Experts find new flaw in Intel chips; know to protect

F-Secure, a Finnish company that develops cyber security solutions, has released a study on a security issue that affects most corporate laptops with Intel chips. According to the report, published last Friday (12), the failure allows someone with physical access to the computer to enter without having to enter passwords, including BIOS, Bitlocker and TPM PIN code.

The entire process can take less than 30 seconds. Once done, the attacker can still enable the system to exploit it later, remotely. The bug is located in Intel's Active Management Technology, known as the Active Management Technology (AMT). According to F-Secure, the problem potentially affects millions of notebooks worldwide.

Intel reveals possible PC performance drop after upgrade

Five Important Tips Before Buying a Notebook

Intel launches 8th generation Core processors with Radeon RX Vega graphics

What is the new failure

Intel AMT is a solution for remote access monitoring and maintenance of corporate computers. Its goal is to enable IT departments or managed service providers to better control their devices. Thus, if a company's notebook presents problems, for example, the technology sector can solve even if the device is in the employee's home.

Experts find new flaw in Intel chips

The new fault discovered by F-Secure has to do with accessing the BIOS on the computers with this system. In them, setting a BIOS password does not prevent an unauthorized user from accessing the AMT BIOS extension. This allows the attacker not only to initialize the device and make low-level changes, but also to enter the AMT configuration and make remote scanning possible.

Extremely simple invasion

The simplicity in exploiting this deficiency is what makes it more dangerous than others already confirmed involving the AMT, according to the experts behind the report. With physical access to the machine, a person is able to change the settings in a few seconds, without using any line of code.

Failure allows unauthorized user to enter BIOS

The hacker only needs to press a simple command during system startup to access the Intel Management Engine BIOS Extension (MEBx). After that, simply enter the default "admin" password, unchanged on most corporate notebooks, to enable remote access and make other changes.

"In practice, (failure) can give the attacker complete control over an individual's work laptop, despite the most extensive security measures, " said Harry Sintonen, senior security consultant at F-Secure.

Is my computer at risk?

The vulnerability only affects corporate computers. Notebooks and PCs with consumer firmware, aimed at the end customer, do not rely on Intel vPro, the platform on which ATM technology is embedded.

The vPro symbol is stamped on the label next to the notebook. In any case, if you bought your machine in a store, you are free from this particular failure.

Vulnerability targets Intel vPro processors and allows 30-second intrusion

How to protect yourself against error

If you are among the millions of people who use a computer with Intel vPro, you need to take some steps to protect yourself from the error. The most important of these is to change the extension password to AMT, which must be done by the IT industry of the company where you work.

It is also important not to leave your notebook alone, especially in public places. A distracted minute in the airport lobby may be enough for someone to invade the computer and change the settings.

Intel Response

In an official statement, Intel thanked the security community for warning that vendors did not configure their systems to protect MEBx, contrary to recommendations made since 2015 and updated in November 2017. Among the topics in the document, the developer guides vendors require the BIOS password to only then provide Intel AMT, which would prevent unauthorized users from accessing the extension with the "admin" login.

The Silicon Valley company also reported that it has reinforced with OEMs the urgency to configure the systems to maximize their safety, which is highlighted in the note as "the highest priority of the company." Finally, Intel has ensured that it will continue to regularly update the guidelines for system manufacturers so that they have the best information to protect customer data.

Recent vulnerability history

F-Secure made it clear that the flaw in question is unrelated to the Specter and Meltdown vulnerabilities, discovered by Google Project Zero experts and released on The Register website. These affect Intel processors made in the last decade, including consumer ones, regardless of generation.

F-Secure discovery fails to address Specter and Meltdown vulnerabilities

In the early days of 2018, Intel's CPUs, AMD and other vendors have allowed malicious programs to view data protected by the kernel at some points in the computer's memory. As a result, malware can exploit the malfunction to gain access to important user and computer information, such as passwords and message content, for example.

Because the fault directly affects the processor's relationship to the kernel, the core of the system, the affected computers also experience a drop in performance. Intel released a list of processors subject to Meltdown and Specter and confirmed that depending on the model and the manufacturer, the performance reduction can reach 10%.

What is the best processor: Intel or AMD? Comment on the.