Intel nor did it manage to block the vulnerabilities completely and without problems Meltdown and Spectre, as another very important one was discovered in the software created by the American company for its products. This new major vulnerability is not as dangerous as Meltdown and Spectre, but that is only because the victims cannot be infected directly via the Internet, but the computer must be physically accessed first.
Intel Active Management Technology (AMT) is the problematic software, it has been installed on over 100 million computers over time, and now it has been discovered that it is not so secure. According to those from F-Secure, a hacker who gains physical access to a computer that has this Intel technology can exploit the software to access it later, even remotely, whenever he wants.
Intel blames this problem of the AMT system on computer manufacturers and says that they have not sufficiently secured the settings for this software through the motherboard BIOS. Intel says that it has given its partners the necessary documentation to do this, but as things appear, the partners didn't really care, and in the end everyone from Intel is accused of the existence of the problem.
Intel: A new major vulnerability has been discovered
Intel announced in May that it discovered a problem with the AMT system and in November released patches to solve it, but the problem discovered by F-Secure is a new and, apparently, separate one. According to the company, hackers can even bypass passwords set for the BIOS and can access a wide range of information, including Bitlocker encrypted passwords, so we are talking about a major problem, with Intel in the foreground.
"We appreciate the security research community calling attention to the fact that some system manufacturers have not configured their systems to protect Intel Management Engine BIOS Extension (MEBx). We issued guidance on best configuration practices in 2015 and updated it in November 2017, and we strongly urge OEMs to configure their systems to maximize security. Intel has no higher priority than our customers' security, and we will continue to regularly update our guidance to system manufacturers to make sure they have the best information on how to secure their data."
Intel recommended its partners, or those who bought computers with the AMT system, to secure them, but of course the world expected something ready configured for immediate use, so many did not bother. The good part in this whole problem is that the AMT system is mainly used in products bought by companies, but as a domino effect, if their units are compromised, ordinary users can also be affected.
Intel is now in a hurry to solve this problem before the press takes too much notice of it and the world loses even more patience, or confidence in its ability to make secure products. It is hard to say how much the Intel company will be affected by all the scandals of the vulnerabilities of its products, but it is clear that the situation is not exactly good.
