Security Expert Defeats Lenovo Laptop BIOS Password With a Screwdriver
www.tomshardware.com
Once into the BIOS via this screwdriver hack, it is a cinch to reset or disable the password requirement.
  • Sören
    151 year ago

    I am a bit of security expert myself!

    pulls out screwdriver

    • @unix_joe@lemmy.sdf.org
      21 year ago

      IBM ThinkPads could be reset if you beamed a certain radio frequency directly at the BIOS chip. It was documented in the user guide as a feature if you were ever locked out, or the system was no longer booting. It’s been 20 years but I doubt that feature ever went away.

      • @JohannesOliver@beehaw.org
        11 year ago

        For a while vendors tried to lock down the BIOS pretty hard. Dell might still, I remember having to call and get assistance when a password was forgotten and they had to generate a backdoor key of some sort. Maybe that is less of a thing now that Bitlocker is widely used on corporate laptops and it is sensitive to tampering.

  • @bouncing@partizle.com
    31 year ago

    BIOS passwords have only ever been to deter unsophisticated attacks. Though this is more unsophisticated than the rest.

        • @cmnybo@discuss.tchncs.de
          21 year ago

          Most motherboards store the password in SRAM along with all of the other BIOS settings. Removing or shorting the backup battery will clear everything.

          Some motherboards store the password in non volatile memory. That’s usually done in computers intended for business use. If you forget the password, you have to get a reset code from the manufacturer after proving that you are the owner of it.

        • meat_popsicle
          21 year ago

          It’s a little difficult to reset the password if it’s lost otherwise.

          • @PenguinTD@lemmy.ca
            11 year ago

            Just Google the board reset methods from the brand(Asus/gigabyte/MSI/etc) modern board usually have more than one way to regain bios access.

  • Zaytalion
    11 year ago

    It’s even more trivial to remove the hard drive and read/write it directly, possibly even booting it on a separate system directly or in a virtual machine. BIOS passwords (on all x86 systems, not just Lenovo) provide very limited security benefits, but they can be sufficient for some basic security requirements.

    • @Moonrise2473@feddit.itOP
      01 year ago

      Well right now it’s more secure than a decade ago

      Today a locked BIOS + strong windows password could render a stolen computer almost useless if:

      1. Storage is encrypted with keys stored in the CPU tpm (default)

      2. Nand is soldered

      3. Secureboot is enforced strictly so only windows could boot (default)

      4. Before locking the bios with a password, all booting options are disabled except internal storage