What is the Intel AMT issue?
The ACSC is aware of reporting that devices with Intel Active Management Technology (AMT) have an insecure default behaviour that could allow an attacker to bypass security controls on the device.
AMT is a management feature of Intel products that enables administrators to remotely manage devices. The feature is found on devices such as laptops, desktops and servers.
Researchers have recently reported that devices featuring AMT are configured with a default AMT password of "admin".
Why is this important?
The default password can be leveraged using a simple procedure by an individual with physical access to an affected device to bypass security controls such as BIOS or Bitlocker passwords and enable remote management. This unauthorised remote management could then be utilised for further malicious activity.
What should I do now?
Users with Intel AMT enabled devices are encouraged to consider:
- disabling Intel AMT in the device BIOS when it is not required,
- where possible, replacing the default Intel AMT password with a secure password,
- ensuring devices are not left unattended in public places.
A security best practices Q&A for Intel AMT can be found at the link below: