We prefer to joke about percussive upkeep after we discuss instruments and expertise. A great swift hit with a hammer can repair a whole lot of points, proper? Well, one researcher out of New Zealand discovered it was potential to make use of a screwdriver to reset the BIOS password for a Lenovo laptop computer.
If you’ve ever run into a difficulty together with your BIOS, whether or not you dialed in a nasty overclock or tweaked some settings you shouldn’t have, you may need needed to reset it. Some motherboards are designed with this in thoughts, providing a bodily button you’ll be able to hit to reset or flashback the BIOS. If that’s not the case, although, you would need to get in and reset settings in BIOS or pull the coin battery and wait a bit for it to reset. However, even that’s not foolproof, particularly for those who should reset a BIOS password you inconveniently forgot or inherited the machine and by no means knew it to start with.
Funnily sufficient, the researchers and IT of us over at CyberCX bumped into this latter downside and tried to tug the battery. Sadly, this didn’t work because the password was discovered to be saved to non-volatile reminiscence, so even with energy loss, the password was retained. Thankfully, an older vulnerability was used for inspiration whereby if the Erasable Programmable Read-Only Memory (EPROM) might be intercepted or interrupted, the BIOS password may doubtlessly be bypassed. EPROM would sometimes be reset utilizing publicity to ultraviolet mild, however fashionable gadgets use Electrically Erasable PROM (EEPROM) that may be reset with {an electrical} sign.
After tearing down the locked-out Lenovo laptops, the researchers discovered the EEPROM to tinker with. As with older exploits, you’ll be able to simply “[jam] a small screwdriver throughout the SCL and SDA pins to quick them till coming into the BIOS.” Of course, the password would nonetheless be saved, so you would need to change it, however this course of will get you within the door.
While not everybody must do that course of, anybody may comply with the tutorial in the event that they run right into a BIOS password, whether or not they purchase a second-hand laptop computer or have one handed down at work. We would not fuss about this an excessive amount of from a safety perspective, both. Once a nasty actor has bodily entry to your machine, it’s normally sport over already.
