Intel AMT Security Issue Lets Attackers Bypass BIOS and BitLocker Passwords

>An F-Secure security researcher has found a way to use Intel's Active Management Technology (AMT) to bypass BIOS passwords, BitLocker credentials, and TPM pins and gain access to previously-secured corporate computers.

>He says a malicious actor with access to the device can press CTRL+P during the boot-up process and select the Intel Management Engine BIOS Extension (MEBx) for the boot-up routine, effectively bypassing any previous BIOS, BitLocker, or TPM logins.

>A MEBx password is required, but Sintonen says that in most cases companies do not change the default, which is "admin."

>The attacker then may change the default password, enable remote access and set AMT’s user opt-in to “None.” The attacker can now gain remote access to the system from both wireless and wired networks, as long as they’re able to insert themselves onto the same network segment with the victim. Access to the device may also be possible from outside the local network via an attacker-operated CIRA server.

Only laptops and computers on which Intel AMT has been provisioned (configured) are vulnerable, according to F-Secure security researcher Harry Sintonen, the one who claims to have discovered the issue last July.

bleepingcomputer.com/news/security/intel-amt-security-issue-lets-attackers-bypass-bios-and-bitlocker-passwords/

Real if big

hahahahahahahahaha

recall time

bump

DELET DELET

> A MEBx password is required, but Sintonen says that in most cases companies do not change the default, which is "admin."


WOWWWWW WHAT A SECURITY FLAW

LEAVE INTEL ALONE

Do you guys think AMD has anything to do with the media lynching Intel is getting as soon as the new year started?

Man, honestly, I have two intel laptops and I'm kinda scared to even turn them on.

pls stop
delet

this was already a feature in the x220. how did it take them this long to find it?

>WOWWWWW WHAT A SECURITY FLAW
A hack on the MEBx without having the password is surely on its way my friend

Days since gaping 0day hole at intel: 0.

AMD with its $48 marketing budget? Sure.

You can already see big WS bitches (cnbc/bloomberg) trying to play down the issue for Intel.
It's not working well.

intel defence squad at it again.

you can bypass the fucking bios password. do you understand how fucking major this is?

>It's not working well.
PLS BUY INTEL PROCESSORS. I NEED A NEW BATHROOM IN INDIA

> a unauthorized attacker can change AMT settings if they have physical access and the default AMT password wasn't changed

That's supposed to be a security issue? Maybe I should submit my CV to F-Secure, I can find lots of """"""security holes"""" like this.

No because most media blames amd and falseflags it as insecure.

I'm thinking of just getting a Ryzen right fucking now and then skipping Zen+ for Zen 2.

Wait till the April dammit

I hope this is bait and you're not actually this technologically illiterate

NO MOR

You can bypass bios password by removing HDD and inserting it in the separate machine. It's fucking nothing really.

>bypass BIOS passwords
but not ATA password needed to decrypt self-encrypted SSD :3

you can get 1700x for $300, i'd go for it

>2018
>Year when Intel CPU became cheddar

>hack

BASED Mikko

Intel, never again. Too bad AMD now has PSP which is probably also full of vulnerabilities and backdoors. Guess I have to downgrade to a FX-8350.

Dam I straight up pity intel now. They rose to the top and now it's all crumbling before their eyes.

thanks

Cant you just pull the cmos? Bios passwords were never secure from someone with local access

Do You think Intel has anything to do with the media lynching Intel is getting as soon as the new year started?