A major flaw in the Intel chips, which was lurking in the motherboards of your computer system and went undetected for more than five years, makes hacking as easy as opening your web browser, doing an online search, and getting in your computer system without a password.
The bug is related to Intel’s Active Management Technology, or AMT, which allows IT professionals to carry out various tasks on a fleet of computers, such as software updates, system formatting, and taking control of the mouse or keyboard as if they were physically working with the computer.
Additionally, the AMT allows IT professionals to remotely access a computer even when its power is off. To make life easier for IT professionals, Intel even made AMT accessible via web browser, which had the power to access the password protected computers even when they were set to sleep mode.
Because of the flaw, the hackers could enter the AMT by entering a blank password and get access to the web browser or web portal.
According to Embedi, the security firm which first discovered the bug, the AMT lets anyone access the computer system as it has a universal ‘admin’ account, which allows users to enter the console without the need to enter the password.
Tenable, another security firm, confirmed the bug by creating a detailed report about the remotely executable bug and how easy it was to exploit the flaw.
“Systems affected by this vulnerability are from 2010-2011 (not 2008, as was mentioned in some of the comments) because Intel manageability firmware version 6.0 and above was made not earlier than 2010. There is also a chance of attacks performed on Intel systems without Intel AMT support.”
If the vulnerable server/workstation is exposed online, an attacker could use ports 16992 or 16993 to deliver his attack. The vulnerability has a score of 9.3 out of 10 in terms of severity.
Security professionals saw a rise in the hacking activity since the news of computers with Intel Server Chipsets launched since 2010 could be hacked remotely went viral. There are more than 5000 devices that are vulnerable; more than 2000 are in the United States alone.