Researchers Bypassed BIOS Passwords on Lenovo Laptops
CyberCX’s cyber security experts trust fair no longer too prolonged previously unveiled a fashion to consistently bypass the protection of older Lenovo Laptops with BIOS locked, elevating extreme security components among customers.
One in every of the executives on the company elaborated on a straightforward formulation the utilize of a standard screwdriver to connect specific pins on an EEPROM (Electrically Erasable Programmable Be taught-Most productive Memory) chip, allowing customers to assemble unrestricted entry into the BIOS.
After that, a lickety-split prognosis of the BIOS settings show used to be wanted to deactivate any BIOS password.
Moreover, the BIOS password bypass demonstrations performed by CyberCX were carried out on plenty of Lenovo laptops that were no longer actively mild.
BIOS Password Bypass
It has been found that these laptops’ BIOS has a vulnerability attributable to the EEPROM being separate from the predominant BIOS chip.
Lenovo computer computer motherboards utilize an 8-Pin TSSOP (Skinny Shrink Small Outline Bundle) for the EEPROM.
Security analysts can distinguish assorted SOP, TSSOP, and TMSOP-8 programs by conscientiously staring at every chip on the computer computer motherboard.
Whereas verbal change throughout the Inter-Integrated Circuit (I2C or I2C) protocol is how the EEPROM operates.
Researchers mild this files on a Lenovo computer computer to title the BIOS EEPROM.
Then proceed with an assault concentrated on the pins that now we trust got mentioned below to utilize or disrupt the verbal change:-
- Serial Clock (SCL) pins
- Serial Files (SDA) pins
Right here below, now we trust got mentioned the computer computer items that the protection researchers utilize in this prognosis:-
- Lenovo ThinkPad L440 (launched Q4 2013)
- Lenovo ThinkPad X230 (launched Q3 2012)
The following sequence of actions desires to be performed to realize a profitable assault on the BIOS password of a Lenovo L440 computer computer:-
- Find the aesthetic EEPROM chip.
- Find the SCL and SDA pins.
- Short the SCL and SDA pins on the finest time.
The Lenovo L440 had three chips that in part met the kit and pinout standards experts were attracted to.
To quick title if the chip is eligible, experts sought for the following two issues:-
- The serial quantity
- The notice EEPROM
By inspecting chips that appear promising on the mainboard and researching their collection numbers, it’s miles conceivable to pinpoint the aesthetic EEPROM to target sooner or later.
For the ThinkPad L440, the chip is mostly labeled as L08-1 X, even supposing this may no longer at all times be true.
By placing a screwdriver tip between two of the chip’s legs, that you simply can without danger short the pins of the L08-1 X chip.
The experts initiated the computer computer and utilized a refined formulation identified as the “elite” technique.
Whereas this form involves forcefully bridging the SCL and SDA pins with a miniature screwdriver to make a transient circuit, which permits them to assemble pick up true of entry to to the BIOS.
Subsequent, the predominant job is to hyperlink the SCL and SDA pins with an oscilloscope.
Watching the verbal change between the BIOS and the EEPROM all the procedure by the booting assignment becomes conceivable as soon as the appropriate pins are linked to the oscilloscope.
Files transmission can happen fully when the bus is on hand and never in utilize. Moreover the “Bus no longer Busy” condition, the knowledge and clock lines cease high.
Under the originate and cease mechanism, the following issues will happen in sequence:-
- BIOS would set apart a originate listing.
- Send the knowledge.
- Lastly, ship a cease signal to indicate the cease of a verbal change.
At this level, the BIOS wants a originate signal. In every other case, the computer computer won’t originate. For this reason it’s no longer conceivable to at as soon as connect the pins sooner than starting up off the computer.
It is miles extreme to present that as soon as finding out the oscilloscope, the yellow line represents SCL (Clock), and the purple line represents SDA (Files).
Additionally, contributing to the intricacy, clear BIOS diversifications incorporate the TPM or use encryption or hashing algorithms to stable the BIOS password.
Learning the knowledge from the EEPROM is now fully conceivable, and the bypass currently functions.
Prevention For Lenovo Laptops
First of all, this entire assignment requires total bodily pick up true of entry to, and even it doubtlessly requires a pair of hours as a minimum.
However, here below, now we trust got mentioned some preventive measures that the experts provide:-
- Ensure to set apart fat disk encryption with a Passphrase and TPM.
- To expand the grief, manufacturers may support in mind integrating the BIOS and EEPROM programs true into a single SMD (Surface Mount Tool).
Enforcing the above-mentioned preventive measures will serve you stable your mild computer computer.
This requires conducting a chip-off assault to intercept the verbal change in an analogous fashion.
Source credit : cybersecuritynews.com