Protecting Your Laptop’s BIOS

By   Colin Blumenthal
, Complete I.T. | Sep 11, 2021 05:57 am PST

It’s not just business software and corporate networks that need protection – your computer hardware is vulnerable to cyber-attacks too. Find out why it’s important to keep your hardware secure, and how to keep your business safe. 

Cybercrime is on the rise. Thanks to increasingly sophisticated malware, the greater movement of devices, and our growing dependence on networked technology, our computers, and the data they contain, have never been more at threat. 

Failing to safeguard them can have dire consequences. Companies face the loss of valuable corporate information, passwords, trade secrets, and customer details if an employee’s device is compromised. This is not only disastrous for their business but can land them with hefty fines if their lack of adequate security leaves customer details exposed.

It is therefore paramount that both individuals and companies are doing all they can to protect against cyber threats. But while software and network security are openly discussed and implemented, hardware security is too often neglected. This is a dangerous mistake. If laptop security is to mean anything, it should start at the BIOS.

What is BIOS and why does it need to be protected?

You can invest in the most sophisticated antivirus systems in the world but it will be useless if the BIOS of a laptop is compromised. BIOS stands for Basic Input/Output System and is the firmware that is stored on a small chip on the motherboard. It’s the conductor that kicks things into motion, waking up hardware components, checking they are running correctly, and instructing the laptop’s operating system to start up. Without the BIOS, there is no computer.

This means that the BIOS is the place where good security needs to start. If the BIOS isn’t properly protected, it can get infected with malware or hacked. If this is the case, cybercriminals can hack directly into the laptop’s firmware, read out data or even manipulate it without being detected. However, it’s very hard to spot this as higher-level scans and protective measures are often unable to detect malicious activity at the BIOS level.

Laptops created for business are designed with security tools that make mobile working easier to achieve. For example, most manufacturers have replaced the standard BIOS with the Unified Extensible Firmware Interface (UEFI). It is an operating system that runs on top of the PC’s firmware and gives the laptop the ability to deal with new functionality, such as larger hard drives or supporting faster networking, that traditional BIOS cannot.

However, UEFI is not as secure as the BIOS, largely due to many laptop manufacturers using the same code. This increases the risk of hackers introducing malware into the system, as once they have access to one machine they can access countless devices with just one piece of malicious code.

How can I protect my BIOS?

It’s clear that it’s crucial to protect a laptop’s BIOS. Therefore, in addition to stringent security software, good security hygiene, and keeping up to date with patches, individuals and companies need to be choosing laptops from hardware vendors that are strict on BIOS security.

You should be looking for a vendor that writes its own BIOS, rather than relying on shared code from third parties that makes your computer vulnerable to attack. An additional advantage to this is customisation, as the vendor can provide fine-grained access to hardware components, and it can also support the creation of longer, more secure passwords – up to 50 characters in length – for maximum security.

The vendor should be keeping its BIOS code encrypted and secure in its raw format, so third parties can’t access it or amend it and send out fake versions that they can trick people into using so their devices are insecure. 

You should also make sure it is impossible for anyone to reset the BIOS password without first contacting the laptop vendor and proving their identity. This is more common than you think: the majority of BIOS passwords can be reset via the jumper on the motherboard or by simply taking out the battery and putting it back in again. Finally, the BIOS should allow for tight integration with the associated hardware platform and all its functions. 

Vendors can develop their own BIOS that’s based on the current UEFI standard. They can even go as far as to combine the advantages of both variants into one utility. Within the basic program it is even possible to grant individual access rights. This works on both the software and hardware side and enables IT administrators to specify changes to BIOS passwords only after an identity check by the vendor. This security measure protects against unwanted manipulation by third parties. 

The BIOS on laptops and computers are vulnerable to attack and hardware security needs to be taken as seriously as we take software and network protection. It’s critical to find a vendor that understands the importance of BIOS security and can help you protect your machine. 

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x