10

According to this article Dell Support can help a user to gain access to data after forgetting the HDD password:

Once Dell Support has provided the reset password, you enter this when prompted and then press Ctrl + Enter to complete the process.

... the BIOS should accept the reset password, clear the password, and allow access to the hard drive.

Isn't this a security flaw? Shouldn't only someone who knows the HDD password have access to data?

Does other PC / BIOS / motherboard manufacturers provide similar means?

What is a good resource for understanding how hardware based disk encryption (FDE?) works and how the procedure described above is possible?

(The message was posted also here.)

haba713
  • 215
  • 2
  • 7
  • 1
    I've noticed that at least MSI PRO Z690-A motherboard has this feature. How general is this for example among laptop manufacturers / models or is Dell the only one? – haba713 Mar 11 '22 at 14:04
  • 8
    A fundamental rule that applies here: all security is in service of protecting the user, and _usability_ is a critical metric by which security should be measured. Security maximalism at the expense of usability is a failure in design. – Polynomial Mar 11 '22 at 18:38
  • Nobody sane relies on hardware encryption so it's no big deal if it's broken by a phone call – Navin Mar 11 '22 at 23:11
  • Doesn't a *reset* password only allow for "secure erase" of a hardware-encrypted drive? That is, yes, it clears the encryption password and allows access to the drive, but all the data is encrypted in the now lost cleared password and thus unrecoverable. – mpez0 Mar 13 '22 at 23:30

3 Answers3

12

It's a security feature for sure; it's good for data recovery if password is lost. Dell has implemented further security controls to guard against misuse:

When contacting Dell Technical Support, you are asked to confirm the information below for security reasons: Ownership of the computer. Whether you are authorized to clear the password on the computer.

So to reset the password, you would need physical control and proof of ownership. I assume that they have established reasonable parameters for proving ownership, and that the benefits of password reset outweigh the risks.

Rodrigo Murillo
  • 1,927
  • 11
  • 17
  • 14
    One thing to note is that a compromise of Dell's infrastructure or a social engineering attack with enough sophistication might allow malicious actors to obtain a reset password without official permission. – Nzall Mar 11 '22 at 21:02
  • 4
    So in effect, Dell has the ability to backdoor into anyone's computer if need be? – IT_User Mar 12 '22 at 01:11
  • 4
    In lieu of those two proofs a court order would probably work too, – Jasen Mar 12 '22 at 01:37
  • Dell is tracking ownership of their laptops. [Some info on dell.com](https://www.dell.com/support/kbdoc/en-us/000125103/ownership-transfer-and-dell-product-registration-guides). – gronostaj Mar 12 '22 at 21:18
  • What about sites like bios-pw? That doesn't require proof of ownership – Canadian Luke Mar 13 '22 at 01:52
  • 1
    @IT_User This backdoor requires physical access though. – Federico Poloni Mar 13 '22 at 09:41
10

I believe it's just a feature that they're giving to their users. The link also says the below:

For HDD Passwords: Share the Service Tag and the hard drive serial number that is mentioned at the top of the screen.

Only if you give them the service tag and hard drive serial number, perhaps only then they would be able to give you the reset password.

Let's say after getting the password, you don't want anyone else to access your hard disk, you could probably buy a new hard disk. I'm assuming it would require a new reset password because the same link also says:

The hard drive reset password is tied to the hard drive-serial number and not the computer Service Tag.

Of course, you can encrypt the disk using, say, Bitlocker, and I suppose even if someone is able to access your hard drive with the reset password, they wouldn't be able to get anything because the data is encrypted with your key. You can get lots of resources online on how FDE works.

pri
  • 4,438
  • 24
  • 31
4

I believe you are referring to ATA password, in which case mistake here is to consider this a security feature.

You will find lots of tools to bypass such password (for instance, here's a list).

Not only can Dell reset your password, you most likely can do it too, and to go the extra mile, this password is stored in the HDD PCB, so swapping that PCB with another will give you full access.

ATA password will "protect" you against a low skilled attacker.

Regarding hardware encryption, you can lookup "TCG OPAL" and "IEEE1667". However, I recall coming across some paper describing attacks against them and how several devices had vulnerable implementations.

user1532080
  • 583
  • 2
  • 8
  • But wouldn't you need the bios password to select the boot device to be that tool? And wouldn't secure boot prevent the tool from loading if you use your own private key for signing the kernel? – user000001 Mar 12 '22 at 17:07
  • 1
    @user000001 But if the attacker has physical access (as required for dells password to be usable), they can remove the Hard drive and put it in a computer under their control with the boot device already configured. – user1937198 Mar 13 '22 at 16:38
  • @user1937198: No they cannot, the decryption key for the hard drive is stored in the TPM, Only unlocking the UEFI on the specific computer can give you access to the key. – user000001 Mar 13 '22 at 17:03
  • 1
    @user000001 Just to be precise, BIOS & secure boot don't coexist, only UEFI & secure boot. But as pointed by user1937198, physical access would be what you need, obviously even more if you're going to swap PCBs. Also, I don't know what context you're talking about. ATA password is absolutely not TPM related, and I'm also not aware of TCG OPAL/IEEE1667 using TPM, they are called "Self Encrypting Drives". I'm mostly aware of TPM being used for secure boot, and FDE like BitLocker. On top of it, in the case of discrete TPM, there are known vulnerabilities. – user1532080 Mar 14 '22 at 06:20
  • @user1532080: It's not clear that OP is using TCG OPAL/IEEE1667 from the question. Given how old and deprecated BIOS boot is, I would assume he is referring to the UEFI password, even if he mentions BIOS. In that case Dell's backdoor is a severe security flaw, because it allows hard drive decryption in contemporary use case of UEFI password+secure boot+self signed kernel + LUKS hard drive encryption with the key in the TPM. – user000001 Mar 14 '22 at 11:16
  • 1
    @user000001 The page pointed by the OP refers to Precision 7710, which is a laptop from 2015, and it also mentions BIOS several times. OP does not mention about UEFI nor TPM. Now, granted that the OP is talking about UEFI + TPM + SecureBoot + SED, that is indeed a huge security flaw. – user1532080 Mar 15 '22 at 12:21
  • @user000001 Also "BIOS password" is not what the OP is talking about (and by that I mean a password that would protect BIOS settings), there's no such thing as "HDD password", but there is ATA password (usually offered on laptops), which there's no reason to not have on UEFI (I actually have laptops with UEFI and ATA password). I also don't see why such a password would be related to LUKS (password/key would be in TPM, and it should be released only upon validation of boot "factors" or whatever name is used in TPM context). I'm in general not aware of some password protection for TPM. – user1532080 Mar 15 '22 at 12:31