ICT Security-Sécurité PC et Internet
87.1K views | +0 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Intel AMT: Lücke erlaubt blitzschnelles Hacken eines Firmen-Laptops | #CyberSecurity #Awareness #NobodyIsPerfect

Intel AMT: Lücke erlaubt blitzschnelles Hacken eines Firmen-Laptops | #CyberSecurity #Awareness #NobodyIsPerfect | ICT Security-Sécurité PC et Internet | Scoop.it
From www.pcwelt.de - January 15, 2018 2:35 PM

Über eine Lücke in Intel AMT können Angreifer sich binnen Sekunden den Zugriff auf Laptops verschaffen. So schützen Sie sich.

Die Sicherheitsexperten von F-Secure warnen vor einer Lücke in Intel AMT, die es Angreifern erlaubt, binnen weniger Sekunden die Kontrolle über Notebooks zu übernehmen. Schuld daran sind unsichere Standardeinstellungen in Intel AMT, durch die Angreifer das Nutzer- und BIOS-Passwort und den Bitlocker- und TMP-Schutz umgehen können, um Hintertüren auf den Geräten zu installieren.

Betroffen sind Firmen-Notebooks, in denen Intels Active Management Technology (ATM) zum Einsatz kommt, wodurch die Geräte von IT-Abteilungen verwaltet und aus der Ferne gewartet werden können. Intel AMT stand schon öfters wegen Sicherheitsproblemen in der Kritik. Bei der neuesten Schwachstelle bezeichnet F-Secure Angriffe als „fast schon lächerlich einfach“.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=intel

 

 

Gust MEES's insight:

Über eine Lücke in Intel AMT können Angreifer sich binnen Sekunden den Zugriff auf Laptops verschaffen. So schützen Sie sich.

Die Sicherheitsexperten von F-Secure warnen vor einer Lücke in Intel AMT, die es Angreifern erlaubt, binnen weniger Sekunden die Kontrolle über Notebooks zu übernehmen. Schuld daran sind unsichere Standardeinstellungen in Intel AMT, durch die Angreifer das Nutzer- und BIOS-Passwort und den Bitlocker- und TMP-Schutz umgehen können, um Hintertüren auf den Geräten zu installieren.

Betroffen sind Firmen-Notebooks, in denen Intels Active Management Technology (ATM) zum Einsatz kommt, wodurch die Geräte von IT-Abteilungen verwaltet und aus der Ferne gewartet werden können. Intel AMT stand schon öfters wegen Sicherheitsproblemen in der Kritik. Bei der neuesten Schwachstelle bezeichnet F-Secure Angriffe als „fast schon lächerlich einfach“.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=intel

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Intel AMT security loophole could allow hackers to seize control of laptops | #CyberSecurity #Awareness #NobodyIsPerfect

Intel AMT security loophole could allow hackers to seize control of laptops | #CyberSecurity #Awareness #NobodyIsPerfect | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - January 15, 2018 12:43 PM
A security vulnerability in Intel's Active Management Technology (AMT) remote access monitoring and maintenance platform could allow attackers to bypass logins and place a backdoor on a laptop, enabling remote access and operation of the machine.

Intel AMT is commonly found on computers with Intel vPro-enabled processors as well as systems based on some Intel Xeon processors.

Details of the vulnerability -- which can lead to a clean device being compromised in under a minute and can bypass the BIOS password, TPM Pin, BitLocker and login credentials -- have been outlined by researchers at F-Secure.

"The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual's work laptop, despite even the most extensive security measures," said Harry Sintonen, senior security consultant at F-Secure.

This vulnerability is unrelated to the Spectre and Meltdown security flaws found to be embedded in the fundamental design of processors and which are thought to exist in some form in most Intel CPUs since 1995.

 

"We appreciate the security research community calling attention to the fact that some system manufacturers have not configured their systems to protect Intel Management Engine BIOS Extension (MEBx)," an Intel spokesperson told ZDNet.

 

"We issued guidance on best configuration practices in 2015 and updated it in November 2017, and we strongly urge OEMs to configure their systems to maximize security. Those best configuration practices include running with the least privileged access, keeping firmware, security software and operating systems up to date."

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=intel

 

Gust MEES's insight:
A security vulnerability in Intel's Active Management Technology (AMT) remote access monitoring and maintenance platform could allow attackers to bypass logins and place a backdoor on a laptop, enabling remote access and operation of the machine.

Intel AMT is commonly found on computers with Intel vPro-enabled processors as well as systems based on some Intel Xeon processors.

Details of the vulnerability -- which can lead to a clean device being compromised in under a minute and can bypass the BIOS password, TPM Pin, BitLocker and login credentials -- have been outlined by researchers at F-Secure.

"The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual's work laptop, despite even the most extensive security measures," said Harry Sintonen, senior security consultant at F-Secure.

This vulnerability is unrelated to the Spectre and Meltdown security flaws found to be embedded in the fundamental design of processors and which are thought to exist in some form in most Intel CPUs since 1995.

 

"We appreciate the security research community calling attention to the fact that some system manufacturers have not configured their systems to protect Intel Management Engine BIOS Extension (MEBx)," an Intel spokesperson told ZDNet.

 

"We issued guidance on best configuration practices in 2015 and updated it in November 2017, and we strongly urge OEMs to configure their systems to maximize security. Those best configuration practices include running with the least privileged access, keeping firmware, security software and operating systems up to date."

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=intel

 

more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn