Today, Finnish company F-Secure’s researcher Harry Sintonen revealed that there is yet another vulnerability in Intel chipsets affecting a huge number of corporate PCs. If the Meltdown and Spectre weren’t enough trouble for users, this new vulnerability could be exploited by hackers to take control of unpatched systems.
The vulnerability is in Intel’s Active Management Technology (AMT) and if successfully exploited, attackers could take control of the system in a matter of seconds. It’s worth noting that the issue requires physical access to a targeted computer for a successful exploitation of the system.
The exploit is however not as bad as Meltdown and Spectre since the former requires physical access to the device, but it’s still a critical flaw as a system could be compromised in a couple of minutes. Once exploited, the hacker could remotely control the device.
Even if your device is setup with proper security mechanism including a password in BIOS and BitLocker, the vulnerability bypasses the BIOS security and grants the attacker access to the system.
“By changing the default password, enabling remote access and setting AMT’s user opt-in to “None”, a quick-fingered cyber criminal has effectively compromised the machine. Now the attacker can gain access to the system remotely, as long as they’re able to insert themselves onto the same network segment with the victim,” he said.
“The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures,” Sintonen added.
The hacker could also read and modify the data after gaining access to a computer. The hacker will be also able to install malware despite the security software. Intel is yet to respond to this claims made by the researchers. We recommend everyone to make sure that your device is up-to-date.
Disclaimer: The information contained in this article is based on a research by Harry Sintonen and Finnish company F-Secure. Windows Latest makes no claims, guarantees about the accuracy or completeness, contained in this article or linked pages (websites).