Intel AMT security hole lets hackers take control of corporate laptops
Another Intel flaw for attackers to exploit
By Cal Jeffrey on Jan 12, 2018, 3:43 PM
Intel is off to a rough start in 2018 with yet another security issue found impacting their products. Coming fast on the heels of Spectre and Meltdown is a security vulnerability in Intels Active Management Technology (AMT). The Intel Core processor with vPro feature is intended to help IT staff manage networked assets. Ironically, it is supposed to help administrators protect devices. This security risk flushes all that down the toilet.
According to researchers at F-Secure, The issue allows a local intruder to backdoor almost any corporate laptop in a matter of seconds, even if the BIOS password, TPM Pin, Bitlocker and login credentials are in place. No, were not making this stuff up.
This flaw has a high destructive potential and can be executed very quickly. The attacker does need to have physical access to the laptop but there are several scenarios where this could prove to be a trivial issue.
Harry Sintonen, one of F-Secures senior security consultants, describes using the evil maid scenario. This is where a pair of attackers identify a target and while one distracts the mark, the other accesses the computer. Since the exploit can be completed in seconds, this tactic is quite viable.
More:
https://www.techspot.com/news/72736-intel-amt-security-hole-hackers-take-control-corporate.html