Security experts bypass BIOS-locked laptop using just a screwdriver

[AlphaX]

The big picture: Computers with a password-locked BIOS can be a bit of a hassle. While the intention of the feature is to ensure the privacy and security of the device, passwords can be easily forgotten or maliciously enabled. What can you do in this situation? Reach for a screwdriver, perhaps.

Experts at cybersecurity firm CyberCX unintentionally put themselves in this exact situation. Old Lenovo L440 laptops the company used in the past had their BIOS "conveniently locked" once the devices were decommissioned. The experts decided to use the computers as test subjects to learn how to break through BIOS passwords.

While the initial thought was to remove the CMOS battery, in recent years, manufacturers have begun keeping BIOS passwords on non-volatile storage, meaning a reset would do nothing. The experts then decided to target a specific chip on the motherboard, the Electrically Erasable Programmable Read-Only Memory (EEPROM) chip. Bypassing this module could result in skipping the password prompt entirely.

They quickly ran into an issue with this: finding the correct chip. The laptops had two other chips that looked similar to the specific EEPROM they were searching for. Once a user identifies the correct chip, the steps to bypass the BIOS password are rather simple, with the hardest part being locating the specific pins that need to be shorted:

• 1. Locate the correct EEPROM chip.
• 2. Locate the SCL and SDA pins.
• 3. Short the SCL and SDA pins at the correct time.

It is worth noting that the timing is not very strict; in fact, it is rather lenient. In the embedded video within the original post, the expert performing the bypass simply shorts the pins after powering the laptop. If you perform the trick correctly, you should load right into the BIOS with no password prompt, enabling you to disable said password.

Unfortunately, this trick will likely only work on older laptops, as manufacturers have recently begun merging the BIOS and EEPROM chips together in a Surface Mount Device (SMD). This change means a bypass on a modern laptop would require an "off-chip attack," which is significantly more difficult to pull off, especially for ordinary users.

Permalink to story.

https://www.techspot.com/news/99091-security-experts-bypassed-bios-locked-laptop-using-screwdriver.html

 

[UdyrL]

If someone has your laptop to a point where it's already open and being maliciously touched by a metal stick, then your BIOS password reset is the least of your worries.

 

[Lounds]

This would have been really useful to me in the past. Nowadays it's not worth fixing older laptops.

 

[Mr Majestyk]

There's a pattern though of seeing Lenoblo featured in all these sorts of articles. Buyers beware, Lenoblo are a security risk full stop.

 

[nismo91]

Well uh Lenovo L440 came with 4th gen Intel Core so I believe it's 9-10 years old at this point. I know not everyone can afford new computers but it's just old...

this is probably helpful for people who wanted to repurpose all these locked decommisioned laptops for use in third world country. but then again people who got lots of these probably just pull of the SATA drive and sold the laptop driveless. why would they bother to lock the bios after removing the drive.

I actually want to know what's exactly the risk with throwing away driveless laptop because we already got so much e-waste it's just sad to lock one up knowing they're gonna be landfilled anyway.

 

[BakaRed77]

Pretty sure shorting out boards to erase bios passwords is not new....

 

[schwaggins]

I did this 15 years ago the BIOS data sheet tells you how to do it it's not new at all.

 

[GNovak]

Lenovo was headquartered in Hong Kong. The Chinese Communist Party CCP recently decided that their agreement with England to allow Hong Kong 50 years of freedom before folding it into mainland China was discarded. Lenovo is now operated by Chinese Communist Party. The chips and firmware are all likely have backdoors. Caveat Emptor.

 

[Gars]

Oh yes, this boards dont have where to put jumper right