Intel AMT Security Issue

Yet another nightmare for Intel users. This time it’s specific to the corporate world. Yes, you heard it right, this time hackers just need to find an IT employee carry his / her office laptop, distract that person for a minute and the attack can be launched in less than a minute. Is it really that simple? Game On !!

Intel is still trying to cope up with its last publicly announced security vulnerabilities Meltdown and Spectre and here we are yet again with another blunder. In July 2017 Harry Sintonen, one of F-Secure’s Senior Security Consultants, discovered unsafe and misleading default behaviour within Intel’s Active Management Technology (AMT).

AMT is Intel’s proprietary solution for remote access monitoring and maintenance of corporate-grade personal computers, allowing the corporate technical support team or managed service providers to remotely support IT employees via screen share functionality. AMT security issues exist even the past, however this one is more surprising due to its potential impact.


The issue allows a local intruder to backdoor almost any corporate laptop in a matter of seconds, even if the BIOS passwordTPM PinBitlocker and login credentials are in place.

“The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures,” Sintonen says.


  1. A local attacker gains physical access to an corporate machine (desktop / laptop)
  2. Reboot or power-on the machine and then press Ctrl + P
  3. This displays the Intel Management Engine BIOS Extension (MEBx) login screen
  4. The default password for MEBx is “admin” which maybe common on most corporate machines. Other passwords that is usually set by IT administrators include: “admin@123”, “password”, “<company name>@123
  5. Once the attacker logins successfully, s/he can change the default password and enable remote access, and set AMT’s user opt-in to “NONE”
  6. The machine is now compromised!!

Once the attacker can gain access to the same network segment as the victim (with a few additional steps to enable wireless access), the system will be accessible remotely. A video grab from F-Secure’s security consultant is here:


  • F-Secure along with CERT has notified Intel and all relevant device manufacturers about the security issue and urged them to address it urgently.
  • It’s now the onus of the corporate employees to safeguard their respective corporate laptops while they are in any public places such as airport, bus terminals, hotels, cafe and more.
  • IT administrators must set a strong password for AMT or even disable AMT completely if that functionality is not required, before handing over the systems to the employees
  • IT administrators must reset the AMT passwords with strong unique passwords for all its current systems with immediate effect
  • Most importantly: if the AMT password has been set to an unknown value on a user’s laptop, consider the device suspect and initiate incident response. First rule of cyber security? Never take unnecessary risks.
  • Organizations with Microsoft environments and domain connected devices can also take advantage of the System Center Configuration Manager to provision AMT.
  • Last but not the least, follow Intel’s own recommendationsfor using AMT in a secure manner follow similar logic


Intel CPU Kernel bug

Image result for intel bug

Kernel memory leak in Intel processor due to a fundamental design flaw has forced major operating system (OS) vendors such as Windows, Linux and macOS to redesign their kernel software. This redesign will result a performance  hit on Intel products and is estimated to slowdown from 5% to 30%, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit, The Register reports.


To perform any write, execute or network related tasks, any program needs to temporarily handover the processor control to the kernel to complete the task. Such requests between user to kernel and vice versa requires the kernel to be present in the virtual memory address space of all processes. When the kernel is needed, the program makes a system call, the processor switches to kernel mode and enters the kernel. Post completion of the requested task, the CPU is told to switch back to user mode, and reenter the process. While in user mode, the kernel’s code and data remains out of sight but present in the process’s page tables.

  • Easily exploitable by malware and hackers to exploit other security bugs
  • Programs and logged-in users can gain access to kernel’s memory to read all secrets including, passwords, cached disk files, login key and so on
  • A shared public cloud server, may even sniff sensitive kernel-protected data
  • Possible the bug could be abused to defeat KASLR: kernel address space layout randomization
  • A malicious program can block executing an instruction and reads the kernel memory before switching back to the user mode. In turn allow ring-3-level user code to read ring-0-level kernel data
  • Impact on cloud:
    1. The bug will impact big-name cloud computing environments including Amazon EC2, Microsoft Azure, and Google Compute Engine, said a software developer blogging as Python Sweetness
Another version of the same story:

There were rumors of a severe hypervisor bug – possibly in Xen – doing the rounds at the end of 2017. It may be that this hardware flaw is that rumored bug: that hypervisors can be attacked via this kernel memory access cockup, and thus need to be patched, forcing a mass restart of guest virtual machines.

