Intel has reportedly been operating with what reports called a “critical vulnerability” in its firmware that could allow hackers to infiltrate company systems via Intel’s Active Management Technology, Small Business Technology or Standard Manageability.
Reports Wednesday (May 3) said a researcher at IoT startup Embedi identified the vulnerability that has existed within Intel systems since as early as 2010. The vulnerability reportedly means an attacker could remotely access machines that are running Active Management Technology or Intel Standard Manageability, or they could allow an unauthorized user to “change management features on systems” that run AMT, ISM or its Small Business Technology, according to reports.
The threat impacts devices running the chipmaker’s vPro processors and does not affect consumer PCs, reports added.
“The vulnerability is a serious threat and the prevention measures from exploitation is a timely process for users — timely, but necessary,” said Embedi in a blog post. “It is also important to note the difficulties with firmware patching, which is needed to mitigate this vulnerability. Firmware patching takes an extremely long time to test before it is deployed to all of their users.”
In other words: there isn’t an easy (or fast) fix to this vulnerability.
Intel has reportedly responded to the discovery and issued a patch, and its Security Center has published detection and mitigation guides for its clients.
“We have implemented and validated a firmware update to address the problem, and we are cooperating with equipment manufacturers to make it available to end-users as soon as possible,” said a spokesperson for Intel.
News has gotten around the tech world, with Google security developer Matthew Garrett exploring the discovery in another blog post and noting that it doesn’t impact all Intel systems, just those that have Active Management Technology turned on.