Weak Intel AMT security lets hackers hijack corporate comps – research


Security shortcomings in Intel’s Active Management Technology (AMT) can be exploited by miscreants to bypass login prompts on notebook computers.

Insecure defaults in Intel AMT allow an intruder to completely bypass user and BIOS passwords and TPM and Bitlocker PINs to break into almost any corporate laptop in a matter of 30 seconds or so, according to security biz F-Secure. The issue, which requires physical access to targeted computer to exploit, is unrelated to the recent Spectre and Meltdown vulnerabilities.

The problem potentially affects millions of laptops globally.

AMT offers remote-access monitoring and maintenance of corporate-grade personal computers, allowing remote management of assets. Shortcomings in the tech have been discovered before (examples here and here) but the latest flaw is nonetheless noteworthy because of the ease of exploitation. “The weakness can be exploited in mere seconds without a single line of code,” F-Secure reported.

Read full news article on The Register