It’s been revealed recently that thousands of PCs are potentially vulnerable to hijacking due to a security flaw in Intel chips. Not only that, but the bug in question goes back for almost an entire decade, making every computer made during that time flawed and open to attack.
The flaw itself is located in the Intel processors and allows access to mouse and keyboard of the victim’s computer. This means that the attacker could use this access to completely access files, and even install viruses, and all of it can be done even if the computer is turned off.
The ‘ATM’ port, that’s being used by IT department for the purpose of accessing the customer’s computers and providing support, installing software and alike, now gives access to hackers. Of course, it doesn’t exactly invite them, but the security level on the port itself is so bad, that the hackers can basically waltz in without any trouble.
Intel has admitted that the flaw exists and that the attackers could use it to hack the devices. However, now we find out that the process of accessing is a simple act of ignoring the password request. That’s all it takes, as stated by the researchers from the security group called Embedi. According to them, if the password field is simply left blank, the ATM will give access, without any other obstacles in the way.
In their statement, they said that “We’re able to manage the AMT via the regular web browser as if we’ve known the admin password. Keep silence when challenged and you’re in.”
The system itself can be accessed via networking ports, which is an address located on an internal computer network. It can easily be accessed through the use of a web browser. For now, Intel did not say how many devices are believed to be affected. However, if you do a quick search on a website called Shodan, that scans ports on the web, it’s revealed that the number might go as high as 8,000. That’s 8,000 computers with flawed Intel chips that can be accessed simply by not filling the password field. And we’re sure that even more of them exist on companies’ intranets, which are private and can’t be scanned this way.
The good news is that regular, consumer laptops and desktops aren’t infected. Instead, the flaw only exists on corporate PCs. The bad news is that all of those company computers can be hacked by literally anyone, and a lot of sensitive data can be stolen.
The update with a fix for this issue is expected to arrive during this week, and in the meantime, Intel has released instructions on how to check if your device is flawed. The instructions on how to disable the flaw are also included in this notice.