A newly-disclosed Intel security flaw impacting most corporate laptops can let hackers with physical access to a computer backdoor the device in "less than 30 seconds".
That's according to F-Secure, a Helsinki-based security firm, which said in a report Friday (12 January) that default settings in Intel's Active Management Technology (AMT) were to blame. It warned that "millions" of laptops may now be vulnerable to exploitation.
Harry Sintonen, the F-Secure security consultant who investigated the issue, said that the security gap was "almost deceptively simple to exploit" and noted that it could have "incredible destructive potential."
He warned: "It can give an attacker complete control over an individual's work laptop."
Intel AMT gives users remote monitoring and maintenance of laptops. The security issue, F-Secure said, is that setting a BIOS password – which prevents changes being made by unauthorised users – can be tampered with to "make remote exploitation possible".
Physical access is needed, but to exploit the Intel AMT vulnerability all an attacker needs to do is power up the target machine and press CTRL-P during boot-up, experts said.
The attackers can then log into Intel Management Engine BIOS Extension using the default "admin" password (most likely never altered) and change it to whatever they wish. In doing so, the hacker can gain remote access to the system from both wireless and wired networks, as long as they're able to insert themselves onto the "same network segment" with the victim, F-Secure said.
The issue was discovered in July 2017 and is unrelated to the recent Spectre and Meltdown vulnerabilities. An Intel spokesperson told IBTimes UK: "We appreciate the security research community calling attention to the fact that some system manufacturers have not configured their systems to protect Intel Management Engine BIOS Extension.
"We issued guidance on best configuration practices in 2015 and updated it in November 2017, and we strongly urge OEMs [original equipment manufacturers] to configure their systems to maximise security. Intel has no higher priority than our customers' security."
Sintonen claimed in the report that the speed in which the attack can be carried out makes it easily exploitable in a so-called "evil maid" scenario, adding that even one minute of distracting a target from their laptop – at an airport or coffee shop for example – is enough to do the damage.
"You leave your laptop in your hotel room while you go out for a drink," he said.
"The attacker breaks into your room and configures your laptop in less than a minute, and now he or she can access your desktop when you use your laptop in the hotel WLAN. And since the computer connects to your company VPN, the attacker can access company resources."
This article was uploaded with additional comment from Intel