Trending

Stories

Intel to Head Into More Trouble as Researcher Finds New Loopholes

Tidio Live Chat Software - Add Tidio live chat software to your website in minutes. Contact visitors and turn them into happy customers. Enhance their experience and boost your sales. Get it for Free

WP Rocket - WordPress Caching Plugin

Must Read

Oindrila Banerjee
Oindrila Banerjee
A English Literature student, love reading books, love literature and history, and enthusiastic about travelling. She likes to read random pieces of information and like watching films. She likes how refreshing it is to learn something new everyday. Her goal is to earn enough to take a trip round the globe.

In a video posted by a Finnish researcher at F-Secure, Harry Sintonen has revealed shocking details about a new Intel loophole that he discovered in Intel’s new Active Management Technology (AMT). The new loophole gives colors to an IT security officer’s worst nightmares. It allows a hacker to gain access to the computer remotely.

AMT provides IT departments and managed service providers with the ability to better control their device fleets and maintain corporate-grade PCs by giving them a solution for remote access monitoring. This same AMT can be exploited by hackers in the new loophole found by Sintonen.

Also Read

Outlining the process by which this can be achieved, Sintonen has said that a local intruder can start rebooting the targeted device, followed by entering the boot menu. While ideally, an attacker would be stopped here since he wouldn’t know the BIOS password, in this situation, he can use Intel’s Management Engine BIOS Extension and log in with the default password, “admin”, which, in most cases, remains unchanged by the user. This would allow the hacker to enable remote access and set AMT’s user opt-in to “None”, thus compromising the machine. The only other thing that would be left for the hacker to do would be to use the same network segment as the victim.

The successful exploitation of the Intel loophole can be completed by physically stealing the machine. And this is usually a cakewalk for a trained cyber-criminal. To quote Harry Sintonen, this can be done in the following way: “Attackers have identified and located a target they wish to exploit. They approach the target in a public place – an airport, a café or a hotel lobby – and engage in an ‘evil maid’ scenario. Essentially, one attacker distracts the mark, while the other briefly gains access to his or her laptop. The attack doesn’t require a lot of time – the whole operation can take well under a minute to complete.”

Elegant Themes - The most popular WordPress theme in the world and the ultimate WordPress Page Builder. Get a 30-day money-back guarantee. Get it for Free

To combat the Intel loophole, the system provisioning process should be updated to make way for a strong password to be set for the AMT or to have it dissolved altogether. IT should also ensure that the procedure has been followed in all machines that are in use. Apart from this, the device user should ensure that the device is left unguarded at no point in time; and if the user notices that the AMT password has been changed and set to an unknown value, he should consider the device as a suspect and initiate incident response. Although no statement has been issued by Intel so far, users are advised to exercise caution when using their Intel-powered devices.

iThemes WordPress Hosting

Stay updated

Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.

Latest

Stories

- Advertisement -
- Advertisement -

Latest

Grow Your Business

Place your brand in front of tech-savvy audience. Partner with us to build brand awareness, increase website traffic, generate qualified leads, and grow your business.

- Advertisement -

Grow Your Business

Get these business solutions, tools and services to help your business grow.
Elementor

Elementor -Join 5,000,000+ Professionals Who Build Better Sites With Elementor. Build your website with 100% visual design that loads faster and speeds up the process of building them.

WP Rocket

WP Rocket - Speed up your website with the most powerful caching plugin in the world. The website speed increase means better SEO ranking, user experience, and conversation. It’s a fact that Google loves a fast site.

Kinsta

Kinsta - If you are looking for WordPress managed hosting, Kinsta is in the leading front. Kinsta provides WordPress hosting for a small or large business that helps take care of all your needs regarding your website with cutting-edge technology.

OptinMonster

OptinMonster - Instantly boost leads and grow revenue with the #1 most powerful conversion optimization toolkit in the world. 700,000+ websites are using OptinMonster to turn their traffic into leads, subscribers, and sales.

Related

- Advertisement -
- Advertisement -
ChatGPT Reaches 100 Million Users in Two Months Microsoft’s Teams Get OpenAI-Based Features WhatsApp New Feature that Allows Users to Create Calling Shortcuts Instagram Working On Twitter-like Paid Verification Feature OnePlus Ace 2 Specs Exposed Online Realme GT Neo 5 Full Specs Revealed  Samsung Galaxy S23 Ultra: The New Android King Twitter To End Free API February 9 MLS Season Pass Now Available On Apple TV App Tesla To Increase Giga Shanghai EV Production to 20,000 Weekly 
OpenAI Releases Tool To Detect AI-generated Text Tesla Records Double Net Profit in 2022 India to Produce Upcoming iPhones: Trade Minister Japanese Professor Developed A Power Semiconductor made of Diamond Google Releases New Product for India’s Merchants Indian EV Startup Unveil Two AutoBalancing Electric Scooters OPPO Find X6 Pro Images Render via Weibo Sony Develops New Tech to Reduce Noise of Image Sensors