Affected Intel product:

The bug affects all Intel x86 CPUs produced over the past 10 years, regardless of the OS or whether the OS runs on a desktop or a laptop. The processor allows normal user programs, from database applications to JavaScript in web browsers, to to some extent separate the layout or contents of protected kernel memory areas.

The Fix:

The fix is to separate the kernel’s memory completely from user processes using what’s called Kernel Page Table Isolation, or KPTI. These KPTI patches move the kernel into a completely separate address space, so it’s not just invisible to a running process, it’s not even there at all. Really, this shouldn’t be needed, but clearly there is a flaw in Intel’s silicon that allows kernel access protections to be bypassed in some way.

  • PostgreSQL has shared fix for intel hardware bug which will lead to performance regressions
  • Microsoft’s Azure cloud to undergo maintenance on January 10
  • Amazon has warned customers via email to expect a major security update to land on Friday this week, without going into details
  • Post updates from respective Vendors, your Intel-powered machine will run slower as a result

Sony Playstation 4 4.05 FW – Local Kernel Loader

28th December 2017, developer SpecterDev released a fully-functional much-awaited kernel exploit for PlayStation 4 (firmware 4.05), almost two months after Team Fail0verflow revealed the technical details of it.


Intel ME Firmware Security Issue

Intel Management Engine (ME), a microcontroller that handles much of the communication between the processor and external devices, hit the headlines in May 2017 due to security concerns regarding the Active Management Technology (AMT) that runs on top of the engine. More probing revealed AMT had a simple authentication error: an attacker could login with an empty password field.

Positive Technologies researchers say the exploit “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard via Skylake+”.

The company’s researchers Mark Ermolov and Maxim Goryachy discovered is that when Intel switched Management Engine to a modified Minix operating system, it introduced a vulnerability in an unspecified subsystem.

Because ME runs independently of the operating system, a victim’s got no way to know they were compromised, and infection is “resistant” to an OS re-install and BIOS update, Ermolov and Goryachy say.

In response to issues identified, Intel has published its advisory here.


Cyber Security Incidents January 2017

Cockrell Hill police lose years’ worth of evidence in ransom hacking

Hacker Group Claims Responsibility for Lloyds Bank Outages, Ransom Demand

St. Louis’ public library computers hacked for ransom

Computer hacker hits Illinois processor

No payoff for hackers, Arkansas school district says

Trojan malware blamed for cyberattack at Barts Health NHS hospitals

Marijuana dispensaries hit by hack of sales system

Cosmetic surgery center discloses ransomware attack

Princeton University becomes victim of MongoDB ransom attacks

Los Angeles Valley College Hit By Cyber Attack, Pays Ransom

Break-in prompts hospital to assess possible patient privacy breach

Odessa one of eight school districts targeted in e-mail phishing scam

Grey Eagle Casino employee information leaked in major privacy breach

Dirty secrets of 180,000 users of a porn site that posts ‘upskirt’ photos are leaked

Data breach affects thousands of school system employees

Telus releases Hamilton woman’s cellphone information to her stalker

218,000 AlphaBay marketplace users’ private messages acquired by bug hunter

Another child protection privacy breach names more than 30 kids in care

District 833, police investigate after student accesses private employee data

NYPD tech worker accused of selling officers’ personal info

TriHealth notifies 1,126 patients after software glitch sends statements to old addresses

Ohio State Veterinary Medical Center at Dublin hit with possible data breach

Catholic Charities of Baltimore Notifies Clients of Potential Security Incident

Complete Wellness notifies 600 patients after employee misconduct results in lost PHI

Clash of Clans Forums Accounts Have Been Hacked

CoPilot Provider Support Services notifies 220,000 of data security breach in 2015

California translation firm’s security lapse exposes sensitive files

Passwords of top Trump appointees leaked online after earlier data breaches: Report

California snafu releases personal info of nearly 4,000 gun safety instructors

Dutch Cops Warn 20,000 of Email Account Hack

5,000+ Sentara Healthcare patient records involved in security breach

Children’s Hospital Los Angeles and the Children’s Hospital Los Angeles Medical Group notify parents of laptop theft

Email account with patient information at UM doctors group hacked

Summit Reinsurance Services breach affected 19,000

Hacker Steals 900 GB of Cellebrite Data

Hospital scammed for employee information

Twoplustwo poker forum hacked again; personal data stolen

ESEA hacked, 1.5 million records leaked after alleged failed extortion attempt

Letter notifies NISD employees, students of email breach

Hilliard Bradley High School hacked, students’ information exposed

Lloyds Bank targeted in DoS attack

Possible data breach occurred at 21 Bowlmor AMF bowling centers, including one in Henrico

POPEYES discloses payment card breach that began in May, 2016; 10 locations affected

Zimbabwe computer hacker takes $70k from OK Zim

Rsync errors lead to data breach at Canadian ISP, KWIC Internet

Hackers infiltrate govt-owned bank systems to create fake trade docs

Taipei employees’ financial data leaked

Delhi hackers, digital shoplifters who tampered data of e-commerce portals

Google Removes Ransomware-Laden App From Play Store
Paramedic supervisor charged with stealing drugs and identity theft

‘Celebgate’ hacker sentenced to nine months in prison

Mortgage loan processor stole dozens of identities

Cyber Security Incidents February 2017

Gov, OMES Confirm Agency Hacked, No Ransom Paid

Hackers demand $25k-$30k after ransomware attack takes down Bingham county servers

Yahoo tells users they were hit with cookie attack

University suffers cyber attack from its own vending machines and lamp posts

Isis-linked hackers attack NHS websites to show gruesome Syrian civil war images

Pro-Trump group hacked, website taken down in Cabinet fight

Hackers demand £1 million from David Beckham’s advisers

Norway’s Labour Party was hacked by Russia: report

Ransom demanded in Licking County technology hack

Tiverton town hall has two years’ worth of documents deleted by virus that demanded £3,000 ransom

Phishing emails imitate HMRC (again)

WordPress hack sees 1.5m attacks in “feeding frenzy”

South Washington School District probes hacking by student

NYC Dept. of Education email gaffe exposes 439 paraprofessionals’ SSN

Millions of IGN and PCMag user records sit exposed, online

Email Lists Revealing Students’ Private Information Remained Public for Years

Hackers who took control of PC microphones siphon >600 GB from 70 targets

Cleveland Food Bank Loses Personal Data for Dozens of Clients

Lexington Medical Center latest victim of data breach

Family Service Rochester experiences data breach

Thousands of medical records stolen


Privacy commissioner apologises for accidentally releasing email addresses

PharmaNet breach compromises personal information of 7,500 B.C. residents, says province

Fulton County clinic dumps sensitive medical records in plain sight

20,000+ tribal members warned of data breach

City notifying staff whose private information was compromised

Laptop and files with confidential information about Aberdeen children stolen

Top End Health Service breach exposes private details of cancer patients

Hacker steals 83,000 accounts from UPI news agency

Mag publisher Future stored your FileSilo passwords in plaintext. Then hackers hit

15,000 data files of Taiwanese nationals possibly hacked: Govt

Multnomah County notified 1,700 patients after discovering employee was forwarding emails to personal account

Sports Direct hacked last year, and still hasn’t told its staff of data breach

Five months after learning of problem, Michigan cancer treatment provider notifies 22,000 patients

Princeton Pain Management notifies patients after hacker gains access to PHI

Laptop-light GoCardless says customers’ personal data may have been lifted

Used government computers bought at auction filled with personal information

Denuvo Website Leaks Secret Information, Crackers Swarm

Data from 2014 hack of children’s online game Bin Weevils leaked online; hacker claims 20m records

Vulnerability put 1.87 million Michigan employees at risk

Hundreds of confidential email addresses were shared with landlords operating in Cardiff

Particle accelerator hacked: Boffins’ hashed passwords beamed up

2.5 million PlayStation and Xbox players’ details stolen by hackers

Citizens Memorial Hospital investigates breach of employee data

Data breach hits San Antonio Symphony employees

Hundreds of Arby’s restaurants breached

PC Plus points stolen from customer accounts in security breach

Malware hit Hitachi Payments Services, 3.2 million cards affected

InterContinental reports payment card breach at 12 U.S. hotels

A Hacker Just Pwned Over 150,000 Printers Left Exposed Online

An Anonymous group just took down a fifth of the dark web

German parents urged to destroy data-collecting toy doll

Cyber Security Incidents March 2017

Urology Austin notifies patients of ransomware attack

KY: Estill County Chiropractic notifies 5,335 patients of ransomware attack

Metropolitan Urology Group Notifies Almost 18,000 Patients of Ransomware Attack That Exposed PHI

City erases, re-installs server after ransomware attack

Student expelled for hacking professors’ emails

Hackers attack Pa. Senate Democrats’ computer system with Ransomware

Website of Korea retail giant Lotte hacked in China

26 million NHS patients’ records in security scare over SystmOne “enhanced data sharing”

Laptops containing 3.7 million Hong Kong voters’ data stolen after chief executive election

Dozens of patients’ medical records found lying in Melbourne street

Notification of data breach on FIRST Forums

Thousands of Psychiatrist’s Patient Records Stored in Basement of House He Rented Out

Council blunder leaks personal data on web

Vermont Department of Labor details data security breach at third party vendor

New Three Data Breach Exposes Mobile Customer Account Details To Total Strangers

UNC Health Care notifies 1,300 prenatal patients of potential breach

Saks Fifth Avenue Exposed Personal Info On Tens Of Thousands Of Customers

Blunder reveals Australian lawmakers’ private cell numbers

Email gaffe revealed 1,417 cancer patients’ email addresses

15 computers with ‘sensitive information’ stolen from Chief Justice Mogoeng’s office

Lane Community College notifies health clinic patients of potential breach

McDonalds India is leaking 2.2 million users data

Children’s Hospital of Eastern Ontario employee breached privacy of nearly 300 patients

Singapore Armed Forces apologizes for data leak

Ster-Kinekor “data leak” means private data of 7 million South Africans is at risk

Devon doctors’ surgery says sorry for data breach

Popular Teen Quiz App Wishbone Has Been Hacked, Exposing Tons of User Information

43,000 individuals’ possibly affected after Abta web server hacked

We’ve lost control of our personal data (including 33M NetProspex records)

US military leak exposes ‘holy grail’ of security clearance files

VCU Health System notifies 2,700 of inappropriate access to their medical records

Brand New Day notifies 14,005 members after breach at vendor

Tarleton Medical discloses breach involving protected health information

Three admits a further 76,000 customers hacked

PoS terminal manufacturer Verifone breached

Action Fraud raised alert about CEO fraud

1.3 billion records leaked: spam operator suffers data breach

Data breach may put Daytona State College students’ personal info at risk

Med Center Health reports stolen patient billing information

Email Security Breach Involving County Employees’ Bank Accounts In Sebastian County

Oh those inadequately secured backup devices…

GMO Payment Gateway confirms data leakage from two client websites

Hackers steal thousands after Queensland School Photography targeted online

No bail for 3 Romanians in ATM hack

Gang of Hackers Tries to Steal Baidu’s Driverless Car Secrets

Chinese police make 96 arrests in latest operation against personal data theft

Dutch detectives unravel 3.6 million encrypted emails sent by criminals

Nursing home employee arrested after filming senior residents having sex, posted video online

Cyber Security Incidents April 2017

Newark City Hall computers hacked with ransomware

Atlantic Digestive Specialists notify patients of ransomware incident

Phishing scam diverts more than $40,000 from Denver Public Schools

IAAF says medical records compromised by Fancy Bear hacking group

Lessons to learn as McAfee’s LinkedIn page is hijacked

Hackers set off Dallas emergency sirens more than a dozen times in a few hours

ECMC officials remain mute on cause of computer shutdown

RingGo parking app exposes users’ personal information

McDonald’s Canada breached, 95,000 job seekers’ information compromised

Concordia’s online course systems, eConcordia and KnowledgeOne, have been hacked

Unencrypted patient info from 2008 left in a van, and…… yeah

Iowa Veterans Home warns nearly 3,000 of data breach after phishing incident

Privacy Incident at Lifespan

Patient privacy breach: over 1600 medical letters found dumped in Sydney bin

PAUSD student data exposed in breach

Millions of game accounts exposed in data breach, responsibility thrown to the wind

