And this jewel doesn't require any code and takes only 30 seconds!
https://press.f-secure.com/2018/01/1...orate-laptops/
All you need is physical access to the computer!
https://press.f-secure.com/2018/01/1...orate-laptops/
To exploit this, all an attacker needs to do is reboot or power up the target machine and press CTRL-P during bootup. The attacker then may log into Intel Management Engine BIOS Extension (MEBx) using the default password, “admin,” as this default is most likely unchanged on most corporate laptops. The attacker then may change the default password, enable remote access and set AMT’s user opt-in to “None.” The attacker can now gain remote access to the system from both wireless and wired networks, as long as they’re able to insert themselves onto the same network segment with the victim. Access to the device may also be possible from outside the local network via an attacker-operated CIRA server.
Comment