the security provider Embedi has details for the the discovered by him published vulnerability in firmware of Intel . In one according to a press release with permission from provided white paper (PDF) describes the company as attacker can take complete control of business PCs with Intel vPro. The vulnerability can be used so even via browser and without entering a password.
the error is in the firmware of active management technology (AMT), standard manageability (ISM) and small business technology (SBT). Administrators can manage full PC infrastructures, for example, by Office, as if they had direct access to each computer to install, for example, software updates or delete hard drives. AMT even allows via a browser in idle PCs to access – but only after entering a passwords set by the administrator.
Here’s the problem according to Embedi. The browser console can be started even without entering a password. A bug in the handling of passwords allows that input field empty to leave and still complete the registration. “No doubt, this is the error of a programmer, but it is: don’t do anything when you’re prompted, and you’re in”, communicated to the researchers.
researchers from tenable confirmed also on Friday published the way of of vulnerability in one blog . With a simple string, it is possible to log on to the official Web interface with the user name “admin” and any password.
while Intel systems like desktops, laptops and servers from 2010 to 2017 with the firmware versions 6.x to 11.6 as vulnerable classifies goes years Embedi assumes that all AMT-enabled computers are vulnerable, are connected to the Internet and are open port 16992 and 16993. The Embedi researchers supplemented “The access to the port 16992/16993 is the only requirement for a successful attack,”.
cyber criminals Try to exploit the vulnerability apparently since May 1. Since then, companies such as Highcharts.com register a significant increase in requests to port 16992 and 16993. The Gerätesuchmaschine SHODAN delivers more vulnerable than 8500 computer of which alone nearly 3000 in the US and in Germany approximately 1200 are also . In this country, therefore above all systems are affected, accessing through Deutsche Telekom, as well as the free University of Berlin on the Internet.
Intel references in a current opinion a since May 4 tool, the user can determine if your system is affected. In addition, computer manufacturer from this week of firmware updates for their products are intended to provide. Including Dell, Fujitsu, and have already published their own advisories and announced new firmware versions.
[withmaterialbyZackWhittaker ZDNet.com ]
tip : you know the most famous hacker? Check your knowledge – with 15 questions on silicon.de.