Skip to main content
  1. Home
  2. Computing
  3. News

Intel AMT firmware suffers security flaw even when machines are off

Mark Coppock
By

8th gen intel core launch
Image used with permission by copyright holder
Another security vulnerability has been revealed that poses a significant risk for a number of PCs running Intel chipsets or processors. This one’s a bit different — and potentially more dangerous — than many other vulnerabilities in that it targets business-class systems in particular. It can also affect machines that aren’t even running.

The flaw, which exists in certain Intel chipset firmware versions utilized by some systems with vPro processors, affects the Active Management Technology, or AMT, feature. AMT lets administrators manage machines via remote connections, and the vulnerability allows attackers to bypass authentication and utilize the same capabilities, Ars Technica reports.

Recommended Videos

AMT is a part of the remote access features of some systems that allow remote access to a machine even when it’s shut down. As long as such a machine has power, it can by design be accessed with all the intended remote capabilities enabled.

Related

Intel designed AMT to demand a password before allowing remote access via web browser. Unfortunately, the flaw allows attackers to bypass the AMT system’s usual authentication requirement. Tenable Network Security, which has created what it characterizes as the first Intel AMT vulnerability detection capability, describes the flaw as follows:

” … we reduced the response hash to one hex digit and authentication still worked. Continuing to dig, we used a NULL/empty response hash (response=”” in the HTTP Authorization header). Authentication still worked. We had discovered a complete bypass of the authentication scheme.”

As Ars Technica points out, the issue is made even worse by the AMT feature’s design, in which network traffic is passed through the Intel Management Engine and to the AMT, bypassing the operating system. That means that there’s no record of unauthorized access.

Intel indicated in a blog post that PC manufacturers should be releasing patches for affected systems within the week. It also posts a tool to locate and diagnose vulnerable systems. Fujitsu, HP, and Lenovo have provided information on their own affected systems. So far, the Shodan security search engine has located more than 8,500 machines that are vulnerable to attack.

Updated on 5-10-2017 by Mark Coppock: Clarified that the flaw exists in certain chipset firmware and not inherent in Intel vPro processors and removed the incorrect reference to any empty text field being able to bypass AMT authentication.

Editors' Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Amazon deals: TVs, laptops, headphones and more
iPad Air on a white background.

Amazon is one of the most popular retailers on the planet. It has almost anything and everything you could hope to shop for, and that includes tech like laptops, headphones, TVs, and even devices made to make life around the home a little easier. And whether you’re shopping for one of the best smart home devices or something more tailored to work or play, Amazon always shows up with ways to save. Right now it has a ton of laptop deals, TV deals, headphone deals, and more to shop. We’ve walked down the aisles of Amazon and picked out what we feel are some deals worth shopping, so read onward for more details.
Vizio 50-inch V-Series 4K smart TV — $223, was $360

The Vizio V-Series 4K Smart TV amazing picture quality for its price point, as well as a wide variety of smart features. It has an IQ Active Processor that delivers superior picture processing. This processor also enables the TV to upscale all of your favorite HD content into 4K quality as you watch. This TV also features a gaming engine that makes gameplay more responsive with less lag and a high refresh rate. This is something to consider if you’re a gamer and somebody who likes to watch fast-paced content such as sports and action movies.

Read more
How to delete files on a Chromebook
HP Dragonfly Pro Chromebook top down view showing keyboard and touchpad.

Your Chromebook has quickly become your everyday computer. Using it for just about everything, including web browsing, word processing, gaming, and social media, we bet there’s going to come a time when you need to delete some files from your PC. Doing so will not only allow you to store more media locally, but it should also help to improve the performance of your go-to Chromebook device.

Read more
Best gaming chair deals: Save on Corsair, Razer, and more
Razer - Iskur Gaming Chair.

Sitting down to play video games for hours and hours can be a lot of fun, but it can also be pretty bad for your health. Beyond just the lack of circulation, most modern chairs are not really made to have us sit in them for long periods, and so they don't offer things like lumbar support or breath to help keep us cool. Luckily, gaming chairs have come to the rescue, and if you're looking to at least help keep your body safe and healthy, going for a gaming chair can make a big difference. That said, gaming chairs can be quite expensive, which is why we've gone out and found some of our favorite gaming chair deals for you to pick from.
Homall Massage Gaming Chair -- $85, was $170

The Homall Massage Gaming Chair is affordable, but it will get the job done of keeping you comfortable while playing video games with its ergonomic design and high-quality PU leather materials. It's got head and waist pillows with a massage function that sets it apart from other cheap gaming chairs. The backrest can recline between 90 degrees and 180 degrees so you can find the perfect angle, and it also has a retractable footrest for an extra sitting position.

Read more