Koe uusi yle.fi
News |

F-Secure: Major security flaw affecting millions of corporate laptops

The company said the loophole enables an attacker to create backdoor access to a corporate laptop — with the potential to later hack into the firm's entire network — in less than 30 seconds.

Kannettava tietokone etualalla ja tuntematon mies näkyy taustalla.
The issue permits an attacker with physical access to a laptop to bypass having to enter passwords at all and to access and remotely exploit the laptop later, the company said. Image: AOP

The Finnish data security firm F-Secure reported on Friday about a new security issue which could affect millions of laptops used in the corporate world. The company said that the issue affects most, if not all laptops which support Intel Management Engine or Intel AMT tech and is not related to the recently-reported vulnerabilities known as Spectre and Meltdown.

In a press release issued Friday the company's senior security consultant Harry Sintonen described the issue as "deceptively simple to exploit."

"In practice, it can give an attacker complete control over an individual’s work laptop, despite even the most extensive security measures," he said in the statement.

30 seconds of physical access

The issue permits an attacker with physical access to a laptop to bypass having to enter passwords and to access and remotely exploit the laptop later, the company said.

The security flaw exists within Intel chipsets using Active Management Technology (AMT), the chip firm's hardware and software tech that enables the upkeep of (usually corporate) laptops by tech support staff remotely. AMT is hard wired into the motherboard and uses strong encryption, but F-Secure said it is relatively easy for hackers to bypass the security surrounding it.

"The essence of the security issue is that setting a BIOS password, which normally prevents an unauthorised user from booting up the device or making low-level changes to it, does not prevent unauthorised access to the AMT BIOS extension. This allows an attacker access to configure AMT and make remote exploitation possible," F-Secure said.

"To exploit this, all an attacker needs to do is reboot or power up the target machine and press CTRL-P during bootup," the security company wrote.

The firm goes on to describe a few steps hackers are then able to change the device's default passwords, enable remote access and to disable AMT's security measures.

"Evil maids" could do it

"The attacker can now gain remote access to the system from both wireless and wired networks, as long as they’re able to insert themselves onto the same network segment with the victim," the company wrote.

Sintonen said that even though the first breach on a laptop needs physical access, because the process is so quick — less than 30 seconds — it would be very easy for anyone to carry it out, even an "evil" hotel maid, he said.

“You leave your laptop in your hotel room while you go out for a drink. The attacker breaks into your room and configures your laptop in less than a minute, and now he or she can access your desktop when you use your laptop on the hotel (wireless system). And since the computer connects to your company VPN (Virtual Private Network), the attacker can access company resources.”

Latest in: News

Headlines

Our picks

Latest

Muualla Yle.fi:ssä