This time with Active Management Technology

Chipzilla is having a rough time of it, Meltdown and Spectre is causing a PR nightmare, it can’t get trouble-free patches to install and now a new long term bug has been found.

F-Secure has revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system.

The flaw has been part of Intel chips for at least ten years and is due to weak security in Intel's Active Management Technology (AMT) firmware - remote "out of band" device management technology.

The latest vulnerability - discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post - is one of those bugs which is supposed to be a feature.

But it means that notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer - even bypassing
BIOS passwords, Trusted Platform Module personal identification numbers, and BitLocker disk encryption passwords - by rebooting the computer, entering its BIOS boot menu, and selecting the configuration for Intel's Management Engine BIOS Extension (MEBx).

If MEBx hasn't been configured by the user or by their organisation's IT department, the attacker can log into the configuration settings using Intel's default password of "admin".

The attacker can then change the password, enable remote access, and set the firmware to not give the computer's user an "opt-in" message at boot time.

"Now the attacker can gain access to the system remotely, as long as they're able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)", F-Secure said.

All this is happening when Intel is having to field angry inquiries about Broadwell and Haswell CPUs after customers reported higher system reboot rates when they installed firmware updates for fixing the Spectre flaw.

The hardware vendor said these systems are both home computers and data centre servers.

"We are working quickly with these customers to understand, diagnose and address this reboot issue", said Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel Corporation.

"If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data centre customers to discuss the issue", Shenoy added.

Shenoy has not clarified which systems are experiencing higher reboot rates; it might only be Linux systems for which Intel started rolling out CPU microcode updates yesterday. These firmware updates mitigate the Spectre flaw.

Thank you. Useful information!