[rcxdude]

There have been two really severe AMT vulnerabilities (basically allowing complete takeover of the PC through the network). These have been patched and no widescale exploitation of them has been reported AFAIK. The other vulnerabilities essentially allow for a super-rootkit: if you can get arbitrary code execution in the AMT from the OS then you can escalate an exploit into a rootkit which is basically impossible to detect or remove, and this kind of exploitation has been seen in the wild.

[cantrevealname]

> severe AMT vulnerabilities (basically allowing complete takeover of the PC through the network)

Does this mean when the PC was connected by ethernet cable? Even by wifi? The exploit could have worked by visiting an arbitrary website? With no click? (I’m not being skeptical. I just want to understand what’s required for the exploit to work.)

[wlesieutre]

Here’s one from 2017: https://www.tomshardware.com/news/intel-amt-patch-may-8,3434...

Connected to Ethernet (with Intel hardware), but doesn’t need to be turned on. Must have vPro and AMT enabled.

[swiley]

You don't even need to boot the machine much less go to a website.

One of them I think was actually a zero day, you could get up on shodan and find piles of machines that would just let you upload an ISO and boot whatever you wanted on them.

It really is that bad.

[corty]

When the computer is off: WiFi would also work if it were configured with an ESSID and credentials. But usually, most people dont't do this.

When it is on: AMT Wifi might also just piggyback on the existing config of the OS.