Security firm F-Secure has discovered a vulnerability that could allow attackers to easily exploit Intel AMT (Active Management Technology), part of Intel vPro technology. announced.
Even if your PC is encrypted with BIOS passwords, TPM pincodes, and Windows BitLocker, you can get around this.
The attack method is very simple, the attacker first reboots the PC and enters the Intel Management Engine BIOS Extension (MEBx). The method to enter MEBx may differ depending on the PC, but most can be activated with the keyboard shortcut "Ctrl + P". And here you will be asked for a password, but in fact, the default password for MEBx is commonly "admin", and users rarely change it, so they can easily enter.
If the attacker sets any password on MEBx and enables remote access for any user, they can completely bypass the security measures set by the user and be in the same network segment as the target. As long as you use AMT's remote management capabilities, you will be able to access the KVM (keyboard/video/mouse).
Strictly speaking, this issue is not a "vulnerability". Similar to routers with default passwords of "admin" and "root". Also, since the attacker would need to control the target's PC from a short distance, moving the PC to a safer location would circumvent this problem. However, since ordinary users are unaware of the existence of MEBx and do not change their default passwords, the scope of impact is wide.
