
Intel AMT flaw allows credential bypass - vermilingua
https://press.f-secure.com/2018/01/12/intel-amt-security-issue-lets-attackers-bypass-login-credentials-in-corporate-laptops/
======
taspeotis
[https://news.ycombinator.com/item?id=16131932](https://news.ycombinator.com/item?id=16131932)

    
    
        A Security Issue in Intel’s Active Management Technology (f-secure.com)
        139 points by buovjaga 2 days ago | 33 comments

------
013a
This is confusing. Does the exploit really entirely hinge on administrators
not changing the default password? How the hell is that an exploit? Is
F-Secure just trying to ride the hate-Intel Meltdown bandwagon?

~~~
Spivak
Becuase this is a very real practical exploit. Having such grossly insecire
defaults is a security issue. Intel AMT should be disabled by default and
enabled from the BIOS after the password is provided.

~~~
cherioo
The issue here is there's no way to physically provide a password to user
without also handing it to the adversary.

AMT could be protected, or AMT disabled and BIOS protected, by unique password
printed onto laptop, neither of which will prevent adversary with physical
access.

~~~
reacweb
All computer should be sold with a small card listing all the unique default
passwords and private keys. Maybe a bunch of QR codes may help the type in.

------
NegativeLatency
> To exploit this, all an attacker needs to do is reboot or power up the
> target machine and press CTRL-P during bootup. The attacker then may log
> into Intel Management Engine BIOS Extension (MEBx) using the default
> password, “admin,” as this default is most likely unchanged on most
> corporate laptops.

Classic

------
dogma1138
Oh not this again the default password ‘admin’ is literarily from the MBEx
user guide:

[https://www.intel.com/content/dam/support/us/en/documents/mo...](https://www.intel.com/content/dam/support/us/en/documents/motherboards/desktop/sb/intel_mebx_user_guide_for_7series.pdf)

This is at best a known weak configuration not a vulnerability.

The problem is that the PW isn’t saved anywhere where Intel can touch it, some
manufacturers pre-set the password some don’t. However the instructions are
login with default and change the god damn password it even ״forces” you to do
that on provisioning.

~~~
jmanderley
Routers don't all come with the same WiFi password, why should this be any
different? Most people probably won't even know about this feature, therefore
will never "provision" it.

~~~
dogma1138
Quite a few of them do, in fact the likilihood of your router having a fixed
default password increases with it being less of a consumer oriented product,
most SOHO and above routers as well as other equipment does comes with a known
default password.

This feature isn’t turned on by default, someone had to go into the BIOS and
enabled it. This feature is also not available on non enterprise consumer
laptops.

------
cbg0
While this is a problem, all bets are off in terms of security when a bad
actor has access to your hardware.

~~~
anyfoo
That’s an outdated notion. You can’t do very much with a stolen iOS device.

~~~
cube2222
Same for Android since 7.0/8.0 (not sure which). Trying to factory reset the
phone somehow wouldn't remove the Google account and would leave the screen
lock enabled.

------
dfabulich
Does this affect Macs?

~~~
NegativeLatency
Doesn't sound like it, as far as I know there's no mgmt engine on Apple
hardware

~~~
dingo_bat
I thought Intel ME is embedded into the CPU die itself. Unless Apple actively
disables it like some niche manufacturers, it is present and enabled.

~~~
denkmoon
ME and AMT aren't the same thing. AMT uses the ME, but the presence of ME does
not imply the presence of AMT.

Apple doesn't sell any products with vPro as far as I know, and certainly
doesn't offer any way of configuring it pre-boot.

------
_pmf_
What's mid boggling is that Intel will very likely get away scot free from all
of this. If anything, it will provide a nice boost for newer Intel CPUs.

It's marvelous.

