An nameless reader quotes a file from Ars Technica: Meltdown and Spectre aren’t the one safety issues Intel is going through this present day. Today, researchers at F-Secure have revealed some other weak spot in Intel’s control firmware that would allow an attacker with brief physical access to PCs to gain persistent remote access to the system, because of susceptible safety in Intel’s Active Management Technology (AMT) firmware — faraway “out of band” software control era put in on 100 million programs over the past decade, in step with Intel. [T]he newest vulnerability — came upon in July of 2017 through F-Secure safety guide Harry Sintonen and printed through the corporate these days in a weblog put up — is extra of a characteristic than a trojan horse. Notebook and desktop PCs with Intel AMT can also be compromised in moments through somebody with bodily get entry to to the pc — even bypassing BIOS passwords, Trusted Platform Module non-public id numbers, and Bitlocker disk encryption passwords — through rebooting the pc, getting into its BIOS boot menu, and deciding on configuration for Intel’s Management Engine BIOS Extension (MEBx).
If MEBx hasn’t been configured through the consumer or through their group’s IT division, the attacker can log into the configuration settings the usage of Intel’s default password of “admin.” The attacker can then alternate the password, permit faraway get entry to, and set the firmware not to give the pc’s consumer an “opt-in” message at boot time. “Now the attacker can gain access to the system remotely,” F-Secure’s unencumber famous, “as long as they’re able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps).”