CATEGORIES
home IT Infrastructure Security

Security Researchers Discover BIOS Password Bypass On Lenovo Laptops

by Nathan OrdFriday, June 16, 2023, 02:25 PM EDT
hardware researchers discover bios password bypass on lenovo laptops
We like to joke about percussive maintenance when we talk about tools and technology. A good swift hit with a hammer can fix a lot of issues, right? Well, one researcher out of New Zealand found it was possible to use a screwdriver to reset the BIOS password for a Lenovo laptop.

If you’ve ever run into an issue with your BIOS, whether you dialed in a bad overclock or tweaked some settings you shouldn’t have, you might have had to reset it. Some motherboards are designed with this in mind, offering a physical button you can hit to reset or flashback the BIOS. If that is not the case, though, you would have to get in and reset settings in BIOS or pull the coin battery and wait a bit for it to reset. However, even that is not foolproof, especially if you must reset a BIOS password you inconveniently forgot or inherited the device and never knew it to begin with.

lenovo laptop hardware researchers discover bios password bypass on lenovo laptops

Funnily enough, the researchers and IT folks over at CyberCX ran into this latter problem and tried to pull the battery. Sadly, this did not work as the password was found to be saved to non-volatile memory, so even with power loss, the password was retained. Thankfully, an older vulnerability was used for inspiration wherein if the Erasable Programmable Read-Only Memory (EPROM) could be intercepted or interrupted, the BIOS password could potentially be bypassed. EPROM would typically be reset using exposure to ultraviolet light, but modern devices use Electrically Erasable PROM (EEPROM) that can be reset with an electrical signal.

After tearing down the locked-out Lenovo laptops, the researchers found the EEPROM to tinker with. As with older exploits, you can just “[jam] a small screwdriver across the SCL and SDA pins to short them until entering the BIOS.” Of course, the password would still be stored, so you would have to change it, but this process gets you in the door.

In addition, though the researcher here specifically targeted a Lenovo machine, this crude hack could theoretically work with just about any laptop on the market, and not just Lenovo.

While not everyone will have to run through this process, anyone could follow the tutorial if they run into a BIOS password issue, whether they buy a second-hand laptop or have one passed down at work. We wouldn't fuss about this too much from a security perspective, either. Once a bad actor has physical access to your device, it is usually game over already anyway.
Tags:  Lenovo, security, BIOS, eeprom
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment