Intel is off to a rough start in 2018 with yet another security issue found impacting their products. Coming fast on the heels of Spectre and Meltdown is a security vulnerability in Intel's Active Management Technology (AMT). The Intel Core processor with vPro feature is intended to help IT staff manage networked assets. Ironically, it is supposed to help administrators protect devices. This security risk flushes all that down the toilet. According to researchers at F-Secure, "The issue allows a local intruder to backdoor almost any corporate laptop in a matter of seconds, even if the BIOS password, TPM Pin, Bitlocker and login credentials are in place. No, we're not making this stuff up." This flaw has a high destructive potential and can be executed very quickly. The attacker does need to have physical access to the laptop but there are several scenarios where this could prove to be a trivial issue. Harry Sintonen, one of F-Secure's senior security consultants, describes using the 'evil maid' scenario. This is where a pair of attackers identify a target and while one distracts the mark, the other accesses the computer. Since the exploit can be completed in seconds, this tactic is quite viable.

The way the attack is accomplished is by rebooting the computer and then entering the boot menu. In most circumstances, this is the end of the line for an attacker because any competent IT pro would have enabled the BIOS password and the exploit could go no further. However, on AMT machines, the attacker can select Intel's Management Engine BIOS Extension (MEBx) and log in using the default password 'admin.' They can then change the password, enable remote access and set the user's opt-in to 'None.' What he has essentially done here is set up the machine to allow remote access without the user's knowledge that the computer is being exploited. To remote in, the attacker does have to be on the same network segment. However, Sintonen says that wireless access can be achieved with only a few extra steps.