Finnish firm detects new Intel security flaw

January 12, 2018
A newly-discovered flaw lets assailants take control of a laptop in seconds, an industry firm says

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.

F-Secure said in a statement that the flaw had nothing to do with the "Spectre" and "Meltdown" vulnerabilities recently found in the micro-chips that are used in almost all computers, tablets and smartphones today.

Rather, it was an issue within Intel Active Management Technology (AMT), "which is commonly found in most corporate laptops, (and) allows an attacker to take complete control over a user's in a matter of seconds," the cybersecurity firm said.

"The issue potentially affects millions of laptops globally."

The flaw was of "an almost shocking simplicity, but its destructive potential is unbelievable," said F-Secure consultant Harry Sintonen, who discovered it.

"In practice, this flaw could give a hacker complete control over the affected , despite the best security measures."

An attacker would initially need physical access to the device in question.

But once they had re-configured AMT, they could effectively "backdoor" the machine and then access the device remotely, by connecting to the same wireless or wired network as the user, F-Secure said.

In certain cases, the assailant could also programme AMT to connect to their own server, which would eliminate the need to be in the same network segment as the victim.

"No other security measures—full disk encryption, local firewall, anti-malware software or VPN—are able to prevent exploitation of this issue."

A successful attack would lead to complete loss of confidentiality, integrity and availability, F-Secure said.

The assailant would be able to read and modify all of the data and applications a user may have to on their computer. And they could also install malware on the device, even at the firmware level.

F-Secure expert Sintonen said that organizations needed set a strong AMT password or perhaps disable AMT completely if possible.

The recent discovery of the "Spectre" and "Meltdown" vulnerabilities in computer chips made by Intel, AMD and ARM, have sent big names in the sector—including Amazon, Google, Microsoft and Mozilla—rushing out updates and patches to eliminate the flaw.

Explore further: Tech firms battle to resolve major security flaw (Update)

Related Stories

Flawed computer chips and how to fix them

January 5, 2018

As tech giants race against the clock to fix major security flaws in microprocessors, many users are wondering what lurks behind unsettling names like "Spectre" or "Meltdown" and what can be done about this latest IT scare.

Recommended for you

What can snakes teach us about engineering friction?

May 21, 2018

If you want to know how to make a sneaker with better traction, just ask a snake. That's the theory driving the research of Hisham Abdel-Aal, Ph.D., an associate teaching professor from Drexel University's College of Engineering ...

Flexible, highly efficient multimodal energy harvesting

May 21, 2018

A 10-fold increase in the ability to harvest mechanical and thermal energy over standard piezoelectric composites may be possible using a piezoelectric ceramic foam supported by a flexible polymer support, according to Penn ...

Self-assembling 3-D battery would charge in seconds

May 17, 2018

The world is a big place, but it's gotten smaller with the advent of technologies that put people from across the globe in the palm of one's hand. And as the world has shrunk, it has also demanded that things happen ever ...

11 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

LED Guy
5 / 5 (2) Jan 12, 2018
Hmmmmm, a major security flaw that requires physical access to your laptop.

I would hazard a guess that practices that allow a hacker physical access to laptops are a bigger issue and the real threat.
galab-13
5 / 5 (2) Jan 12, 2018
If I have physical access to a computer I won't bother exploiting hardware flaws... just saying. There are plenty of easy ways to gain full remote control. The CPU manufacturer is irrelevant.
SkyLy
5 / 5 (3) Jan 12, 2018
I just discovered a security flaw that affects billions of computers around the world, if the user has physical access to a computer and possess a hammer, he could do unbelievable damage to the infected computer. A major fix is needed.
mackita
5 / 5 (1) Jan 12, 2018
This technology was suspicious and buggy from its very beginning...
Pkunk_
5 / 5 (1) Jan 13, 2018
This technology https://www.fsf.o...chnology from its very beginning...

I agree. AMT was incredibly broken and ill thought out right from the start & I could never get it to work for what it was intended. Most users dont need to worry as only Workstation chipsets by Intel support AMT, not the consumer oriented ones.
Thorium Boy
not rated yet Jan 13, 2018
I always hated Intel. An odious company, corrupt beyond measure. I switched to AMD when the 386DX-40 came out and never went back.
Da Schneib
not rated yet Jan 13, 2018
Meh. If I have physical access I pwn it anyway. Clickbait detected. Bad physorg, naughty.
xponen
not rated yet Jan 13, 2018
@Da Schneib ,our laptop always come from someone else right?
Da Schneib
not rated yet Jan 13, 2018
Not if you don't use Kaspersky security software on it.
Parsec
not rated yet Jan 14, 2018
A lot of commenters have a failure of imagination where this sort of flaw could be a very bad thing. If a untraceable physical contact with the computer allows control without the owner's permission, then software or data loaded onto the computer after that can be retrieved. In fact, the infection would last, probably undetectable, until someone removed it.
Da Schneib
not rated yet Jan 14, 2018
@Parsec, since it depends upon flaws in a particular chipset that is only distributed to corporate users and not available to the general public I think you have to consider that only corporate laptops have the vulnerability.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.