Your new post is loading...
New AMT Vulnerability
F-Secure researchers found a new vulnerability in AMT that could allow anyone to bypass BitLocker encryption, BIOS password, TPM Pin, and login credentials on most laptops in less than a minute.
“The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures,” said Harry Sintonen, the F-Secure security consultant who discovered the bug.
Normally, when you reboot a machine and try to access the boot menu, you should encounter a BIOS password. However, most users don’t set one. Even if the users do set-up a BIOS password, the attacker can access the Intel Management BIOS Extension (MEBx). This functionality typically comes with the default “admin” password, unless it’s been changed by the PC vendor or the user.
The attacker could then change the MEBx password, enable remote access via AMT, and set the user “opt-in” to “none” in order to compromise the machine. This allows the attacker to control the machine remotely afterwards, as well as access the machine’s network. As a real world example of how this could be used, this could allow, for instance, border agents to gain access to your laptop remotely after they confiscate it temporarily in the airport to check its contents.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=intel
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bitlocker+ByPass
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=intel
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bitlocker+ByPass