Commenting on reports that Intel’s IPMI (Intelligent Platform Management Interface) allows hackers remote access to servers – even when the server is switched off – Lieberman Software says the technology is an electronic accident waiting to happen in many major corporations.

Philip Lieberman, president of the privileged identity management specialist, says that IPMI was introduced in the late 1990s by Intel to allow system administrators to manage a computer system and monitor its operation.

“As a message-based, hardware-level interface specification, the IPMI sub-system operates independently of the operating system – allowing admins to manage a system remotely in the absence of an operating system - or the system management software,” he said.

“Put simply, it allows remote access to the server – and some high-end desktops – in the presence of just power and a network connection, even if the server is ostensibly turned `off’ and the operating system has not booted. Bottom line? You can be hacked even when your systems are switched off,” he added.

The Lieberman Software president went to say that, although IPMI is supported by a number of specialist applications, because the technology is so old, many network and security admins may be unaware of its existence, although it is likely – especially now the loophole has been reported on – that hackers will have exploited the issue.

This is one of those long-running technology loopholes that cybercriminals love, as it allows them low-level backdoor access to into corporate servers, he says.

Have hackers exploited this technology already? Almost certainly is the answer, though I suspect that the exploits are going to increase in the wake of this news report, he adds.

It is worth noting, Lieberman explains, that whilst the development of IPMI was led by Intel in the late 1990s, the technology has been supported by more than 200 vendors (http://intel.ly/KsARmx) and whose technology is widely distributed in the world of corporates and their data centres

The good news, he notes, is that IPMI can be turned off, but since it is left on by default and many network/security admins are unaware of its existence, there is a clear and present danger from the technology.

“There are also products that prevent hackers from exploiting the IPMI backdoor loophole which automatically discover, secure, track and audit the privileged account passwords in the cross-platform enterprise,” he said.

“So help is at hand! As well as ensuring the accountability of showing precisely who had access to sensitive data, at precisely what time and for what stated purpose, users can use the solutions to help prevent unauthorised, anonymous access to an organisation’s most crucial proprietary data,” he added.

 For more on Lieberman Software: http://www.liebsoft.com

For more on the IPMI security issue: http://bit.ly/Ksy25c

 ENDS (500 words)