Tuesday 16 May 2017

Intel chip flaw allows hackers to hijack thousands of PCs

Thousands of Window computers were exposed to remote hacking due to a security flaw in the Intel chip. Dating almost back to a decade, this bug allows hackers to remotely access the keyboard and mouse of a computer even when it’s switched off, thereby granting them complete access to that PC’s files and folders and allowing them to install viruses. In this defect, the “AMT” port security, used by IT departments to support and install softwares through remote access, can be easily bypassed by hackers.

This AMT feature is mostly used by IT administrators for remotely accessing computers for support, maintenance and software updates installation. AMT can also be accessed via a web browser interface which would be protected by an admin password and can be remotely accessed even the computer is off.Last week, Intel revealed that this defect in security meant allowing hackers to exploit computers but it is now appearing to be that one could gain access which would be as easy and simple as ignoring the requirement of a password while logging in.

The flaw was discovered by researchers at the Embedi security group and they have circulated further details disclosing that hackers could enter into a system through the AMT system by simply leaving the password field empty.Hackers can also gain entry into the system through networking ports. An address on an internal home network can easily be accessed with the help of a web browser.

Intel did not disclose any statistics on how many computers were affected because of this defect but a search on a public web ports-scanning website called Shodan revealed that more than 8,000 computers were affected. Compared to consumer desktops and laptops, this technology is present only corporate PCs but sensitive information could be exploited by hackers if they gain access.

Identifying the defect

This flaw is more likely to affect Intel Chips dating as far back to 2008 that run management firmware versions from 6 and 11.6. Intel also released a security advisory that precautionary corrective steps need to be taken for a system that is runs AMT.

Researchers at Embedi warned that any systems facing internet with open ports 16992 and 16993 were more prone to the hack. After the disclosure of this flaw, scans on these affected ports have increased in number which means that hackers are actively on the lookout for such susceptible systems to take advantage.

Precautionary measures

In order to overcome this defect in the Intel chip, Intel has advised a few precautionary steps. Firstly, one needs to determine if their system has an Intel AMT capable system. Then, the system needs to be analysed for the flaw with a tool published by Intel which lets you check if your system is susceptible and disable the AMT technology.

Next, a check needs to be made for updated firmware versions. Most of the affected and vulnerable systems are older and no longer receive firmware updates. The AMT is disabled on such computers. Intel is working hard to fix this bug in the Intel chip and their hardware partners are in process to push fixes to the vulnerable systems. It is expected that computer companies like Dell, Fujitsu, HP and Lenovo will issue their patches soon and have already issued security advisories.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.