New Security Flaw Hits Intel, Laptops this time

Guru3d.com ^ | 01/12/2018 06:01 PM | Hilbert Hagedoorn

[Ernest_at_the_Beach]

F-Secure has reported another serious flaw in Intel hardware, which could enable hackers to access corporate laptops. Standard password of Intels Management Engine BIOS Extension are rarely changed and can invoke business laptops vulnerable to unauthorized remote access, claims F-Secure. 

Intels Management Engine BIOS Extension, or MEBx, contains the standard log-in combination 'admin', 'admin' and because many users simply do not change it, according to F-Secure this opens the door to an easy to set-up attack. Attackers can open the BIOS Extension during startup with Ctrl + P, even if the user has set a bios password. Then they can manage settings of the Management Engine, reports dw.com.

"The issue potentially affects millions of laptops globally," said F-Secure consultant Harry Sintonen, who discovered the flaw. "It's of an almost shocking simplicity, but its destructive potential is unbelievable."

[Ernest_at_the_Beach]

Some links at the website for more info

[Red Badger]

Ping!...................

[Noumenon]

admin /admin. Seems legit.

[Rashputin]

None of these things are "flaws", they're all subtle backdoors that companies were told they'd include in their products way back when Algore was pumping the Clipper Chip. Clinton made it clear that any company not willing to play ball with the government wouldn't get one cent of government business and would be under constant close surveilance by the IRS and every other arm of the government that could be brought to bear.

All the big players agreed so the Clinton admin backed down on their drive for the Clipper Chip.

[Dr. Sivana]

Yes, that is exposure, but unless someone has physical access to the machine, not really a big deal. This won’t be an issue just from grabbing some malware.

And of course, those who are concerned can change the password. I understand that some important people use p@ssword.

[LouieFisk]

“once an attacker had the chance to reconfigure AMT (for which he would initially need physical access to the device in question)”
—
Pro tip: Don’t give you PCs or other devices to cyber criminals to monkey with.

[LouieFisk]

“I understand that some important people use p@ssword.”
—
“asdf” and “12345” works for me!

[gibsonguy]

Change the BIOS password at your peril if you change it and lose or forget it and have to get into the BIOS you are screwed but good.

[Bob434]

[[I understand that some important people use p@ssword]]

I’m smart- I use p@zzword

Oh darn it- forget i just said that

[Ernest_at_the_Beach]

And be careful where you drop it off for service.

[rdl6989]

I don’t mess with that for good reason.

[thulldud]

“asdf” and “12345” works for me!

"1-2-3-4-5"?!

That sounds like the password an IDIOT would have on his luggage!

(note to self: change password)

[huldah1776]

ah, so was that the huge update I had today?

[Buckeye McFrog]

Backdoor with a Democrap in the White House: Good

Backdoor with a Republican in the White House: Bad

I see how it works.

[Secret Agent Man]

Government does not have a problem getting to anyone’s machines if they want to.

[Rashputin]

You got it. Give yourself a little gold star.