-

Intel AMT Security Issue allows Local Attacker to get Complete Control Over any Laptop




Security researchers identified a significant security flaw with Intel AMT(Active Management Technology) utilized for remote monitoring and maintenance in corporate workplaces and it can be found in Intel vPro-enabled processors.
The flaw allows attackers to gain remote access to your laptops within seconds by simply log in using the default password and then enabling remote access by changing user permission.
BIOS password is to Prevent unauthorized access to the system and the problem here is attacker does not need BIOS password to setup AMT.
Intel busy in providing patches for Meltdown and Spectre which affects Intel, AMD, ARM processors and this unexpected behavior in Intel AMT reported by security F-securesecurity researchers. We hope firmware updates will be available soon.

How an attacker can Exploit – Intel AMT

The attacker needs to have a few seconds of Physical access to exploit and cannot be exploitable over the network.
The attack starts simply by rebooting the system and after an initial screen by pressing ctrl+p to get AMT’s Management. Then by entering default password “admin” attacker can gain access to AMT and configures AMT to allow remote access.
The attacker should reside in the same network to access the compromised machine, they can get full access to the site through VNC and can modify any data, you can find Technical details in F-secure.

Mitigations Suggested – Intel AMT

Researchers recommended to go through all currently deployed devices and configure the AMT password or disable the functionality completely and narrow the list of remotely connected devices.
Never leave your devices unmonitored in an unreliable area, Your screen may display blinking borders during remote management over AMT. Contact your organization’s IT department in case this happens.

Intel said fixes for security issues in its microchips would not slow down computers, rebuffing concerns that the flaws found in microprocessors would significantly reduce performance.
The performance impact of the recent security updates should not be significant and will be mitigated over time, Intel said, adding that Apple, Amazon, Google and Microsoft reported little to no performance impact from
 the security updates.
Intel shares fell nearly 2 per cent on Thursday as investors were worried about the potential financial liability and reputational damage from the recently disclosed security issues.
The largest chipmaker confirmed earlier this week that the security issues reported by researchers in the company’s widely used microprocessors could allow hackers to steal sensitive information from computers, phones
 and other devices.
Security researchers had disclosed two security flaws exposing vulnerability of nearly every modern computing device containing chips from Intel, Advanced Micro Devices and ARM Holdings.
The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.
Intel had said the issues were not caused by a design flaw and asked users to download a patch and update their operating system.
Intel may be on the hook for costs stemming from lawsuits claiming that the patches would slow computers and effectively force consumers to buy new hardware, and big customers will likely seek compensation from Intel for any software or hardware fixes they make, security experts said.
Source:- INTEL OFFICIAL

Comments

Post a Comment

Popular posts from this blog

Web Hacking with Burp Suite - Part II

-
Image
 Web Hacking with Burp Suite -II In previous blog i discussed about ghe basic of Brup Suite, Now we are going to discuesss breifly  Lets start..... Burp Suite Overview: Burp Suite has a large array of features, including but not limited to: Interception Proxy:  Designed to give the user control over requests sent to the server. Repeater:  The ability to rapidly repeat/modify specific requests. Intruder:  Feature that allows automation of custom attacks/payloads Decoder:  Decode and encode strings to various formats (URL, Base64, HTML, etc.) Comparer:  Can highlight differences between requests/responses Extender:  API to extend Burps functionality, with many free extensions available via the BApp store. Spider and Discover Content feature:  Crawls links on a web application, and the discover content can be used to dynamically enumerate unlinked content. Scanner (Pro Only):  Automated scanner that checks for web appl...
Read more

Ghost Phisher - Phishing & Penetration Attacks

-
Image
Ghost Phisher - Phishing & Penetration Attacks Ghost Phisher   is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot,could be used to service DHCP request , DNS requests or phishing attacks Features : ºHTTP Server ºInbuilt RFC 1035 DNS Server ºInbuilt RFC 2131 DHCP Server ºWebpage Hosting and Credential Logger (Phishing) ºWifi Access point Emulator ºSession Hijacking (Passive and Ethernet Modes) ºARP Cache Poisoning (MITM and DOS Attacks) ºPenetration using Metasploit Bindings ºAutomatic credential logging using SQlite Database ºUpdate Support Operating System Supported Software runs on any Linux machine with the programs prerequisites, Prerequisites The Program requires the following to run properly: The following dependencies can be insta...
Read more

How to hack CCTV camera 🎥

-
Image
 How to hack CCTV camera 🎥 Step 1 : Downloading Angry IP Scanner Angry IP scanner   that is generally used by network administrators for port scanning and detecting for the suspicious activity.It is available on all the major OS. First Download and install the Angry IP scanner. Step 2 : Knowing your IP address range It is very important to know your public IP for accomplishing our target.CCTV cameras are connected to our broadband internet connection.If you are using a broadband connection then you can know your public IP by just going to   Google   or  Bing  and typing in the search box “My IP” .It will show your public IP. Here 103.26.218.207 is my public IP .So the IP range will be 103.26.218.1 to 103.26.218.255 Step 3 : Configuring Angry IP scanner Now you have to open   Angry IP Scanner . Go to Tools > Preferences > Ports | include ports 80,8080,23 in Port choice tab  It will filte...
Read more