An Attacker Can Take Full Control of a Machine in Just 30 Seconds, Thanks to Intel AMT

The vulns are like the PAIC Lemon. When there’s more, there’s more.

The proof of this problem that affects laptops equipped with Intel AMT (Intel’s Active Management Technology), a solution that you may have on your machine that allows remote monitoring and maintenance. An attacker can through physical access to the computer, boot or reboot while pressing the play button CTRL + P to access the MEBx (Intel Management Engine BIOS Extension) with the default password ” admin “(AH AH AH), then change this password and enable remote access without a user. This method can be used to defeat BIOS passwords, Bitlocker ciphers and other PINs set up by admins.

This then allows the cybercriminal to access the computer via the local network (or remotely via a bouncing mechanism on a third-party server) without the need for a session password.

So yes, you need physical access to the machine, but its speed of execution (reboot, CTRL-P, check reboot, about 30 sec.) Makes it an attack to take seriously. Just have your back turned a few minutes so that remote access is activated without your knowledge. In a professional setting, this can also offer a cybercriminal, an access of choice to the private network a company via the VPN in place on the hacked machine.

It was F-Secure researchers who came across this problem. Here is an explanation and demonstration of the attack:

Intel has pretty well communicated the problem with PC manufacturers asking them to require the password BIOS to access Intel AMT, but unfortunately, these recommendations are still too little follow. If you are a company, put a strong password on AMT and if you can disable the feature. If a password is already in place and it is not “admin”, consider the machine highly suspect.

And if you’re a user with an AMT team computer, get closer to your IT department, or if it’s your own machine, put a strong password on AMT and turn it off. And most importantly, never leave your computer unattended in a public place. I see all the months that do that, especially in the train …

Leave a Reply