A Finnish firm detected a new security flaw in Intel that could let hackers get into corporate laptops and have a remote access, Finnish cybersecurity specialist F-secure said on Friday (January 11).
Nowadays, almost all people around the world have gadgets such as smart phones, laptops and computers to access the internet. But how sure are we that we have enough security and privacy to store such important information in those gadgets?
F-secure clarified that this security flaw doesn’t have any connections with “Spectre” and “Meltdown” vulnerabilities recently found in the micro-chips that are used in almost all smart phones, laptops and other gadgets today.
It was rather an issue within Intel Active Management Technology (AMT) which is commonly found in most corporate laptops and allows an attacker to take control of the device in just a matter of seconds. They also said that it can affect millions of laptops globally.
The flaw was of “an almost shocking simplicity, but its destructive potential is unbelievable. It can give the hacker complete control over the device despite of the best security measures there is,” said F-Secure consultant Harry Sintonen, who discovered it.
Finnish Firm is Very Observant
In this video, Harry Sintonen further explained how the hackers may access the device through Intel AMT.
The hacker must have a physical access on the device first. If they have already configured AMT, they could successfully “backdoor” the device and remotely control it using the same wired or wireless connections as the user. But in some cases, the attacker may program AMT to their own server so that they won’t need to use the same connections with the victim, F-secure said.
Also, there’s no other security measures such as full-disk encryption, local firewall, malware software or VPN to prevent this attack from happening.
A successful attempt will give the hackers access to all the information and data stored on the affected device and may lead to the loss of integrity and privacy of the owner.
“Organizations have to put up a very strong and secured password or just eliminate AMT to prevent such attacks”, said F-secure consultant Sintonen.
Recently, there was a discovery of “Spectre” and “Meltdown” vulnerabilities in micro-chips found in smart phones and other devices that were made by Intel, AMD and ARM. It made a noise that led to big companies such as Amazon, Mozilla, Google and Microsoft to rush updates and patches to remove the flaw.