Flawed Intel chip allows hackers to remotely control switched off PC

The vulnerability had actually remained in the chips for nearly a decade and didn't get detected, until now.

A bug has been discovered in the Intel chips, which lets hackers to remotely gain control over PCs. Reportedly, the vulnerability had actually remained in the chips for nearly a decade and didn't get detected until now. As per the security experts, this bug allows hackers to control a PC's keyboard and mouse, even when the system is turned off, reported IBTimes UK.

As per the report, the bug came in a feature of Intel's Active Management Technology (AMT), which is designed to allow administrators to remotely conduct maintenance work and other tasks such as software updates.

Cris Thomas (AKA SpaceRogue), Strategist for Tenable Network Security told the publication that this vulnerability has the potential to become a big threat. "The vulnerability has been part of the Intel chipsets for years, specifically the Management Engine (ME). The ME runs things like DRM (Digital Rights Management) and does TPM (Trusted Platform Modules) checks as well as AMT. AMT enables systems administrators to re-image bare metal machines over a remote connection," he added.

Thomas also said that AMT requires some privileges and it works separately from any OS installed in a system. "Obviously, with this much power there is some protection: in this case, access to AMT is protected by a password. The vulnerability in AMT is that the password can be bypassed."

According to security researchers at Embedi, the bug allowed anyone to log in without having to input any credentials. The flaw was also confirmed by the security experts at Tenable, who said that it could be exploited very easily, reported the publication.

ZDNet reported that a Shodan search has revealed that over 8,500 devices are currently vulnerable to the flaw, among which, 3,000 belong to the US, said IBTimes UK. However, experts believe that there could be thousands of other devices that can be vulnerable at this moment.

"We expect computer-makers to make updates available beginning the week of May 8 and continuing thereafter," said Intel in a statement.

However, Intel has confirmed to IBTimes SG that it's a chipset firmware issue, not a silicon or "processor" flaw.