It keeps happening

to a corporate laptop, full of corporate data

It's worse than that, it only "works" if nobody changed the default password. It's FUD.

>initially need physical access
In other words it's nothing. All of these "security" flaws affect AMD too, which does not have the state of the art performance intel provides.

Damn Intel shills don't even try to be subtle anymore.

Almost any exploit that requires physical access is pointless. I won't tell you that they are all useless in all situations, but it's fucking close.

If I wanted to steal data and had physical access why would I fuck around with this.

Or why wouldn't I just put whatever the fuck I want on there.

Not really, the attacker can now totally ignore the OS requirements for his trojan and just hijack IME™ from Intel™ on all corporate hardware because they always sucked intel dick. No need to account for PSP which doesn't even have network access.

>physical access
>default password
wow so every single fucking computer in the world is affected?

>BREAKING NEWS
>NSA HACKERS BREAK AES-256 ENCRYPTION!
>The popular encryption standard AES-256 has recently been broken by a group of NSA researchers, National Security Agency Director Keith Alexander says.
>Once the NSA analysist had gained access to our device, he was able to decrypt the entirety of our test data in under a minute.
>The attack utilizes a flaw wherein the encryption can be broken if the default password is used.
>Only time will tell how this serious flaw will impact our right to privacy.

>It's useless if I can't do it from the comfort of my bedroom

You people are fucking idiots. You know how easy it is to get physical access in the corporate world? It's as easy as getting a fucking job or someone on the inside.
This isn't talking about stealing facebook nudes or anything dumb like that, jesus christ you cunts have no perspective.

It only takes a second for the cleaning maid to insert an USB; no manager cares about them and they're cleaning every office, from middle management to CEO/CFO

Yes. We're doomed.

Sounds like a giant marketing scheme to scare people into buying new hardware, I honestly doubt most people will ever be affected by this, it's honestly probably just another spooky story to freak people out since peoples lives are so boring and dull these days.

It's not even that, it's pure clickbait. Intel AMT is a remote administration tool. This "attack" requires physical access to the device so that the AMT config can be modified. That's like saying "GLARING SSH VULNERABILITY, IF YOU CHANGE THE CONFIG TO ALLOW ANONYMOUS LOGIN ON ROOT, THEN HACKERS CAN ACCESS YOUR DATA". I seriously don't believe that this even qualifies as a vulnerability.

>If MEBx hasn't been configured by the user or by their organization's IT department, the attacker can log into the configuration settings using Intel's default password of "admin.” The attacker can then change the password, enable remote access, and set the firmware to not give the computer's user an "opt-in" message at boot time. "Now the attacker can gain access to the system remotely," F-Secure's release noted, "as long as they’re able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)."

So, it's SSH that can be enabled through the BIOS, except it can't be used over the internet. Shocking! The only problem here is that it can be used on a system with full disk encryption. So there's that, I guess.