As if it wasn’t already a bad enough month for Intel, it just got a bit worse.
This is not related to Spectre or Meltdown; this is an entirely new problem.
Intel processors have a remote management engine called Active Management Technology or AMT. This allows corporate administrators to remotely take over those computers to manage them.
If the person “taking over” the computer is a good guy, then people don’t consider it a problem; if it is a hacker “taking over” the computer, then it is a serious problem.
There are around 100 million computers that have been built in the last decade that have Intel’s Active Management Technology installed.
Last May Intel patched some bugs in AMT; then last November they rushed out some more patches that fixed vulnerabilities that had been around since 2015. Now there is a new vulnerability.
Except in this case, Intel is saying it is a feature.
This feature-bug was discovered last July and kept quiet until now.
The good news is that it does require physical access to the computer, but only for a minute or two.
All the attacker has to do is reboot the computer, enter the bios and configure the Intel Management Engine BIOS Extension (IMTBx).
The attacker will get a screen like this and can then set their own password.
Once they have done that, the hacker can bypass Bitlocker, Trusted Platform Module IDs and BIOS passwords.
One more time, Intel and PC Manufacturers configured the IMTBx with a single, default stupid password – ADMIN . Technically, the password is admin – lower case. Who would ever guess that?
This is one more example of SECURITY or CONVENIENCE, pick one. Setting the password to admin is easier than making it unique to each machine or forcing people to change it the first time they power on the computer.
The hackers can then enable remote access and take over the computer from anywhere in the world.
Of course, if the vendor or company changed the default password then this trick won’t work.
AND, it would not have been a problem if Intel didn’t choose a stupid default password.
Intel tried to shift the blame on this one. They said that they told OEMs in 2015 and again in 2017 to change the default password and improve security.
So if they thought this was a problem, why didn’t INTEL change that default password ? Nice try blaming others, but it won’t work.
Also, this particular attack only works one computer at a time, so it would be used for targeted attacks. Given that Intel announced the problem THREE years ago, you have to assume that the bad guys understand how to exploit this.
There is some good news, however, you can change the default password yourself and stop any attack.
Information for this post came from Ars Technica.