this post was submitted on 16 Jun 2023
39 points (100.0% liked)

Technology

39817 readers
154 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org
39
Security Expert defeats Lenovo Laptop BIOS password with a screwdriver (www.tomshardware.com)
submitted 2 years ago by Moonrise2473@feddit.it to c/technology@beehaw.org
11 comments fedilink hide all child comments
top 11 comments
sorted by: hot top controversial new old
[–] soeren@iusearchlinux.fyi 14 points 2 years ago

I am a bit of security expert myself!

pulls out screwdriver

[–] JohannesOliver@beehaw.org 8 points 2 years ago (1 children)

In the past they had jumpers for the same purpose.

[–] unix_joe@lemmy.sdf.org 2 points 2 years ago (1 children)

IBM ThinkPads could be reset if you beamed a certain radio frequency directly at the BIOS chip. It was documented in the user guide as a feature if you were ever locked out, or the system was no longer booting. It's been 20 years but I doubt that feature ever went away.

[–] JohannesOliver@beehaw.org 1 points 2 years ago

For a while vendors tried to lock down the BIOS pretty hard. Dell might still, I remember having to call and get assistance when a password was forgotten and they had to generate a backdoor key of some sort. Maybe that is less of a thing now that Bitlocker is widely used on corporate laptops and it is sensitive to tampering.

[–] bouncing@partizle.com 2 points 2 years ago (1 children)

BIOS passwords have only ever been to deter unsophisticated attacks. Though this is more unsophisticated than the rest.

[–] Moonrise2473@feddit.it 0 points 2 years ago (1 children)

like just removing the battery to reset the CMOS

[–] bouncing@partizle.com 1 points 2 years ago (3 children)

That hasn’t worked in a while, has it?

[–] Moonrise2473@feddit.it 2 points 2 years ago

on DIY motherboards it still works like this

[–] meat_popsicle@kbin.social 2 points 2 years ago

It’s a little difficult to reset the password if it’s lost otherwise.

[–] cmnybo@discuss.tchncs.de 2 points 2 years ago

Most motherboards store the password in SRAM along with all of the other BIOS settings. Removing or shorting the backup battery will clear everything.

Some motherboards store the password in non volatile memory. That's usually done in computers intended for business use. If you forget the password, you have to get a reset code from the manufacturer after proving that you are the owner of it.

[–] Zaytalion@partizle.com 1 points 2 years ago

It's even more trivial to remove the hard drive and read/write it directly, possibly even booting it on a separate system directly or in a virtual machine. BIOS passwords (on all x86 systems, not just Lenovo) provide very limited security benefits, but they can be sufficient for some basic security requirements.