Researchers Bypassed BIOS Password on Lenovo Laptops

Researchers Bypassed BIOS Password on Lenovo Laptops

CyberCX’s cyber security experts have recently unveiled a way to consistently bypass the security of older Lenovo Laptops with BIOS locked, raising severe security issues among users.

One of the executives at the company elaborated on a simple method using a regular screwdriver to connect specific pins on an EEPROM (Electrically Erasable Programmable Read-Only Memory) chip, allowing users to gain unrestricted entry into the BIOS.

Read moreBuilding cyber skills and roles from CyBOK foundations

After that, a quick analysis of the BIOS settings screen was needed to deactivate any BIOS password.

Moreover, the BIOS password bypass demonstrations conducted by CyberCX were done on several Lenovo laptops that were no longer actively used.

BIOS Password Bypass

Read moreAccessibility as a cyber security priority

It has been discovered that these laptops’ BIOS has a vulnerability due to the EEPROM being separate from the primary BIOS chip.

Lenovo laptop motherboards use an 8-Pin TSSOP (Thin Shrink Small Outline Package) for the EEPROM.

Read moreNew interactive video - and related downloads - to help secondary school kids stay safe online

Security analysts can distinguish various SOP, TSSOP, and TMSOP-8 packages by carefully observing each chip on the laptop motherboard.

While communication via the Inter-Integrated Circuit (I2C or I2C) protocol is how the EEPROM operates.

Read moreNigerian Cybercrime Ring's Phishing Tactics Exposed

Researchers used this information on a Lenovo laptop to identify the BIOS EEPROM.

Then proceed with an attack targeting the pins that we have mentioned below to exploit or disrupt the communication:-

Read moreS3 Ep135: Sysadmin by day, extortionist by night

Serial Clock (SCL) pins

Serial Data (SDA) pins

Read moreUS offers $10m bounty for Russian ransomware suspect outed in indictment

Here below, we have mentioned the laptop models that the security researchers use in this analysis:-

Lenovo ThinkPad L440 (launched Q4 2013)

Read moreBelkin Wemo Smart Plug V2 – the buffer overflow that won’t be patched

Lenovo ThinkPad X230 (launched Q3 2012)

The following sequence of actions should be performed to accomplish a successful attack on the BIOS password of a Lenovo L440 laptop:-

Read moreZut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France

Locate the correct EEPROM chip. 

Locate the SCL and SDA pins. 

Read moreHeads Up CEO! Cyber Risk Influences Company Credit Ratings

Short the SCL and SDA pins at the right time. 

The Lenovo L440 had three chips that partially met the package and pinout criteria experts were interested in.

Read moreCISA, NSA Issue New IAM Best Practice Guidelines

To quickly identify if the chip is eligible, experts searched for the following two things:-

The serial number

Read more6 Ways to Mitigate Risk While Expanding Access

The word EEPROM

By inspecting chips that appear promising on the mainboard and researching their series numbers, it is possible to pinpoint the correct EEPROM to target eventually.

Read moreHypervisors and Ransomware: Defending Attractive Targets

For the ThinkPad L440, the chip is typically labeled as L08-1 X, although this may not always be right.

By placing a screwdriver tip between two of the chip’s legs, you can easily short the pins of the L08-1 X chip.

Read moreNIST Launches Cybersecurity Initiative for Small Businesses

The experts initiated the laptop and utilized an advanced method known as the “elite” technique.

While this technique involves forcefully bridging the SCL and SDA pins with a small screwdriver to create a short circuit, which enables them to gain access to the BIOS.

Read moreEducating Your Board of Directors on Cybersecurity

Next, the primary task is to link the SCL and SDA pins with an oscilloscope.

Observing the communication between the BIOS and the EEPROM during the booting process becomes possible once the appropriate pins are connected to the oscilloscope.

Read morePersonal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack

Data transmission can occur solely when the bus is available and not in use. In addition to the “Bus not Busy” condition, the data and clock lines stay high.

Under the start and stop mechanism, the following things will happen in sequence:-

Read moreMany Vulnerabilities Found in PrinterLogic Enterprise Software

BIOS would perform a start command.

Send the data.

Read moreIndustrial Giant ABB Confirms Ransomware Attack, Data Theft

Lastly, send a stop signal to signify the end of a communication.

At this point, the BIOS needs a start signal. Otherwise, the laptop won’t start. That is why it is not possible to directly connect the pins before starting up the computer.

Read moreOrganizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation

It is important to note that when reading the oscilloscope, the yellow line represents SCL (Clock), and the purple line represents SDA (Data). 

Additionally, contributing to the intricacy, certain BIOS variations incorporate the TPM or utilize encryption or hashing algorithms to secure the BIOS password.

Read moreGoogle Cloud Users Can Now Automate TLS Certificate Lifecycle

Reading the data from the EEPROM is now entirely possible, and the bypass currently functions.

Prevention For Lenovo Laptops

First of all, this entire process requires complete physical access, and even it potentially requires a few hours at least.

Read moreZyxel Firewalls Hacked by Mirai Botnet

But, here below, we have mentioned some preventive measures that the experts offer:-

Make sure to perform full disk encryption with a Passphrase and TPM.

Read moreWatch Now: Threat Detection and Incident Response Virtual Summit

To increase the difficulty, manufacturers may consider integrating the BIOS and EEPROM packages into a single SMD (Surface Mount Device).

Implementing the above-mentioned preventive measures will help you secure your old laptop.

Read moreNCC Group Releases Open Source Tools for Developers, Pentesters

This requires conducting a chip-off attack to intercept the communication similarly.

Looking For an All-in-One Multi-OS Patch Management Platform – Try Patch Manager Plus

Read moreMemcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation

The post Researchers Bypassed BIOS Password on Lenovo Laptops appeared first on Cyber Security News.

   Read More 

Read morePyPI Enforcing 2FA for All Project Maintainers to Boost Security

Cyber Security News 

Related Posts

FBI’s Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty
FBI’s Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty

FBI’s Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty

[[{“value”:”A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021.
Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S. last year. He was added to the FBI’s most-wanted list in 2012.
The U.S.”}]]   Read More 

The Hacker News | #1 Trusted Cybersecurity News Site