NCR Warns ATM Motherboards Also Affected by Hijacking Flaw
The critical Active Management Technology flaw in many Intel chipsets can be remotely exploited using any password – or even no password at all – to gain full access to a system, security researchers warn. Numerous systems and even ATMs will require forthcoming firmware fixes.
AMT is remote-management software installed on many vPro chipsets. While it’s designed to require a username and password before it can be accessed, Maksim Malyutin, a researcher at embedded security firm Embedi, reverse-engineered the AMT code in February and found that the authentication checks can be bypassed using simple tools and only about five or 10 lines of code.