ICT Security-Sécurité PC et Internet

New AMT Vulnerability
F-Secure researchers found a new vulnerability in AMT that could allow anyone to bypass BitLocker encryption, BIOS password, TPM Pin, and login credentials on most laptops in less than a minute.

“The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures,” said Harry Sintonen, the F-Secure security consultant who discovered the bug.

Normally, when you reboot a machine and try to access the boot menu, you should encounter a BIOS password. However, most users don’t set one. Even if the users do set-up a BIOS password, the attacker can access the Intel Management BIOS Extension (MEBx). This functionality typically comes with the default “admin” password, unless it’s been changed by the PC vendor or the user.

The attacker could then change the MEBx password, enable remote access via AMT, and set the user “opt-in” to “none” in order to compromise the machine. This allows the attacker to control the machine remotely afterwards, as well as access the machine’s network. As a real world example of how this could be used, this could allow, for instance, border agents to gain access to your laptop remotely after they confiscate it temporarily in the airport to check its contents.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=intel

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bitlocker+ByPass

Security researchers have pinpointed another major security hole in Intel processors, in addition to the security holes in the Intel Management Engine and the Meltdown flaw that hits Intel CPUs uniquely hard. This time, it’s an issue with Intel’s Active Management Technology (AMT), a feature typically reserved for systems that support Intel vPro or workstation platforms with certain Xeon CPUs.

The Intel AMT is designed to allow administrators to access and update PCs, even if those PCs are turned off. All they need is an internet connection and a wall socket and they can be updated. That’s a useful tool for large multinational firms with far-flung employees, but it’s also a potential security risk. F-Secure has published information highlighting how easily an attacker with even brief local access can gain full access to an entire machine. Here’s how they describe the problem:

From here, the possibilities are endless. Even firmware-based malware can be easily uploaded to the system with no chance of detection. And while local access might seem a tough barrier to crack, it’s not as hard as it seems. The changes can be made in under a minute, according to F-Secure. It may not be the kind of attack that gets deployed across thousands of systems on a corporate local network — at least not without additional steps — but it’s exactly the kind of targeted attack a government agency might use. And more to the point, it illustrates that Intel CPUs are once again vulnerable to set of management capabilities that Intel decided to sandbox entirely from the primary operating system.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet

https://www.scoop.it/t/securite-pc-et-internet/?&tag=intel

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bitlocker+ByPass