While the world was recovering from the Meltdown and Spectre vulnerabilities, F-Secure found a new security issue which will allow hackers to gain full control of the laptops in merely 30 seconds. The new vulnerability was found in Intel Active Management Technology (AMT) that allowed any hacker to bypass the login and security screen to gain access in just 30 seconds.
For those unaware, AMT is a feature used by IT admins to remotely upgrade, repair and update the PCs, and workstations. As you might have guessed, it is used usually by enterprises and companies to keep a track of software and hardware used within the organization which makes it even more dangerous. This is also not the first time someone has found a vulnerability in AMT.
F-Secure explained how someone could use this vulnerability to hack any PC with AMT. The company also noted that this vulnerability will allow the hacker to bypass any security measure no matter how good it is. The hacker just needs to physically access the laptop and go into BIOS. Here they can select the Intel’s Management Engine BIOS Extension (MEBx) and enter “admin” as the password. Once done, all the security features go down and the hacker can have uninterrupted access to the victim’s laptop.
Attackers have identified and located a target they wish to exploit. They approach the target in a public place – an airport, a café or a hotel lobby – and engage in an ‘evil maid’ scenario. Essentially, one attacker distracts the mark, while the other briefly gains access to his or her laptop. The attack doesn’t require a lot of time – the whole operation can take well under a minute to complete.
– Harry Sintonen, F-Secure senior security researcher
As we noted earlier in the article, this is not the first time AMT has been targeted because of a vulnerability but this is much more destructive than others for the simple reason that it doesn’t require even a single line of code and can be done within a minute without anyone knowing.
F-Secure noted a few steps users can follow to make sure you don’t get hacked. The first of all is not leaving your laptop unattended no matter how secure it is. Secondly, the IT department has to make sure there’s a secure AMT password in place and consider any laptop with unknown strings as hacked. On the other hand, Intel has already been notified and we can expect a patch soon enough. Until then, make sure you take extra steps to ensure your laptop is safe. A little caution is always better.