- Sputnik International
Get the latest news from around the world, live coverage, off-beat stories, features and analysis.

Critical Flaw Found in Intel Processors May Surrender Complete Control of Laptop

© Flickr / Intel Photos / Nick KnupfferIntel Headquarters
Intel Headquarters - Sputnik International
A serious new vulnerability has been discovered in Intel processors which allows hackers to gain full access to computer management within seconds, according to the website of the Finnish company F-Secure, specializing in computer security.

The problem was discovered in the Active Management Technology, which provides remote access to management of settings and security of the computer. Millions of corporate devices around the world are potentially vulnerable to intruders, F-Secure said.

A hacker trying to gain access to a computer can enter the Intel Management Engine BIOS menu when the device is booted, using a password that is usually set by default, and then configure for itself remote access.

This vulnerability seems deceptively simple, but the potential damage from it is "huge," according to Harry Sintonen, senior security consultant at F-Secure and the one to first discovered the problem. 

The security issue “is almost deceptively simple to exploit, but it has incredible destructive potential,” said Sintonen.

Light show performed by Intel drones - Sputnik International
Critical Flaw Identified in Intel Processors
“In practice, it can give an attacker complete control over an individual’s work laptop, despite even the most extensive security measures,” he stressed.

Although the initial attack requires physical access to the device, Sintonen explained that the speed with which it can be done makes it relatively exploitable in a so-called “evil maid” scenario. 

“You leave your laptop in your hotel room while you go out for a drink. The attacker breaks into your room and configures your laptop in less than a minute, and now he or she can access your desktop when you use your laptop in the hotel WLAN. And since the computer connects to your company VPN, the attacker can access company resources,” the consultant said.

Sintonen further pointed out that even a minute of diverting the attention of the target from their laptop, say at an airport or coffee shop, is enough to do the damage.

Earlier experts identified a vulnerability in Intel processors that allows attackers to access files and data stored in the kernel's memory.
To participate in the discussion
log in or register
Заголовок открываемого материала