Published in PC Hardware

Kiwi and Aussie security experts hack older BIOS-locked laptops

by on16 June 2023


All your need is a screwdriver

 A team of Aussie and Kiwi cyber security experts at CyberCX can hack their way into any older laptop with just a screwdriver and a six-pack of DB.

CyberCX has been showing the interwebs how to gain access to a laptop by shorting some EEPROM chip pins with a simple screwdriver to access a fully-unlocked BIOS. Then all it took was a quick poke around the BIOS settings screen to disable any BIOS password.

2023 06 15 image 20 j

The blog shows that the easily reproducible bypass is viable on the Lenovo ThinkPad L440 (launched Q4 2013) and the Lenovo ThinkPad X230 (launched Q3 2012). Other laptop and desktop models and brands that have a separate EEPROM chip where passwords are stored may be vulnerable in the same way.

This means that all those used laptops which are sold for spares as they are practically disabled from re-use due to a BIOS lock in place are suddenly useful and any information available on them readable.

CyberCX says that some modern machines with the BIOS and EEPROM packages in one Surface Mount Device (SMD) would be more difficult to hack in this way, requiring an "off-chip attack."

The cyber security firm also says that some motherboard and system makers already use an integrated SMD. Those particularly worried about their data, rather than their system, should implement "full disk encryption [to] prevent an attacker from obtaining data from the laptop’s drive," says the security outfit.

 

Last modified on 16 June 2023
Rate this item
(3 votes)

Read more about: