F-Secure: Intel AMT default password makes business laptops vulnerable

Because the default password of Intel’s Management Engine BIOS Extension is rarely changed, many business laptops are vulnerable to unauthorized remote access, claims F-Secure. An attack does require physical access.

Intel’s Management Engine BIOS Extension, or MEBx, includes the default login combination “admin,” “admin,” and because many users don’t change it, F-Secure says this opens the door to an easy-to-mount attack. Attackers can access the BIOS Extension at boot time, using Ctrl + P, even if the user has set a BIOS password. They can then manage Management Engine settings.

For example, they can enable remote management, set AMT’s user opt-in to ‘none’ and change the password for MEBx. According to F-Secure, business laptops are so intrusive, even if the user has set a rpm pin and uses Windows’ Bitlocker for encryption. MEBx is only enabled on systems with Intel vPro processors. That login and password are both ‘admin’ is stated in the Intel manual.

For an attack to succeed, the MEBx password must therefore not be changed. Many manufacturers recommend that you change this password. In addition, an attacker must first gain physical access to a laptop. From a security point of view, physical access by unauthorized persons must always be prevented because this makes numerous attacks possible, including via USB sticks. According to F-Secure, the attack they described can be completed within a minute via MEBx. The company states that it is difficult for IT departments to solve the problem on a large scale and in practice it amounts to a massive reconfiguration of devices.