Intel’s Active Management Technology can be used to Bypass BIOS passwords, BitLocker credentials

Only laptops and machines on which Intel AMT has been configured are vulnerable, according to F-Secure security researcher Harry Sintonen, the one who claims to have found the issue last July.

Intel AMT is a feature of Intel CPUs that leaves system administrators of larger systems to offer remote out-of-band management of personal computers in order to monitor, manage, update, or perform upgrades from afar, without a physical path to devices.

Attackers can boot via MEBx and bypass other login systems

Sintonen says that Computers on which AMT has been configured externally the AMT signal are vulnerable.

He says a malicious actor with a way to the design can press CTRL+P during the boot-up process and choose the Intel Management Engine BIOS Extension (MEBx) for the boot-up routine, effectively avoiding any previous BIOS, BitLocker, or TPM logins.

A MEBx key is required, but Sintonen says that in most cases organizations do not change the default, which is “admin.”

The intruder then may change the default password, enable remote access and set AMT’s user opt-in to “None.” The intruder can now gain remote access to the system from both wireless and wired networks, as large as they’re able to insert themselves into the same network part with the victim. Access to the device may also be plausible from outside the local network via an attacker-operated CIRA server.

Attack takes a minute to perform

Most security authorities scoff at the idea of attacks requiring “physical access” to perform and often demean their value on such issues opposed to other security bugs.

But because this attack takes a minute to execute and configure the device for ultimate remote access, Sintonen says this issue should not be neglected and set aside as non-important.

Sintonen values that companies configure an AMT password so attackers wouldn’t be able to boot via MEBx and jeopardize the system. Optionally, unlike the Intel Management Engine (ME), AMT can be disabled, an option that Sintonen also recommends in circumstances where AMT use is not a corporate policy.

Take your time to comment on this article.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil