Intel Chip Vulnerability Worse than Thought, Lets Hackers Hijack Fleets of PCs

That vulnerability that Intel discovered and disclosed last week after going undetected for almost a decade is much worse than originally thought as it allows hackers to remotely gain full control over affected PCs running Windows, without even needing a password. 

As announced by Intel, the bug affects Intel’s Active Management Technology (AMT) which allows IT admins to remotely carry out maintenance, as well as other types of tasks, without having to travel to the affected location. This tool also allows the admin to remotely control the computer’s keyboard and mouse, even if the targeted computer is powered off.

The AMT also works via the browser and is accessible even when the remote PC is asleep, although it is protected by an admin-set password.

As Embedi researchers discovered, however, the bug that Intel disclosed last week makes it possible for hackers to enter a blank password and still get into the web console.

An open door

According to security researchers, the problem is in the way the default admin account for the web interface processes the user’s password since it lets anyone log in by entering nothing when prompted to log in.

Folks over at Embedi point out there are several possible attack scenarios that could be conducted using this vulnerability. They’re all based on several Intel AMT features, namely KVM (remote control of mouse keyboard and monitor), IDE-R and SOL. KVM can be used to perform any common physical action in order remotely load, execute any program to the target system, read/write any file, and so on.

IDE-R (IDE Redirection) is used to remotely change the boot device to some other virtual image, while SOL (Serial over LAN) can be used to remotely power on/off, reboot or reset the device, or to access BIOS setup for editing.

Read more…