After Spectre and Meltdown, Intel hit by this serious security flaw

Finnish cyber security company F-Secure has claimed it has found a security flaw in Intel's Active Management Technology (AMT) which can allow a hacker to compromise a work laptop within seconds.

AMT is Intel's proprietary solution for remote access monitoring and maintenance of corporate-grade personal computers, created to allow IT departments or managed service providers to better control their device fleets.

You may be interested in

MobilesTablets Laptops

28% OFF

Samsung Galaxy S23 Ultra 5G

• Green
• 12 GB RAM
• 256 GB Storage

Discounted price:₹107,999Original price:₹149,999

Buy now

Google Pixel 8 Pro

• Obsidian
• 12 GB RAM
• 128 GB Storage

₹106,998

Check details

Vivo X100 Pro 5G

• Asteroid Black
• 16 GB RAM
• 512 GB Storage

₹89,999

Check details

Apple iPhone 15 Plus

• Black
• 6 GB RAM
• 128 GB Storage

₹87,900

Check details

35% OFF

Xiaomi Pad 6

• Mist Blue
• 6 GB RAM
• 128 GB Storage

Discounted price:₹25,999Original price:₹39,999

Buy now

55% OFF

Lenovo Tab M10 5G

• Abyss Blue
• 6 GB RAM
• 128 GB Storage

Discounted price:₹20,999Original price:₹47,000

Buy now

32% OFF

Realme Pad 2

• Imagination Grey
• 6 GB RAM
• 128 GB Storage

Discounted price:₹19,718Original price:₹28,999

Buy now

Honor Pad X9

• Gray
• 4 GB RAM
• 128 GB Storage

₹14,999

Check details

21% OFF

Acer Swift Go SFG14 41 NX KG3SI 002 Laptop

• Pure Silver
• 8 GB RAM
• 512 GB SSD

Discounted price:₹58,999Original price:₹74,999

Buy now

41% OFF

Acer Aspire 5 A515 57G Laptop

• Gray
• 16 GB RAM
• 512 GB SSD

Discounted price:₹52,990Original price:₹89,999

Buy now

22% OFF

Acer Aspire 3 A315 24 NX KDESI 004 Laptop

• Silver
• 8 GB RAM
• 512 GB SSD

Discounted price:₹33,499Original price:₹42,999

Buy now

40% OFF

Asus VivoBook 15 X515JA BQ322WS Laptop

• Transparent Silver
• 8 GB RAM
• 512 GB SSD

Discounted price:₹31,350Original price:₹51,990

Buy now

The company said that in July 2017 Harry Sintonen, one of F-Secure's Senior Security Consultants, discovered unsafe and misleading default behaviour within Intel's AMT.

"AMT is no stranger to security weaknesses, with many other researchers finding multiple flaws within the system, but Sintonen's discovery surprised even him," the company said in a blog post.

"The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual's work laptop, despite even the most extensive security measures," Sintonen said.

The issue allows a local intruder to backdoor almost any corporate laptop in a matter of seconds, even if the BIOS password, TPM Pin, Bitlocker and login credentials are in place.

An attacker can reboot the target's machine and enter the boot menu. In a normal situation, an intruder would be stopped here -- as they won't know the BIOS password, they can't really do anything harmful to the computer.

"In this case, however, the attacker has a workaround: AMT. By selecting Intel's Management Engine BIOS Extension (MEBx), they can log in using the default password 'admin', as this hasn't most likely been changed by the user," the company said.

By changing the default password, enabling remote access and setting AMT's user opt-in to "None", a quick-fingered cyber criminal has effectively compromised the machine. Now the attacker can gain access to the system remotely, as long as they are able to insert themselves onto the same network segment with the victim.

The successful exploitation of the security issue requires physical proximity.