Full Disclosure: IBM Laptop harddisk password bypass

["Frank Bussink" <frank_bussink () hotmail com>]

A feature badly configured or a bug on most of the IBM laptops T model and X 
model allows to access to the hard-disk without entering the password by 
using the WOL feature.
(Tested on T40, T41, T42, X24, X30, X40 )

By default : WOL feature is on
By default : Network boot order contains CD-ROM
Most people enter the same bios and hard-disk password ( as 2 diffenrent 
passwords is too much for most users )
Step-by-step
############

- Plug-ins the power supply in the laptop
- Insert a bootable CDrom (not a DOS one, but for example a WinPE or a WINXP 
made with Bart )
- Plug-In the network
- OpenUp the laptop without powering it up.

- Send from another computer a WOL packet ( my tool for Win32 
http://frank.bussink.ch/download/wol.zip)  with the mac address of the 
laptop
- don't touch a key
- after 90 seconds waiting the laptop will boot on the CD-ROM
- so if the hard-disk is not encrypted you can now access the hard-disk data 
!

For Security Administrators :
##########################
To secure the laptops, uncheck the WOL feature in the BIOS or if you need 
WOL capabilities,
leave only the hard-disk in the Network boot order.
The best will still to implement a hard-disk encryption solution.

Have fun
Frank

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/