Gone in 30 seconds: New Intel AMT exploit is scarier than you can ever fathom

[Redaktion]

F-Secure's security researchers discovered another flaw in Intel's Active Management Technology (AMT) that a hacker can potentially misuse to gain remote access to a system.

https://www.notebookcheck.net/Gone-in-30-seconds-New-Intel-AMT-exploit-is-scarier-than-you-can-ever-fathom.278216.0.html

[Puppy]

Isn't the password reset to the default one again after a BIOS update?

[Vaidyanathan]

Isn't the password reset to the default one again after a BIOS update?

Are you referring to the BIOS password or the MBEx password?

[Close]

None of the passwords gets reset after anu update. You actually need the password to update anyway. And anyone deploying AMT enabled workstations (or even non-AMT ones) should pro isi on them properly: disable or configure AMT and change the password, disable the MEBx setup dialog, password the BIOS. I've set up provisioning infrastructures for AMT enabled devices since 2008-2009 and they were used to configure tens if not hundreds of thousands of devices. None of them is open for this kind of exploit. Unlike the previous ones where Intel'crappy security was to blame, this time it's crappy system administration. Like complaining that Windows sucks because you have 123456 as administrator  password.

What's really scary though is that people with limited understanding of how this works are allowed to write titles like in this article.