30,000 London gun owners hit by Met Police ‘data breach’

Voters’ personal data at risk in Cobb theft

Privacy commissioner calls for investigation after photo card privacy breach

Amedisys announces patient info breach

Privacy breach at Yakima’s Virginia Mason Memorial hospital affects 419 patients

Upmarket Sydney hotel targeted by cybercriminals

Third Personal Data Breach Hits UHIP Customers

Student privacy breached in Victoria Education Department blunder

Tullamore Hospital patient’s information sent to wrong person after data blunder

Wonga data breach: Personal details of 245,000 UK customers and 25,000 Polish customers may have been stolen in cyber attack

Leak of diabetic patients’ data highlights risks of giving info to telemarketers

Privacy, what? Bengaluru police leaks 46,000 phone numbers on Twitter

Scottrade Bank data breach exposes 20,000 customer records

Data leak exposes details of 450,000 lottery subscribers

Foodie social network Allrecipes warns that someone stole users’ email addresses and passwords

Data breaches at InterContinental Hotels, RingGo and Allrecipes

Chipotle warns of data security breach, recommends monitoring card statements

Blowout Cards Notifies Customers After Card Fraud Reports Roll In

Cleveland Metropolitan School District discloses phishing-related incident

Debit card breach reported by car washes

U of L: Tax information of some employees hacked Investigating Possible Breach

Breach of Financial-Aid Tool May Have Compromised Data on 100,000 Taxpayers

1,200 InterContinental hotels hit by malware attack

Ashley Madison blackmailers threaten to create Cheater’s Gallery exposing members who don’t pay up

Teen Hackers Stole $300,000 From a Travel Site and Used It to Buy a Ducati

Hackers Are Emptying ATMs With a Single Drilled Hole and $15 Worth of Gear

Got one of these 20+ models of Linksys Smart Wi-Fi routers? Bad news. 10 security holes discovered

Wellington Student Arrested for Selling Drugs on the Darknet

Longest sentence ever handed out for hacking: Roman Seleznev Sentenced to 27 Years

Long-sought fugitive admits role in $200M credit card fraud

Cyber Security Incidents May 2017

How ECMC got hacked by cyber extortionists – and how it’s recovering

Walnut Place notifies patients of ransomware attack

Confluence charter school servers are hacked

WannaCry ransomware hits systems worldwide

Ransomware hits Australian hospitals after botched patch

‘Anomaly’ caused OHIP privacy breach

Papers with CMS students’ sensitive information found blowing in wind

Fast Health in Tehachapi suffers security breach

Website hack exposed PMH patients’ personal, medical info

Health, personal records of 2,500 Arizona families with newborns lost

Beacon Health System notifies 1,200 patients of employee wrong-doing

Melbourne hospital in hot water as patients’ confidential medical records found on train Exposed Patient Records

Information on 2,036 patients compromised after data breach

Personal information exposed for 3,000 people in Stillwater after unauthorized access obtained to city computer

Niskayuna school laptop stolen, 945 students’ personal information on device

1.5 million students’ data leaked online, put up for sale for up to Rs60,000

Medical device containing patient information stolen from DePaul Hospital

Hackers may have names of thousands of Florida gun owners

School district reports breach due to caching problem with HomeLink

Font sharing site DaFont has been hacked, exposing thousands of accounts

Zomato Hacked; 17 Million Accounts Sold on Dark WebTwitter says Vine users’ emails and phone numbers were exposed for a day, but weren’t misused

Hacker Steals Millions of User Account Details from Education Platform Edmodo

Bell apologizes to customers after data breach hits 1.9 million e-mail addresses

Data leak reveals details of 70,000 offshore firms in Malta, German state minister claims

Funding Circle Error Exposes 6,000 SSNs Of American Clients

Guardian Soulmates website suffers data breach

Diamond Institute for Infertility and Menopause notifies patients after hack

TheDarkOverlord dumps 180,000 patients’ records from 3 hacks

Debenhams Flowers data breach affects 26,000 customers

USA Today owner Gannett hit by phishing attack

Travel tech company Sabre confirms breach affected reservations system

Why WannaCry ransomware infection is a data breach

Phishing scam cost Google and Facebook £77m

Hotpoint service sites hacked

Blackburn High School families’ details illegally downloaded in targeted attack

Brooks Brothers payment card system compromised for almost one year; customers being alerted

