Intel chip flaw allows hackers to hijack thousands of PCs
Another security vulnerability has been revealed that poses a significant risk for thousands of PCs running Intel processors. The remote hijacking flaw has lurked in Intel chips for at least seven years, allowes hackers to remotely gain administrative control over huge fleets of computers without entering a password.
The flaw, which exists in Intel vPro processors, affects the Active Management Technology, or AMT, feature. AMT lets administrators manage machines via remote connections, and the vulnerability allows attackers to bypass authentication and utilize the same capabilities
AMT, which is available with most vPro processors, was set up to require a password before it could be remotely accessed over a Web browser interface. But that authentication mechanism can be simply bypassed by entering any text string or even no text at all. According to a blog post published Friday by Tenable Network Security, the cryptographic hash that the interface's digest access authentication requires to verify someone is authorized to log in can be anything at all, including no string at all.
Tenable Network Security Describe the flaw as follows
"… we reduced the response hash to one hex digit and authentication still worked. Continuing to dig, we used a NULL/empty response hash (response=”” in the HTTP Authorization header). Authentication still worked. We had discovered a complete bypass of the authentication scheme."
Intel indicated in a blog post that PC manufacturers should be releasing patches for affected systems within the week. It also posts a tool to locate and diagnose vulnerable systems. Fujitsu, HP, and Lenovo have provided information on their own affected systems. So far, the Shodan security search engine (You'll need to sign up to see the results) has located more than 8,500 machines that are vulnerable to attack.
The following page at the Register further details how the exploit works.
Here at SEBS we can confirmed no machines supplied by ourselves have AMT access enabled when installed.