The dust hasn’t even settled for Intel for the Meltdown and Spectre vulnerabilities, there is another one that is revealed by the F-Secure team which explains that a hacker can get a full access to your Windows 10 PC using a feature named as AMT. This vulnerability lets hacker to bypass the login and security screen.
For those who aren’t aware of AMT, its a short form of Intel Active Management Technology. This is only to be used by IT admins, and it allows them to remotely manage PCs to upgrade, repair and update. So while the Home users are pretty safe at this point, enterprise, and business are in trouble. According to F-Secure, it’s the first time such vulnerability with AMT. The only relief here is that it doesn’t work remotely, and the hacker will need to access your machine physically:
The issue allows a local intruder to backdoor almost any corporate laptop in a matter of seconds, even if the BIOS password, TPM Pin, Bitlocker and login credentials are in place. No, we’re not making this stuff up.
The setup is simple: an attacker starts by rebooting the target’s machine, after which they enter the boot menu. In a normal situation, an intruder would be stopped here; as they won’t know the BIOS password, they can’t really do anything harmful to the computer.
In this case, however, the attacker has a workaround: AMT. By selecting Intel’s Management Engine BIOS Extension (MEBx), they can log in using the default password “admin,” as this hasn’t most likely been changed by the user. By changing the default password, enabling remote access and setting AMT’s user opt-in to “None”, a quick-fingered cyber criminal has effectively compromised the machine. Now the attacker can gain access to the system remotely, as long as they’re able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps).
Although the successful exploitation of the security issue requires physical proximity, this might not be as difficult for skilled attackers to organize as you might think. Sintonen lays out one probable scenario, using techniques common to cyber criminals and red teamers alike.
“Attackers have identified and located a target they wish to exploit. They approach the target in a public place – an airport, a café or a hotel lobby – and engage in an ‘evil maid’ scenario. Essentially, one attacker distracts the mark, while the other briefly gains access to his or her laptop. The attack doesn’t require a lot of time – the whole operation can take well under a minute to complete,” Sintonen says.
Read more about it here