Earlier this year, Embedi—a firm that specializes in securing loT devices—discovered multiple vulnerabilities in Intel’s Management Engine (ME), which allows remote management of corporate systems. Now they’ve found other Intel liabilities: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM) or Intel® Small Business Technology (SBT), allows hackers to gain full control over business computers— even if computers are turned off, but plugged in.
“By nature, the Intel AMT exploitation bypasses authentication. In other words, an attacker may have no credentials and still be able to use the Intel AMT functionality. Access to ports 16992/16993 are the only requirement to perform a successful attack,” wrote Embedi.
Think it’s just here-say? Think again. A spokesperson for Intel has admitted this “first-of-its-kind” allegations, about a system that leaves millions of corporate PC’s exposed to attacks.
On the intel website, they have announced the following:
“On May 1, Intel published a security advisory regarding a critical firmware vulnerability in certain systems that utilize Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM) or Intel® Small Business Technology (SBT). The vulnerability could enable a network attacker to remotely gain access to business PCs or devices that use these technologies. Consumer PCs with consumer firmware and data center servers using Intel® Server Platform Services are not affected by this vulnerability.
Until firmware updates are available, we urge people and companies using business PCs and devices that incorporate AMT, ISM or SBT to take steps to maintain the security of their systems and information. We understand you may be concerned about this vulnerability. The vulnerability is potentially very serious, and could enable a network attacker to remotely gain access to businesses PCs and workstations that use these technologies. We urge people and companies using business PCs and devices that incorporate Intel® AMT, Intel® ISM or Intel® SBT to apply a firmware update from your equipment manufacturer when available.”
Here's a brief description of the technology: Intel® AMT and Intel® ISM are remote management tools typically used by system administrators at large organizations to manage large numbers of computers. Intel® SBT is a similar technology typically used by small and medium sized businesses with fewer devices to manage. All of these systems incorporate Intel manageability firmware.
They list the following information regarding advisories from computer manufacturers who utilize Intel AMT, ISM and SBT technology and may pose a security risk:
Computer manufacturers are publishing information specific to their products, including availability of firmware updates. Advisories for some manufacturers can be found at the following websites:
- Acer — https://us.answers.acer.com/app/answers/detail/a_id/47605
- ASUS — https://www.asus.com/News/uztEkib4zFMHCn5
- Dell Client — http://en.community.dell.com/techcenter/extras/m/white_papers/20443914
- Dell EMC — http://en.community.dell.com/techcenter/extras/m/white_papers/20443937
- Fujitsu — http://www.fmworld.net/globalpc/intel_firmware
- Getac — http://intl.getac.com/aboutgetac/activities/activities_2017051648.html
- Gigabyte — https://www.gigabyte.com/Press/News/1562
- HP Enterprise — http://h22208.www2.hpe.com/eginfolib/securityalerts/CVE-2017-5689-Intel/CVE-2017-5689.html
- HP Inc. — http://www8.hp.com/us/en/intelmanageabilityissue.html
- Intel — NUC, Compute Stick, and Desktop Boards
- Lenovo — https://support.lenovo.com/us/en/product_security/LEN-14963
- Panasonic — http://pc-dl.panasonic.co.jp/itn/info/osinfo20170512.html
- Samsung — http://www.samsung.com/uk/support/intel_update/
- Toshiba — http://go.toshiba.com/intelsecuritynotice
Data center servers using Intel® Server Platform Services are not affected by this vulnerability. If you are uncertain, you should evaluate your systems to make sure they are secured against this vulnerability.
Intel has released a Windows 10 tool to analyze a system for vulnerability that can be downloaded and a tool for Linux that can be found online.
Intel is working with PC vendors to push a firmware update. Please update your system now.
Not sure if your system is vulnerable? Contact www.adaptiveoffice.ca to be sure your business is secure.
Or give us a call at 506-624-9480, for peace of mind.