Rogues reset ‘passwords’, steal W-2 info from Equifax subsidiary customer employees

Chipotle says malware hack stole customer payment info

Full House Lottery website breached, credit card information at risk

Rite Aid’s ecommerce platform breached, personal info stolen

Vic school IT breach after password theft

Security Breach at Punch Bowl Social; Employee Personal information compromised

Data breach hitting local car wash follows string of incidents around the country

NYU Accidentally Exposed Military Code-breaking Computer Project to Entire Internet

After hackers fail to extort money, new Pirates of the Caribbean movie torrents appear

“Google Docs” Worm Ransacks Gmail Users’ Contact Lists – What You Need to Know

Cyber Security Incidents June 2017

‘Petya’ Ransomware Outbreak Goes Global

Ransomware: South Korean web hosting company pays $1m

Fired Employee Hacks and Shuts Down Smart Water Readers in Five US Cities

Cyber-attack on parliament leaves MPs unable to access emails

Airway Oxygen notifies 500,000 patients after ransomware attack

Cleveland Medical Associates tells patients of ransomware incident

Midwestern Hospital Infected With Ransomware

University College London hit by ransomware attack

Hacker stole satellite data from US Department of Defence

CD Projekt Red Reveals Cyberpunk 2077 Data Theft

Pro-ISIS hackers deface Ohio government websites

PanicGuard panic alarm app leaks your personal information, including location

Texas Association of School Boards suffers security breach

School district server breach

Personal info of 522 Aetna clients in Texas affected by data security incident, firm says

Hundreds of SIH Patients Potentially Impacted by Insurance Breach

Hackers Altered 2016 Voter Rolls and Stole Private Data on U.S. Citizens

Nearly 3,000 Patients Notified Of St. Thomas Rutherford Health Information Breach

Confidential child protection files on sale at Alice Springs tip shop

Patient records stolen in computer breach at Torrance Memorial Medical Center

Data on 198M voters exposed by GOP contractor

Personal info of hundreds of thousands of students targeted in schools hack attack

Briefcase containing Little River Healthcare records stolen

Personal information of 16 Utahns stolen from DCFS employee’s vehicle, officials say

Passaic Housing Authority battles employee over data breach, rules on rent hikes

Hundreds Of Files With Personal Information Found In Greenwood

University department leaks the names of students and their extenuating circumstances

Former Durango Family Medicine patients warned of security breach

OU shuts down file sharing service after failing to protect thousands of students’ records

Over 5,000 Wind Tre customers hit by data breach

HSBC reveals customer information leak

Township of Springfield notifies individuals after discovering hack

More than a thousand Elon accounts compromised in security breach

University of Alaska: thousands affected by data breach, including names, social security numbers

Laptop stolen from Tulsa firm contained customers’ personal data

Customer data stolen as S.F. cybersecurity firm hacked, Stanford medical school reportedly a client

Privacy Breach at Beverly Hills Clinic Puts Thousands of Patients, Some Celebrities, at Risk

Cosmetic surgery online mistake allows public viewing of women’s photos, private details

Number of data breaches rises by 39%

UCL hit by ransomware attack

The Buckle, Inc. Notification of Security Incident at Some Retail Stores

How a Single Email Stole $1.9 Million from Southern Oregon University

Computer stolen at the Hall of Justice puts some at risk for identity theft

Data breach affects Irish users of global hotel website

Kmart breached by POS malware again

Leak of Windows 10 Source Code Raises Security Concerns

Thousands of customers ‘at risk’ following Virgin Media hack

Bungling Tata devs leaked banks’ code on public GitHub repo, says IT bloke

Mississippi Division of Medicaid notifies more than 5,000 after discovering data were not securely transmitted for more than three years

Two men arrested as part of international investigation into unauthorized access to the Microsoft network

Computer hacker jailed for attacking websites of airport and hospital

20 Apple employees arrested in China for ‘selling’ personal data of customers

West African computer hacker sentenced to prison