The Hidden Flaws

Cyber attackers are known for their persistence. If they hit a pothole trying to break into your IT network, they won’t just give up and move on to their next target. Instead, they’ll redouble their efforts and probe your infrastructure, looking for new ways to grab your valuable data.

Unfortunately, sometimes these vulnerabilities can be a bit beyond your reach. Rather than weak points in your security infrastructure, they’re baked into the very devices your business depends on. As some researchers recently discovered, a new vulnerability found in Intel chips could pose a potentially catastrophic risk for your business. Here’s what you need to know about this flaw and how you can protect yourself.

The Backdoor

The first thing you need to know is most Intel chips come equipped with a maintenance software known as “Active Management Technology” (AMT). This software is mainly used to obtain remote access to PCs.

This newly discovered vulnerability is found within this AMT software. In theory, this attack would use the default password included with the AMT software (simply “admin”) to bypass all encryption and security on your device, giving attackers full remote access to the device, whenever they want it. It’s worth noting that in order to pull this off and obtain access your device, an attacker must physically crack the AMT password, but the process is projected to take as little as 30 seconds.

The Threat

What does this mean for your business? If successfully pulled off, it will basically be like the hacker has pulled out your employee’s chair, taken a seat at their desk and booted up their computer, free to browse the same files and access the same network drives your employees to rely on for important business functions.

Imagine how disastrous this could be for your organization. A hacker could easily pull up patient or client information, making off with sensitive data like social security numbers or bank accounts, or just secretly install some malware and slowly drain data from your organization over a considerable period of time. You can see how this could lead to some less than desirable outcomes.

Solutions

There are two steps you or your IT security provider should immediately take to safeguard against this attack. The first is to simply disable the AMT software altogether. This will disable the remote access provided by the software — check with your system administrator to see if this is something your devices need to have enabled. The second option is to change the default password within the AMT. This will allow you to continue using the software and close this backdoor.

Beyond this specific attack, this vulnerability points to other IT security concerns. Your employees need to follow best practices, meaning they don’t leave their devices in locations they could potentially be stolen or fall victim to social engineering attacks that allow cybercriminals on premises, giving them the opportunity to hack into your security network.

Furthermore, while weak points like this are consistently being discovered and made public, you need to have an IT infrastructure in place which can remediate them. You have to work under the assumption that, even if this is a new vulnerability, cybercriminals have either already uncovered it themselves or certainly know how to use it now. Rely on the experts and avoid putting your organization in compromising situations.

Posted in BAI Security Blog and tagged , , , , , .