Intel AMT security issue allows hackers bypass BIOS and BitLocker passwords




An F-Secure cybersecurity expert has discovered a way to use Intel's Active Management Technology (AMT) to bypass BIOS passwords, BitLocker credentials, and TPM pins and gain access to secured corporate computers.

According to  Harry Sintonen of F-Secure, who discovered the problem last July, only laptops and computers on which Intel AMT has been provisioned (configured) are vulnerable.

Intel AMT is an Intel processor feature that allows system administrators of larger networks to perform remote out-of-band management of personal computers in order to monitor, maintain, update, or perform upgrades from afar, without physical access to devices.

Sintonen says that all computers on which AMT has been configured without an AMT password are vulnerable.

According to him, a hacker with access to the device can press CTRL+P during the boot-up process and select the Intel Management Engine BIOS Extension (MEBx) for the boot-up routine, effectively bypassing any previous BIOS, BitLocker, or TPM logins.

MEBx requires a password, but according to Sintonen, in most cases, companies do not change the default password and leave it "admin".

However, hackers may change the default password, enable remote access, and set AMT’s user opt-in to “None.”  They will then be able to gain remote access to the system from both wireless and wired networks, as long as they’re able to insert themselves into the same network segment with the victim. Access to the device may also be possible from outside the local network via a hacker-operated CIRA server.

Attack takes less than a minute to perform

Since this attack takes less than a minute to perform and configure the device for future remote access, Sintonen is convinced that this problem should not be overlooked.

Intel AMT is available as enabled or disabled by default, depending on the policy of the laptop/computer manufacturer.

Would you like to comment on this article?




New banking malware FakeBank can intercept messages to steal data and money

FakeBank malware can steal sensitive information from the device including phone numbers, balance on a linked bank card and location data.


New Cryptomix ransomware variant released

Hackers have released a new version of Cryptomix that adds the .SERVER extension to encrypted files.


Meltdown and Specter vulnerabilities affect Intel, ARM, AMD processors

Almost all PCs, laptops, tablets and smartphones are in danger, regardless of manufacturer or operating system.

Sign up for our online newsletter!