ICT Security-Sécurité PC et Internet

Über eine Lücke in Intel AMT können Angreifer sich binnen Sekunden den Zugriff auf Laptops verschaffen. So schützen Sie sich.

Die Sicherheitsexperten von F-Secure warnen vor einer Lücke in Intel AMT, die es Angreifern erlaubt, binnen weniger Sekunden die Kontrolle über Notebooks zu übernehmen. Schuld daran sind unsichere Standardeinstellungen in Intel AMT, durch die Angreifer das Nutzer- und BIOS-Passwort und den Bitlocker- und TMP-Schutz umgehen können, um Hintertüren auf den Geräten zu installieren.

Betroffen sind Firmen-Notebooks, in denen Intels Active Management Technology (ATM) zum Einsatz kommt, wodurch die Geräte von IT-Abteilungen verwaltet und aus der Ferne gewartet werden können. Intel AMT stand schon öfters wegen Sicherheitsproblemen in der Kritik. Bei der neuesten Schwachstelle bezeichnet F-Secure Angriffe als „fast schon lächerlich einfach“.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=intel

New AMT Vulnerability
F-Secure researchers found a new vulnerability in AMT that could allow anyone to bypass BitLocker encryption, BIOS password, TPM Pin, and login credentials on most laptops in less than a minute.

“The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures,” said Harry Sintonen, the F-Secure security consultant who discovered the bug.

Normally, when you reboot a machine and try to access the boot menu, you should encounter a BIOS password. However, most users don’t set one. Even if the users do set-up a BIOS password, the attacker can access the Intel Management BIOS Extension (MEBx). This functionality typically comes with the default “admin” password, unless it’s been changed by the PC vendor or the user.

The attacker could then change the MEBx password, enable remote access via AMT, and set the user “opt-in” to “none” in order to compromise the machine. This allows the attacker to control the machine remotely afterwards, as well as access the machine’s network. As a real world example of how this could be used, this could allow, for instance, border agents to gain access to your laptop remotely after they confiscate it temporarily in the airport to check its contents.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=intel

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bitlocker+ByPass

Mozilla confirms everybody's worst fears
In research published online late last night, Google didn't provide specific ways in which an attack could take place, but many security experts that looked over the Meltdown and Spectre academic papers said that web-based attacks are possible, and not just attacks using locally-delivered malicious code.

Hours after Google's announcement, Mozilla confirmed everybody's worst fear, that both Meltdown and Spectre are remotely exploitable by embedding attack code in mundane JavaScript files delivered via web pages.

"Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins," said Luke Wagner, a software engineer with the Mozilla Foundation.

Firefox added Meltdown and Spectre mitigations in November 2017
Details about the Meltdown and Spectre flaws had been shared with Mozilla since last year, and Wagner says that Firefox 57, released in mid-November, already includes some countermeasures.

Both Meltdown and Spectre are side-channel attacks that produce leak memory data. They both rely on the ability to very precisely measure time to deliver exploits that leak memory data.

To hinder the attacks' efficiency, Mozilla says it reduced the precision of Firefox's internal timer functions. This is not a full mitigation, but just an efficient and clever workaround.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Meltdown+and+Spectre+Attacks

A security vulnerability in Intel's Active Management Technology (AMT) remote access monitoring and maintenance platform could allow attackers to bypass logins and place a backdoor on a laptop, enabling remote access and operation of the machine.

Intel AMT is commonly found on computers with Intel vPro-enabled processors as well as systems based on some Intel Xeon processors.

Details of the vulnerability -- which can lead to a clean device being compromised in under a minute and can bypass the BIOS password, TPM Pin, BitLocker and login credentials -- have been outlined by researchers at F-Secure.

"The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual's work laptop, despite even the most extensive security measures," said Harry Sintonen, senior security consultant at F-Secure.

This vulnerability is unrelated to the Spectre and Meltdown security flaws found to be embedded in the fundamental design of processors and which are thought to exist in some form in most Intel CPUs since 1995.

"We appreciate the security research community calling attention to the fact that some system manufacturers have not configured their systems to protect Intel Management Engine BIOS Extension (MEBx)," an Intel spokesperson told ZDNet.

"We issued guidance on best configuration practices in 2015 and updated it in November 2017, and we strongly urge OEMs to configure their systems to maximize security. Those best configuration practices include running with the least privileged access, keeping firmware, security software and operating systems up to date."

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=intel

Security researchers have pinpointed another major security hole in Intel processors, in addition to the security holes in the Intel Management Engine and the Meltdown flaw that hits Intel CPUs uniquely hard. This time, it’s an issue with Intel’s Active Management Technology (AMT), a feature typically reserved for systems that support Intel vPro or workstation platforms with certain Xeon CPUs.

The Intel AMT is designed to allow administrators to access and update PCs, even if those PCs are turned off. All they need is an internet connection and a wall socket and they can be updated. That’s a useful tool for large multinational firms with far-flung employees, but it’s also a potential security risk. F-Secure has published information highlighting how easily an attacker with even brief local access can gain full access to an entire machine. Here’s how they describe the problem:

From here, the possibilities are endless. Even firmware-based malware can be easily uploaded to the system with no chance of detection. And while local access might seem a tough barrier to crack, it’s not as hard as it seems. The changes can be made in under a minute, according to F-Secure. It may not be the kind of attack that gets deployed across thousands of systems on a corporate local network — at least not without additional steps — but it’s exactly the kind of targeted attack a government agency might use. And more to the point, it illustrates that Intel CPUs are once again vulnerable to set of management capabilities that Intel decided to sandbox entirely from the primary operating system.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet

https://www.scoop.it/t/securite-pc-et-internet/?&tag=intel

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bitlocker+ByPass

Vereinfacht gesagt: Jeder Desktop-Rechner und jedes Notebook mit einem einigermaßen aktuellen Intel-Prozessor sowie viele Serversysteme sind für die Übernahme durch feindlich gesinnte Angreifer anfällig. Der Angreifer kann zum Beispiel auf dem fremden System seinen Code ausführen, ohne dass der PC-Besitzer das mitbekommt und den gekaperten Rechner auch abstürzen lassen.

Mit diesem Gratis-Tool prüfen Sie Ihren Rechner

Mit diesem kostenlosen englischsprachigen Intel-SA-00086 Detection Tool können Besitzer von Rechnern mit Windows 7, 8.1 und 10 sowie mit Linux ihre Rechner daraufhin prüfen, ob die Sicherheitslücke vorhanden ist. Die Windows-Version liegt als ZIP vor, die Linuxversion als tar.gz.

Learn more / En savoir plus / Mehr erfahren:

https://downloadcenter.intel.com/download/27150