• 01444 416641
  • This email address is being protected from spambots. You need JavaScript enabled to view it.

Blog

The latest news from South East Business Systems

Intel chip flaw allows hackers to hijack thousands of PCs

Another security vulnerability has been revealed that poses a significant risk for thousands of PCs running Intel processors. The remote hijacking flaw has lurked in Intel chips for at least seven years, allowes hackers to remotely gain administrative control over huge fleets of computers without entering a password.

 The flaw, which exists in Intel vPro processors, affects the Active Management Technology, or AMT, feature. AMT lets administrators manage machines via remote connections, and the vulnerability allows attackers to bypass authentication and utilize the same capabilities

AMT, which is available with most vPro processors, was set up to require a password before it could be remotely accessed over a Web browser interface. But that authentication mechanism can be simply bypassed by entering any text string or even no text at all. According to a blog post published Friday by Tenable Network Security, the cryptographic hash that the interface's digest access authentication requires to verify someone is authorized to log in can be anything at all, including no string at all.

Tenable Network Security Describe the flaw as follows

"… we reduced the response hash to one hex digit and authentication still worked. Continuing to dig, we used a NULL/empty response hash (response=”” in the HTTP Authorization header). Authentication still worked. We had discovered a complete bypass of the authentication scheme."

Intel indicated in a blog post that PC manufacturers should be releasing patches for affected systems within the week. It also posts a tool to locate and diagnose vulnerable systems. Fujitsu, HP, and Lenovo have provided information on their own affected systems. So far, the Shodan security search engine (You'll need to sign up to see the results) has located more than 8,500 machines that are vulnerable to attack.

The following page at the Register further details how the exploit works.

Here at SEBS we can confirmed no machines supplied by ourselves have AMT access enabled when installed.

 


South East Business Systems is a limited company registered in England Reg No: 1477938 Vat No: GB 315 942 164
2-8 Sussex Road, Haywards Heath, West Sussex, RH16 4EA

Get Email Updates

© 2017 South East Business Systems. All Rights Reserved.

Please publish modules in offcanvas position.