F-Secure said in an announcement that the flaw had nothing to do with the “Spectre” and “Meltdown” vulnerabilities as of late found in the micro-chips that are utilized as a part of all PCs, tablets and smartphones today.
Or maybe, it was an issue inside Intel Active Management Technology (AMT), “which is commonly found in most corporate laptops, (and) allows an attacker to take complete control over a user’s device in a matter of seconds,” the cybersecurity firm said.
The issue potentially affects millions of laptops globally.
The flaw was of “an almost shocking simplicity, but its destructive potential is unbelievable,” said F-Secure consultant Harry Sintonen, who found it.
“In practice, this flaw could give a hacker complete control over the affected laptop, despite the best security measures.”
An attacker would at first need physical access to the gadget being referred to.
In any case, once they had re-configured AMT, they could successfully “backdoor” the machine and after that access the device remotely, by connecting with an wireless or wired network from the user, F-Secure said.
In specific cases, the aggressor could likewise program AMT to connect with their own server, which would dispose the need to be in a similar network segment as the victim.
No other security measures — full disk encryption, local firewall, anti-malware software or VPN — are able to prevent exploitation of this issue.
A fruitful attack would prompt complete loss of privacy, confidentiality, integrity and availability, F-Secure said.
The attacker would have the capacity to read and alter the majority of the data and applications a user may have access on their PC. What’s more, they could likewise introduce malware on the gadget, even at the firmware level.
F-Secure expert Sintonen said that organizations requires set a solid AMT password or maybe disable AMT totally if possible.
The current revelation of the “Spectre” and “Meltdown” vulnerabilities in PC chips made by Intel, AMD and ARM, have sent big names in the sector — including Amazon, Google, Microsoft and Mozilla — hurrying out updates and fixes to wipe out the imperfection.