An F-Secure cybersecurity expert has discovered a way to use Intel's Active Management Technology (AMT) to bypass BIOS passwords, BitLocker credentials, and TPM pins and gain access to secured corporate computers.
According to Harry Sintonen of F-Secure, who discovered the problem last July, only laptops and computers on which Intel AMT has been provisioned (configured) are vulnerable.
Intel AMT is an Intel processor feature that allows system administrators of larger networks to perform remote out-of-band management of personal computers in order to monitor, maintain, update, or perform upgrades from afar, without physical access to devices.
Sintonen says that all computers on which AMT has been configured without an AMT password are vulnerable.
According to him, a hacker with access to the device can press CTRL+P during the boot-up process and select the Intel Management Engine BIOS Extension (MEBx) for the boot-up routine, effectively bypassing any previous BIOS, BitLocker, or TPM logins.
MEBx requires a password, but according to Sintonen, in most cases, companies do not change the default password and leave it "admin".
However, hackers may change the default password, enable remote access, and set AMT’s user opt-in to “None.” They will then be able to gain remote access to the system from both wireless and wired networks, as long as they’re able to insert themselves into the same network segment with the victim. Access to the device may also be possible from outside the local network via a hacker-operated CIRA server.
Attack takes less than a minute to perform
Since this attack takes less than a minute to perform and configure the device for future remote access, Sintonen is convinced that this problem should not be overlooked.
Intel AMT is available as enabled or disabled by default, depending on the policy of the laptop/computer manufacturer.