F-Secure: new Intel AMT security issue

Intel AMT Security Issue Lets Attackers Bypass Login Credentials in Corporate Laptops

Intel AMT Security Issue Lets Attackers Bypass Login Credentials in Corporate Laptops
Insecure defaults in Intel AMT allow an intruder to completely bypass user and BIOS passwords and TPM and Bitlocker PINs to backdoor almost any corporate laptop in a matter of seconds.

Helsinki, Finland – January 12, 2018: F-Secure reports a security issue affecting most corporate laptops that allows an attacker with physical access to backdoor a device in less than 30 seconds. The issue allows the attacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation. It exists within Intel’s Active Management Technology (AMT) and potentially affects millions of laptops globally. The security issue “is almost deceptively simple to exploit, but it has incredible destructive potential,” said Harry Sintonen, who investigated the issue in his role as Senior Security Consultant at F-Secure. “In practice, it can give an attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”[…]


F-Secure acquires Inverse Path

“Helsinki, Finland – February 16, 2017: Cyber security company F-Secure has acquired privately-held company Inverse Path, an industry leader in providing security services to the avionics, automotive, and industrial control sectors. Inverse Path’s expertise in hardware security and the safety of critical embedded systems strengthens F-Secure’s position as a service provider for businesses in critical sectors with challenging IT infrastructure.[…]”



F-Secure concerns on IoT firmware

From Vincent Zimmer’s Twitter feed, there’s a new article by Tom Gaffney, a Security Advisor at F-Secure Corporation on IoT firmware security concerns:

Is Firmware Kryptonite for Routers and the IoT?

The Internet of Things (IoT) promises to capture people’s dreams for a “smart lifestyle” and turn them into a reality. As manufacturers create new devices and product lines that capitalize on the IoT opportunity, they’re coming across a question cyber security professionals ask everyday – how will device security evolve with the IoT? Skeptics have done a good job demonstrating how far there is to go. There’s no shortage of reports about hackable Internet-connected security cameras or smart cars. But looking at small office and home (SOHO) routers can provide the most useful insights into the security issues facing IoT device manufacturers.  […]

This article has a very broad definition for firmware, any software that is on a device. I wish that people would stop using that, and refer to the system firmware, the various peripheral firmware, and the remaining OS/app software on the embedded device.

Full post:



F-Secure’s Sandboxed Execution Environment project

Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors (Qemu, VirtualBox, LXC) can be employed to run the Test Environments. Plugins can be added to a Test Environment which provides an Event mechanism synchronisation for their interaction. Users can enable and configure the plugins through a JSON configuration file. SEE is for automating tests against unknown, dangerous or unstable software tracking its activity during the execution. SEE is well suited for building modular test platforms or managing executable code with a good degree of isolation. SEE allows to write sandboxed tests both for quick prototyping and for running on production environment. […]

More info: