A Finnish cybersecurity specialist F-Secure said that they found a new security flaw in the hardware of Intel that might enable hackers to be able to access all the corporate laptops remotely. This statement by F-Secure came out this Friday.
The statement said that the flaw had no relation with Meltdown and Spectre vulnerabilities that were recently found in various micro-chips that are used in most of the smartphones, tablets, and computers today.
The issue was within Intel’s AMT i.e. Active Management Technology and this technology is commonly found in the corporate laptops. Due to this technology, the attacker can take complete control of the device of the user in just a few seconds.
Harry Sintonen, the F-Secure consultant who discovered the flaw said that the destructive potential of this flaw was unbelievable and the simplicity of the attack was almost shocking. Even with the best security measures, this flaw might provide the hacker complete control over the laptop.
The attacker would need physical access at first to start the attack. Once they have re-configured this AMT, it would act as a backdoor to the entire machine and they would be able to access the device remotely by connecting to the same network as the affected user.
The attacker could also program AMT in such a way that it can connect to their own server, thus eliminating the need to be on the same network. No security measures were able to prevent the exploitation of this issue, according to F-Secure. These security measures included anti-malware software, firewalls or full disk encryptions.
A successful attack would ensure that there is a complete loss of CIA i.e. Confidentiality, Integrity and Availability. Due to the recent discovery of Meltdown and Spectre vulnerabilities in Intel, AMD and ARM chips, a lot of companies are releasing patches and updates to eliminate this flaw.
Intel said that they appreciated the experts who highlighted this issue and they would guide OEMs to configure their systems to ensure that this problem doesn’t cause serious security breaches.