5

How would I fully secure my bios password/other settings from being reset/breached by pulling the battery out or by other means?

Anders
  • 65,052
  • 24
  • 180
  • 218
Ancient
  • 51
  • 1
  • You may look at that question: https://security.stackexchange.com/questions/86971/protecting-the-bios-from-malware – JackSparrow May 15 '17 at 08:51
  • 1
    glue, used correctly, can make such an attack take a lot longer. – dandavis May 15 '17 at 14:04
  • 1
    Securing BIOS alone is kind of useless - if the attacker can access the battery, then they can also access all the information on the computer by simply removing all the storage devices, or alternatively "augment" the computer with e.g. hardware keyloggers and backdoor. IMHO none of the most likely attacks require the attacker to reset/breach your BIOS password and other settings. – Peteris May 17 '17 at 17:11
  • 1
    Wife, Children or NSA? – eckes May 18 '17 at 23:05
  • It does seem rather strange that there's not a hardware switch to lock the BIOS against flashing. I wonder if there's a chance that a unique pin might be involved in setting the flash state, such that it might be possible to physically disconnect that pin (e.g. with wire cutters) to prevent flashing? Or, if all else fails, a way to check if the BIOS is currently being flashed, such that a background process can continually poll it and log/report flashes? – Nat May 19 '17 at 03:35

1 Answers1

1

Sorry - there is simply no (electronical) way to protect the bios against pulling out and put back in the battery. Thus there is no way to protect the password and the settings against erasing, if the attacker has physical access to the PC. But a broken bios password is not the end: you have to encrypt the whole disk to secure the data against being stolen or altered (but not against erasing, for this you have a - encrypted - backup to be safe). There ist just no other way against attackers with physical access.

A bios password is usefull to prevent the hidden stealing of passwords or data through secretly booting the pc from a live-dvd or bootable USB-Stick (e.g. http://www.komku.org/2013/02/how-to-reset-windows-7-password-step-by.html), if the PC is sealed or like this.

user689443
  • 88
  • 4
  • There is absolutely a way to protect and store the BIOS configuration electrically, it’s called EEPROM. – Ramhound Feb 11 '19 at 23:48