Intel Reels After ‘Deceptively Easy’ Laptop Exploit Is Revealed

After more than three decades as the leader in desktop and laptop processors, Intel’s reputation is in big trouble. Following on the heels of the Spectre and Meltdown vulnerabilities, F-Secure has revealed a new flaw that allows a hacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM (Trusted Platform Module) PINs.

It affects most, if not all laptops that support Intel Management Engine/Intel AMT. Here’s what you need to know.

F-Secure said; “In practice, it can give an attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”

The researcher who discovered the flaw last July said the vulnerability can be exploited in about a minute but initially requires physical access to the computer.

An attacker needs to boot the computer and press Ctrl-P to access the Intel Management Engine BIOS Extension using the default password, “admin,” which is unlikely to have been changed said F-Secure. From there, the system can be configured to allow the hackers remote access whenever the threat actor and compromised system are on the same wireless or wired network.

Mitigating this risk is reasonably easy. Don’t leave your computer unattended in a public place and change the AMT password even if you don’t expect to use the feature.


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments


3 responses to “Intel Reels After ‘Deceptively Easy’ Laptop Exploit Is Revealed”

Leave a Reply