Intel AMT Threat
Last week we wrote about the Spectre and Meltdown vulnerabilities in the Intel, AMD and Atom processors, and this week we bring you an equally serious threat that allows attackers to breach a laptop computer within seconds.
Intel Active Management Technology is a hardware-based solution in Intel vPro based systems. The technology help system administrators access a machine when power is off, there’s no operating system or management tools are missing or in case of an equipment failure.
The attack is implemented by activating the firmware, which is connected to the system BIOS, and allows you to perform operations such as accessing local storage, a web browser, obtaining an IP address and network access, accessing peripheral data storage devices. Your windows password and hard drive encryption do not matter.
The key issue is that the firmware, a small secondary processor built into the Northbridge chipset, is always accessible and shares the same default password as every machine containing the chip.
Even if Intel or PC manufacturers had selected the computers MAC address, serial number or service tag it would be more secure than sharing the same default password as every vPro supporting PC on the planet.
This threat is mostly affecting corporations and institutions, but affects anyone with a PC that has the vPro technology.
A compromised machine can be used to access network resources or monitor network traffic, each which puts servers at risk for data theft, hacking, malware attacks and infections. For this reason it’s vital that businesses address the vulnerability as quickly as possible.
Our recommendation as a modest solution until Intel offers a more permanent fix is changing the password to something unique, and never use the same password on more than one device.
This threat requires physical access to the machine, so we recommend limiting or logging physical access to unattended machines, and physically locking up any laptops containing sensitive data when they’re not in use or consider alternative storage solutions for increased data security.