations do not change the default, which is “admin.”
Attack takes a minute to perform
Most security authorities scoff at the idea of attacks requiring “physical access” to perform and often demean their value on such issues opposed to other security bugs.
But because this attack takes a minute to execute and configure the device for ultimate remote access, Sintonen says this issue should not be neglected and set aside as non-important.
Sintonen values that companies configure an AMT password so attackers wouldn’t be able to boot via MEBx and jeopardize the system. Optionally, unlike the Intel Management Engine (ME), AMT can be disabled, an option that Sintonen also recommends in circumstances where AMT use is not a corporate policy.
Take your time to comment on this article.
