[SingCERT] Alert on Intel Active Management Technology (AMT) Issue

Published on Saturday, 13 January 2018 11:52

[Updated on 24th Jan 2018 with latest advice from Intel]

Background

On 12 January 2018, security firm F-Secure reported an insecure default behaviour within Intel Active Management Technology (AMT) that could allow an attacker to bypass login processes and take control of a user's computer.

AMT is a feature that comes with Intel-based chipsets to enhance the manageability of computers; it allows IT Administrators to remotely manage and repair a large pool of machines in their organisation.

Affected

This issue mainly affects corporate users with the Intel AMT feature enabled with default "admin" password.

Impact

The issue allows anyone with physical access to the affected computer to bypass the need to enter login credentials and enable remote administration for later exploitation.

Recommendations

Users are advised to watch out for the coming update from Intel.

  • Exploiting the issue requires physical access. Users can protect their computers by not leaving them unattended in public areas.
  • Users can mitigate the risk by changing its default password "admin" to something secure.
  • Users who do not need this Intel AMT feature can choose to disable it.
References

https://thehackernews.com/2018/01/intel-amt-vulnerability.html

[24th Jan 2018] https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/