Security flaw on Intel chips lasted for 7 years

Computing

The onboard Intel remote sensing authentication engine has a vulnerability that could grant non-administrative privileges to a severely compromised system.

A silent security hole that has survived on Intel chips in the past seven years has been spotted in early 2017. But experts now find the bug more serious than anyone imagines. Because hackers can take remote control at the highest level for a computer without entering a password.

The vulnerability lies in a feature called Active Management Technology, which allows administrators to control the system over remote connections. They include a series of functions such as changing computer startup code, mouse access, keyboard, screen, running programs. In short, AMT provides the right to log on to the computer and to execute remote control as if it were working directly with the system hardware.

This feature is integrated on many of the Intel vPro processors that require login of a password in a web browser. However, noticeably, its authentication technique can be overridden by typing a string of characters, or even typing text.

 

The security firm has succeeded in exploiting the vulnerability of AMT by phasing out the cryptographic hash function, but the authentication system still “licenses” the remote access.

Technical Director Carlos Perez said “Authentication still works” even if you enter it wrong. “We detected a flaw in the authentication scheme.”

Experts from Embedi, the company that first discovered the vulnerability of Intel, also made the same comment. According to them, the bad thing lies in the external access performed by AMT so that it can interfere directly with the hardware that bypasses the operating system completely. As such, the manager is more vulnerable than ever. This flaw has appeared on the Intel chips since 2010, but not all.

On Friday, Intel called on PC makers to release the patch next week. The company also recommends that users download the diagnostic tool in the meantime to minimize the damage.

Some users who have a problem with the temperature have actually de-bottled their CPUs. In this way, they can spread the heat dissipation onto the silicon soles of the CPU to increase heat dissipation. However, removing IHS may also cause some heat sinks that are not compatible with the CPU because they are designed to be height-adjustable with IHS

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Computing
IBM: Moving forward with cloud computing

IBM Technology Group has been selected as the best enterprise cloud provider in the United States, according to IDC’s IaaS Infrastructure-as-a-Service – Infrastructure as a Service) is implemented with more than 400 enterprises with the scale of 1,000 employees or more. In this study, cloud service providers were also rated …

Computing
Increase the protection of Windows Defender by following minor changes

Windows Defender is an antivirus software available on Windows 10 and it’s really worth the investment. Because there is no advertisement screen and integration into the operating system, this application provides good protection without any additional configuration. Anti-virus programs are growing, so Microsoft has introduced new enhancements to Windows Defender …

Computing
Linux Foundation launches the Open Compliance Program

Linux Foundation has announced the launch of the Open Compliance Program, an initiative that helps companies comply with open source licenses through the use of tools, training, self-assessment and standard formats for report copyright information. Jim Zemlin, Executive Director of the Linux Foundation, said the mission of the Foundation is …