In this excerpt from Chapter 5 of The Little Black Book of Computer Security, author Joel Dubin illustrates the ease with which a hacker can bypass a BIOS password and break into a computer.
The essential tools for the physical hacker are the following:
- Phillips screwdriver
- KNOPPIX CD
- KNOPPIX boot floppy disk
- USB key (at least 256 MB)
- Removing the hard drive from the computer and placing it in another computer that has an accessible BIOS
- Moving the appropriate jumper on the motherboard to reset the BIOS settings to the factory defaults (if the jumper exists on that particular motherboard)
- Removing the CMOS battery from the motherboard and then putting it back in, which resets the BIOS settings to the factory defaults
If the BIOS is not password protected, the attacker doesn't even need a screwdriver. He or she can hack into a Windows- or Linux-based computer by using only two items: a KNOPPIX CD and a USB key. KNOPPIX is a Linux distribution that is available for free at knoppix.com and that can be burned onto a single CD. The attacker can boot KNOPPIX from the CD and then copy everything from the hard drive to the USB key. (If the BIOS has been set to disallow booting from the CD drive, the attacker needs only one additional item: a KNOPPIX boot floppy disk, which is available from the same site as the KNOPPIX CD.)
When finished, all the attacker needs to do is remove the KNOPPIX CD, the USB key, and the KNOPPIX boot floppy disk (if used) and then restart the computer. Windows or Linux will start, and no evidence that anyone ever tampered with the system will exist.
Read Chapter 5, Take care of physical security, to learn how to protect your desktops.