Finnish firm detects Intel security flaw of 'almost shocking simplicity'
Finnish firm detects Intel security flaw of 'almost shocking simplicity'
Intel AMT Security Issue Lets Attackers Bypass BIOS and BitLocker Passwords
13 January, 2018, 09:09
The issue allows anyone with physical access to the laptop to bypass the need to enter credentials, including user, BIOS and Bitlocker passwords and TPM passcodes. The changes can be made in under a minute, according to F-Secure.
"The issue potentially affects millions of laptops globally", said F-Secure consultant Harry Sintonen, who discovered the flaw. "In practice, it can give an attacker complete control over an individual's work laptop, despite even the most extensive security measures".
Intel AMT is software created to provide maintenance and remote access monitoring services for corporate laptop users.
Normally, laptop users set-up BIOS passwords to prevent unauthorised users from booting up devices or making changes to the boot-up process.
While requiring physical proximity to the target makes the attack more hard to initiate than a remote attack like a phishing email, it's not impossible that skilled attackers looking to compromise a particular target could orchestrate a scenario where they could get the brief time with the device they need.
To exploit the flaws highlighted by F-Secure, attackers only need to reboot or power-up the target machine and press CTRL-P during boot-up, claimed F-Secure.
However, as this feature comes enabled by default even on consumer devices, it has anxious privacy activists that it can be used as a backdoor or to allow attackers remote access to victims' machines. "This allows an attacker access to configure AMT and make remote exploitation possible", F-Secure said. Access to the device may also be possible from outside the local network via an attacker-operated CIRA (client-initiated remote access) server.
"And since the computer connects to your company VPN [virtual private network], the attacker can access company resources". The attacker breaks into your room and configures your laptop in less than a minute, and now he or she can access your desktop when you use your laptop on the hotel (wireless system).
Sintonen stumbled upon the issue in July 2017, and notes that another researcher* also mentioned it in a more recent talk.
"Now the attacker can gain access to the system remotely", F-Secure's release noted, "as long as they're able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)".
However, F-Secure believes that the "pure simplicity of exploiting this particular issue sets it apart from previous instances". If the Meltdown and Spectre weren't enough trouble for users, this new vulnerability could be exploited by hackers to take control of unpatched systems.
The issue allows a local intruder to backdoor nearly any corporate laptop in a matter of seconds, even if the BIOS password, TPM Pin, Bitlocker and login credentials are in place. If the system's manufacturer has followed Intel's recommendation to protect the Intel MEBx menu with the system BIOS password, this physical attack would be mitigated.
El Reg understands that Intel began telling systems manufacturers to provide a system BIOS option to disable USB provisioning and to set the value to disable by default as far back as 2015.
Go through all now deployed devices and configure the AMT password or disable the functionality altogether. Even firmware-based malware can be easily uploaded to the system with no chance of detection.
Never leave your laptop unwatched in an insecure location such as a public place.
OK. "Substantial ownership and effective control of Air India shall continue to be vested in Indian national", the release said. On whether it would be interested in Air India disinvestment, Emirates said it has no plans to buy or acquire any airline.
Gold and banking stocks also moved to the upside on the day, helping to offset the weakness seen in the aforementioned sectors. The NYSE Arca Airline Index surged up by 3.9% to its best closing level in almost six months.
Ameritas Investment Partners Inc. raised its stake in Cypress Semiconductor Corporation by 95.9% in the third quarter. The ratio may be used to provide an idea of the ability of a certain company to pay back its liabilities with assets.
Simply book a cheap finish and set the stage for a rematch come January 28 to create a more elaborate storyline. Her last match took place in 2009 in the 25-Diva Miss WrestleMania Battle Royal at WrestleMania 25.
Rory McIlroy says he has a heart ailment that will have to be monitored regularly but is not expected to affect his play. He says he'll get an electrocardiogram every six months and an MRI once per year.
The Sun Devils must turn things around if they plan to keep their spot in the AP Top 25 Saturday against the Oregon State Beavers. Trier, who scored a total of 15 points in two road games last week, made 4 of 9 from long distance.
Against a unit that can move the ball I think they'll have to play ideal on offense - and I don't think they have that ceiling. The Wentz-less Birds will have a tough task this Saturday, as the Falcons are one of the hottest teams around the league.
Currently Gerdau S.A. (NYSE: GGB)'s shares owned by insiders are 32.7%, whereas shares owned by institutional owners are 20.4%. According to analysts Gerdau S.A. (NYSE: GGB)'s minimum EPS for the current quarter is at $0.02 and can go high up to $0.02.
Bronson Point Management Llc increased Colgate Palmolive Co (NYSE:CL) stake by 50,000 shares to 72,500 valued at $5.28M in 2017Q3. This buyback authorization permits the financial services provider to purchase shares of its stock through open market purchases.
Trump takes a statin to control cholesterol, baby aspirin to prevent heart attacks and Propecia to treat male-pattern baldness. After a physical during the 2016 campaign, a statement from his doctor said the 6-foot-3 NY businessman weighed 236 pounds.
Active Mover: Chicago Bridge & Iron Company NV (NYSE: CBI)
Relative volume is the comparison of current volume to average volume for the same time of day, and it's displayed as a ratio. CBI has conspicuous measure of stock oscillations; average true range may be heating up this temperature with value of 0.80.
Zidane: I won't be at Real forever
After an ineffectual start to the season, Karim Benzema now finds himself sidelined with an injury of his own. They also have a Champions League last-16 tie against Paris Saint-Germain to prepare for in February.
Global Safety Valve Market: Zetkama, GE Energy and Niezgodka
The Middle East and Africa's pressure relief valves market is also anticipated to contribute significantly to the overall demand. In addition, the report presents detailed information regarding major revenue generating regions of Ceramic Ball Valve market .
Indian state of Tamil Nadu enters 7th day
Not refusing to back down, the state government had roped in additional drivers and conductors to resume the stalled buses. The letter was written in part due to IT employees being beneficiaries of public transport.
Florida House Passes Sanctuary Policy Ban
Local officials who refuse to work with federal authorities could be removed from their jobs if the bill becomes law. The legislation heads to the Florida Senate , where it's not clear if there is support there to pass it.
Saudi stadiums open to women for first time
Lamya Khaled Nasser, a 32-year-old from Jeddah, told Agence France-Press she was proud and looking forward to the match. Previously women could watch matches on television only.
RB Guice opts for NFL Draft over staying in school
Guice set the single-season school record for rushing yards in a 285-yard effort against Texas A&M in the 2016 season finale. Taking over midseason for the injured Leonard Founette, Guice led the SEC in rushing yards (1,387) and yards per carry (7.6).
Brokerages Set Bank of Nova Scotia (BNS) PT at $88.67
Jones Collombin Investment Counsel Inc bought 91,870 shares as the company's stock declined 10.69% while stock markets rallied. The Company's segments include Canadian Banking, International Banking, Global Banking and Markets (GBM), and Other.
Authorities arrest suspect in death of Penn student
Witnesses told authorities that Bernstein had met a friend and the two drove to the park, where Bernstein got out of the auto . Woodward's hands were scratched and had dirt on them one of the times he was interviewed by detectives, the document says.