Intel chips give access to Active Management without a code

A critical vulnerability in the Intel chips discovered nearly a decade ago allows hackers to gain full control of Windows computers that are affected without the need for a password.

The vulnerability disclosed by Intel and classified as critical last week lies in the Active Intel (also known as AMT), which allows administrators to perform remote maintenance on computers. intel

AMT also allows the administrator to remotely control their keyboard and mouse , even if the computer is turned off.

AMT is also accessible through the browser even when the remote computer is in sleep mode. It is protected by a password defined by the administrator.

The problem is that a hacker can enter a blank password and gain full rights to the web console, according to independent technical analyzes by two labs ς .

Embedi researchers, who found the error, explained one white paper who posted on Friday that the flaw exists because the default “admin” account for the web interface can log in without the of user access.

Intel has so far not mentioned how many systems are affected.

However, a search on Shodan, the search engine for open ports and databases, shows that more than 8.500 devices are vulnerable at this time, with 3.000 only in the US. But there could be thousands of other devices at risk on internal networks.

In a statement, Intel said it is working with its partners to address the issue and "expects those responsible to take the available from the beginning of the week on May 8".

So far, the DellThe FujitsuThe HP, And the Lenovo have issued safety tips with instructions on when to fix the vulnerability. Consumer devices are not affected by the error.

Intel also published one tracking tool to determine if your systems are affected.

iGuRu.gr The Best Technology Site in Greecefgns

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).