Hacker Neue

Preferences
leereeves parent
Can you brute force a BIOS password without prolonged physical access?

The leak does increase the risk of a single trusted insider messing with the system, though.

jeroenhd
I personally don't put much trust in the security of BIOS vendors. My desktop's motherboard straight up displays the BIOS password if you read the right EFI boot variable (obfuscated with some proprietary "encryption" algorithm with a hard coded key).

Based on previous reports on the security of devices like these, I wouldn't be surprised if a quick flash dump of the NVRAM is enough to crack the password in seconds already. Perhaps voting machine manufacturers have finally made it too difficult to disassemble these machines in a short amount of time, but that's historically not been very difficult.

I would reckon the access time needed to hack+access the BIOS lies in the area of "a few minutes, twice", not the kind of prolonged physical access you'd need to brute force the password.

That's not exactly "someone posing as a voter could hack the machine", luckily, but then again apparently at least one hacker at DEF CON found a vulnerability in voting machines this year that won't be fixed before the upcoming American elections, so who knows if there's an exploit like that lying around.

cushpush
Every vote counts. The problem is that some votes are counted twice.
cushpush
"Can you without prolonged access?" Hahaha have you heard of any of the three letter agencies and what they have on hand? Do you know what a rainbow table is? Is this a tech forum, or just newbies trolling experts?
leereeves OP
I guess I wasn't clear. I'm asking you to describe exactly what scenario you're imagining. You can't simply assume the attacker already has the bios password hash. How do they get that? And if they can get that, why do they still need to brute force the bios password? Why can't they do what they need to do already?

Do you know of a vulnerability that allows someone to access the bios password hash but can't also be used to hack the election without bothering with the bios password?

This item has no comments currently.

Keyboard Shortcuts

Story Lists

j
Next story
k
Previous story
Shift+j
Last story
Shift+k
First story
o Enter
Go to story URL
c
Go to comments
u
Go to author

Navigation

Shift+t
Go to top stories
Shift+n
Go to new stories
Shift+b
Go to best stories
Shift+a
Go to Ask HN
Shift+s
Go to Show HN

Miscellaneous

?
Show this modal