How it works

A remote flaw lurking in Intel chips for the past seven years was more serious than anyone imagined as it allowed for hackers to remotely gain access over several machines without needing passwords. This would grant them full access to fleets of computers and their files and allows them to install computer viruses even when the machine is turned off.

Researchers at Embedi security group discovered the problem and had gone further to publish details showing hackers do not need a password for them to get into the system, which of course prompted Intel to admit to the security issues.

How it works

The bypass vulnerability has been identified within the Active Management Technology feature dubbed the AMT. This feature allows the system administrators to perform several tasks over remote connections. This entails changing code which boots the machine, access to the hardware such as, mouse, keyboard and monitor as well as the loading and implementation of program, not to mention remote booting.

Advertisement

As if it were not bad enough, unauthorized access of this sort are not usually logged by the machine considering the AMT has direct access to the network hardware of the PC. When AMT is enabled all of the network packers are then ushered to the Intel Management Engine and then it goes to the AMT.

As such, there is complete bypass of operating system. The management features are available in some machines but not every Intel chipset dating 7 years ago.

Extent of the damage

Intel advisory claimed systems including servers and desktops which go back as early as 2010 and 2011 which ran firmware 6.0 and later were exposed to the problem.

However, Embedi refuted this claiming that any affected Internet facing device that had open ports such as 16992 and 16993 were at risk. The access to ports 1692/16993 apparently are the only thing needed for hackers to successfully perform an attack on the systems.

Since this information became public knowledge, Monitors have seen increased probing activity to test the theory of the two stated ports. A search performed on Shodan which is a search engine for databases and ports reveals more than 8500 devices are vulnerable, at the present, with at least 3000 of them being in the United States.

Intel released a statement claiming that it was working with hardware partners to address the issue and expect the manufacturers to make the necessary updates beginning this week. Thus far, Fujitsu, HP and Dell have all given security advisories and have issued guidance as concerning when they would roll out fixes to the clientele.

Intel has had to react swiftly considering the security threat could damage its chip making market significantly for years to come. In this regard, they have published a discovery tool for clients to determine if their machines are affected.

Intel releases discovery tool

The discovery tool analyses the PC system for vulnerabilities. There is a set of instructions available for using the tool which is available on the download page for users that are not exactly tech-savvy.

The first link that one sees on the download page is the guide and the one which is below it is the discovery tool. The more versed tech gurus would know their stuff with the configurations of the system and networks and make use of the security advisory by Intel that has full details concerning vulnerability detection as well as, mitigation.

Comments

comments