A major hardware vulnerability in Intel's Active Management Technology (AMT) may place thousands of business and personal users at risk, Intel revealed on Friday.
Details of how to exploit this hardware vulnerability are now public but Intel is releasing a fix starting today to plug the said issue.
The Active Management Technology (AMT) hardware works independent of any operating system and is employed to allow system administrators re-image machines over remote connections. The hardware is installed in business computers not only running AMT but also other Intel hardware like Standard Manageability (ISM) and Small Business Technology (SBT).
Speaking with IBTimes UK, Cris Thomas, Strategist for Tenable Network Security, said that AMT obtains certain privileges to operate and is thus access-protected by a password. The vulnerability in question is that a hacker can access the hardware without having to type in a password. Even if a hacker didn't type in anything, the default admin account would still allow him to gain access to the hardware, which could indeed put thousands of Intel machines open for misuse.
Intel is releasing a firmware update today to address the issue but the worrying part is that the bug has been around for almost ten years without being detected. Intel hasn't commented on how many systems have already been compromised because of the said vulnerability, but has offered a roadmap to ensure no more systems are affected.
If you own a business PC running AMT, ISM or SBT and haven't received the firmware update, you can download a discovery tool from Intel's website which will analyse your system for hardware vulnerability. While some consumer PCs running the said hardware may also be affected, those running Intel's Server Platform Services are not affected by this vulnerability. You can also refer to Intel's mitigation guide to ensure your PC stays protected until the firmware arrives.
Being among the largest suppliers of PC hardware around the world, Intel has had its share of hiccups. Last year, the company fixed a vulnerability in Intel Driver Update Utility to help mitigate the use of a non-SSL URL when requesting updates from the firm. The vulnerability was disclosed to Intel by Core Security, which said the flaw “could result in integrity corruption of the transferred data, information leak and consequently code execution.”
A reason why the hardware vulnerability in AMT could continue for so long could be because of the poor utilisation of shared cyber threat intelligence. Last year, a McAfee Labs survey stated that just 42 per cent of security workers used shared cyber threat intelligence despite 97 per cent of those who shared saying they enable them to provide better protection for their organisations and stay more secure.
Malware behaviour (72 per cent), URL reputations (58 per cent), external IP address reputations (54 per cent), certificate reputations (43 per cent) and file reputations (37 per cent) were the types of information security professionals were most likely to share. But 54 per cent of those who do not share such intelligence said corporate policy was holding them back, while 24 per cent said they were interested but need more information.